VPN: OpenVPN: Client Specific Overrides - add "route-gateway" advanced option which can be used to offer a different default gateway to the client when splitting the pool into smaller blocks. for https://github.com/opnsense/core/issues/6703

2026-03-15 00:54:41 +00:00 · 2023-09-04 11:45:37 +02:00 · 2023-09-04 11:45:37 +02:00 · 54ebcb00c6
commit 54ebcb00c6
parent eafbf81b24
4 changed files with 20 additions and 0 deletions
--- a/src/etc/inc/plugins.inc.d/openvpn.inc
+++ b/src/etc/inc/plugins.inc.d/openvpn.inc
@ -414,6 +414,10 @@ function openvpn_add_dhcpopts(&$settings, &$conf)
        }
    }

+    if (!empty($settings['route_gateway'])) {
+        $conf .= "push \"route-gateway {$settings['route_gateway']}\"\n";
+    }
+
    if (!empty($settings['redirect_gateway'])) {
        $redirgw = str_replace(',', ' ', $settings['redirect_gateway']);
        $conf .= "push \"redirect-gateway {$redirgw}\"\n";
--- a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/dialogCSO.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/dialogCSO.xml
@ -79,6 +79,17 @@
        <allownew>true</allownew>
        <help>Remote networks for the server, these are configured via iroute{-ipv6} clauses in OpenVPN and inform the server to send these networks to this specific client.</help>
    </field>
+    <field>
+        <id>cso.route_gateway</id>
+        <label>Redirect gateway</label>
+        <type>text</type>
+        <advanced>true</advanced>
+        <help>
+            Specify a default gateway to use for the connected client.
+            Without one set the first address in the netblock is being offered. When segmenting the tunnel (server) network,
+            this one might not be accessible from the client.
+        </help>
+    </field>
    <field>
        <id>cso.redirect_gateway</id>
        <label>Redirect gateway</label>
--- a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php
+++ b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php
@ -145,6 +145,7 @@ class OpenVPN extends BaseModel
                'dns_domain_search',
                'tunnel_network',
                'tunnel_networkv6',
+                'route_gateway',
            ];
            foreach ($opts as $fieldname) {
                $result[$fieldname] = (string)$cso->$fieldname;
--- a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.xml
@ -44,6 +44,10 @@
                    <Required>N</Required>
                    <asList>Y</asList>
                </remote_networks>
+                <route_gateway type="NetworkField">
+                    <NetMaskAllowed>N</NetMaskAllowed>
+                    <Required>N</Required>
+                </route_gateway>
                <redirect_gateway type="OptionField">
                    <Required>N</Required>
                    <Multiple>Y</Multiple>