wizard.inc: make working rules (#5112)

src/etc/inc/plugins.inc.d/openvpn/wizard.inc

@@ -751,22 +751,38 @@ function step12_submitphpaction()
 
     if (isset($pconfig['step11']['ovpnrule'])) {
         $rule = array();
-        $rule['descr'] = sprintf(gettext("OpenVPN %s wizard"), $server['description']);
+        $rule['descr'] = sprintf(gettext("OpenVPN %s wizard allow client access"), $server['description']);
         /* Ensure the rule descr is not too long for pf to handle */
         if (strlen($rule['descr']) > 52) {
             $rule['descr'] = substr($rule['descr'], 0, 52);
         }
         $rule['direction'] = "in";
         $rule['source']['any'] = true;
-        $rule['destination']['network'] = $server['interface'] . "ip";
+        if ($server['interface'] != "any") {
+            $rule['destination']['network'] = $server['interface'] . "ip";
+            $rule['interface'] = $server['interface'];
+        } else {
+            $rule['destination']['network'] = "(self)";
+            $rule['floating'] = "yes";
+        }
         $rule['destination']['port'] = $server['local_port'];
-        $rule['interface'] = $server['interface'];
-        $rule['protocol'] = strtolower($server['protocol']);
+        $proto = strtolower($server['protocol']);
+        if (strpos($proto, '4') !== false) {
+            $rule['protocol'] = substr($proto, 0, -1);
+            $rule['ipprotocol'] = "inet";
+        } elseif  (strpos($proto, '6') !== false) {
+            $rule['protocol'] = substr($proto, 0, -1);
+            $rule['ipprotocol'] = "inet6";
+        } else {
+            $rule['protocol'] = $proto;
+            $rule['ipprotocol'] = "inet46";
+        }
         $rule['type'] = "pass";
         $rule['enabled'] = "on";
         $rule['created'] = make_config_revision_entry();
         $config['filter']['rule'][] = $rule;
     }
+
     if (isset($pconfig['step11']['ovpnallow'])) {
         $rule = array();
         $rule['descr'] = sprintf(gettext("OpenVPN %s wizard"), $server['description']);