diff --git a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/dialogInstance.xml b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/dialogInstance.xml
index 72e81ec17..c8d8942ed 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/dialogInstance.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/dialogInstance.xml
@@ -91,7 +91,7 @@
instance.servertext
-
+
This directive will set up an OpenVPN server which will allocate addresses to clients out of the given network/netmask.
The server itself will take the .1 address of the given network for use as the server-side endpoint of the local TUN/TAP interface
@@ -101,7 +101,7 @@
instance.server_ipv6text
-
+
This directive will set up an OpenVPN server which will allocate addresses to clients out of the given network/netmask.
The server itself will take the next base address (+1) of the given network for use as the server-side endpoint of the local TUN/TAP interface
diff --git a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php
index 437fe19e9..e3e173db9 100644
--- a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php
+++ b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php
@@ -485,10 +485,10 @@ class OpenVPN extends BaseModel
$options['crl-verify'] = "/var/etc/openvpn/server-{$node_uuid}.crl-verify";
}
$options['verify-client-cert'] = (string)$node->verify_client_cert;
- if (!empty((string)$node->server)) {
+ if ((string)$node->dev_type == 'tun' && !empty((string)$node->server)) {
$parts = explode('/', (string)$node->server);
$mask = Util::CIDRToMask($parts[1]);
- if ((string)$node->dev_type == 'tun' && (string)$node->topology == 'p2p' && $parts[1] > 29) {
+ if ((string)$node->topology == 'p2p' && $parts[1] > 29) {
/**
* Workaround and backwards compatibility, the server directive doesn't support
* networks smaller than /30, pushing ifconfig manually works in some cases.
@@ -505,6 +505,9 @@ class OpenVPN extends BaseModel
} else {
$options['server'] = $parts[0] . " " . $mask;
}
+ } elseif ((string)$node->dev_type == 'tap') {
+ $options['mode'] = 'server';
+ $options['tls-server'] = null;
}
if (!empty((string)$node->server_ipv6)) {
$options['server-ipv6'] = (string)$node->server_ipv6;
diff --git a/src/opnsense/mvc/app/views/OPNsense/OpenVPN/instances.volt b/src/opnsense/mvc/app/views/OPNsense/OpenVPN/instances.volt
index a9f42a6b4..cec1ea8ee 100644
--- a/src/opnsense/mvc/app/views/OPNsense/OpenVPN/instances.volt
+++ b/src/opnsense/mvc/app/views/OPNsense/OpenVPN/instances.volt
@@ -60,14 +60,15 @@
del:'/api/openvpn/instances/del_static_key/'
});
- $("#instance\\.role").change(function(){
+ $("#instance\\.role, #instance\\.dev_type").change(function(){
let show_advanced = $("#show_advanced_formDialogDialogInstance").hasClass("fa-toggle-on");
- let this_role = $(this).val();
+ let this_role = $("#instance\\.role").val();
+ let this_dev_type = $("#instance\\.dev_type").val();
$(".role").each(function(){
let tr = $(this).closest("tr").hide();
if ((tr.data('advanced') === true && show_advanced) || !tr.data('advanced')) {
- if ($(this).hasClass('role_' + this_role)) {
+ if ($(this).hasClass('role_' + this_role) || $(this).hasClass('role_' + this_role + '_' + this_dev_type)) {
tr.show();
}
}