mirror of
https://github.com/lucaspalomodevelop/core.git
synced 2026-03-16 17:44:41 +00:00
VPN: OpenVPN: Instances - add workaround for net30/p2p smaller than /29 networks, this was being used in the legacy code but left out in the mvc version. At a first glance it looks like it still possible to support /30 and /31 networks although this wasn't tested yet. We should likely also add a validation to prevent > /29 tunnels from being added.
Currently when specifying a /30 network the server refuses to start anyway, but before enforcing using a validation, let's try if there are still options possible for these networks to be used given the options in the new instances intreface.
This commit is contained in:
Ad Schellevis
parent
d7a858de34
commit
2758f9f649
@ -470,7 +470,20 @@ class OpenVPN extends BaseModel
|
||||
$options['verify-client-cert'] = (string)$node->verify_client_cert;
|
||||
if (!empty((string)$node->server)) {
|
||||
$parts = explode('/', (string)$node->server);
|
||||
$options['server'] = $parts[0] . " " . Util::CIDRToMask($parts[1]);
|
||||
$mask = Util::CIDRToMask($parts[1]);
|
||||
if ((string)$node->dev_type == 'tun' && (string)$node->topology != 'subnet' && $parts[1] > 29) {
|
||||
/**
|
||||
* Workaround and backwards compatibility, the server directive doesn't support
|
||||
* networks smaller than /30, pushing ifconfig manually works in some cases.
|
||||
* According to RFC3021 when the mask is /31 we may omit network and broadcast addresses.
|
||||
**/
|
||||
$masklong = ip2long($mask);
|
||||
$ip1 = long2ip32((ip2long32($parts[0]) & $masklong) + ($masklong == 0xfffffffe ? 0 : 1));
|
||||
$ip2 = long2ip32((ip2long32($parts[0]) & $masklong) + ($masklong == 0xfffffffe ? 1 : 2));
|
||||
$options['ifconfig'] = "{$ip1} {$ip2}";
|
||||
} else {
|
||||
$options['server'] = $parts[0] . " " . $mask;
|
||||
}
|
||||
}
|
||||
if (!empty((string)$node->server_ipv6)) {
|
||||
$options['server-ipv6'] = (string)$node->server_ipv6;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user