lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-13 08:09:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

unbound: since we support OpenVPN officially now...

Browse Source 
fix the subnet of the tunnel network given via OpenVPN.

PR: https://github.com/opnsense/core/issues/3051
This commit is contained in:
Franco Fichtner 2018-12-29 10:32:45 +01:00
parent ccd0f07fa8
commit 6cbae54033
1 changed files with 24 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/etc/inc/plugins.inc.d/unbound.inc
View File

@ -694,7 +694,24 @@ function unbound_acls_subnets()
global $config;
if (!empty($config['unbound']['active_interface'])) {
$active_interfaces = array_flip(explode(",", $config['unbound']['active_interface']));
$active_interfaces = array_flip(explode(',', $config['unbound']['active_interface']));
/* in case of OpenVPN interface we need to correct the subnet */
foreach (array('server', 'client') as $mode) {
foreach (config_read_array('openvpn', "openvpn-{$mode}") as $id => $setting) {
$ovpn = 'ovpn' . substr($mode, 0, 1) . $setting['vpnid'];
if (!array_key_exists($ovpn, $active_interfaces)) {
continue;
}
$active_interfaces[$ovpn] = [];
if (!empty($setting['tunnel_network'])) {
$active_interfaces[$ovpn]['net4'] = explode('/', $setting['tunnel_network'])[1];
}
if (!empty($setting['tunnel_networkv6'])) {
$active_interfaces[$ovpn]['net6'] = explode('/', $setting['tunnel_networkv6'])[1];
}
}
}
} else {
$active_interfaces = get_configured_interface_with_descr();
}
@ -702,8 +719,13 @@ function unbound_acls_subnets()
/* add our networks for active interfaces including localhost */
$subnets = array('127.0.0.1/8', '::1/64');
foreach (array_keys($active_interfaces) as $ubif) {
foreach ($active_interfaces as $ubif => $ubextra) {
foreach (legacy_getall_interface_addresses(get_real_interface($ubif)) as $subnet) {
if (!empty($ubextra['net4']) && is_subnetv4($subnet)) {
$subnet = explode('/', $subnet)[0] . $ubextra['net4'];
} elseif (!empty($ubextra['net6']) && is_subnetv6($subnet)) {
$subnet = explode('/', $subnet)[0] . $ubextra['net6'];
}
$subnets[] = $subnet;
}
}