diff --git a/src/etc/inc/plugins.inc.d/openvpn/wizard.inc b/src/etc/inc/plugins.inc.d/openvpn/wizard.inc index 781c8c9fa..2dd470692 100644 --- a/src/etc/inc/plugins.inc.d/openvpn/wizard.inc +++ b/src/etc/inc/plugins.inc.d/openvpn/wizard.inc @@ -751,22 +751,38 @@ function step12_submitphpaction() if (isset($pconfig['step11']['ovpnrule'])) { $rule = array(); - $rule['descr'] = sprintf(gettext("OpenVPN %s wizard"), $server['description']); + $rule['descr'] = sprintf(gettext("OpenVPN %s wizard allow client access"), $server['description']); /* Ensure the rule descr is not too long for pf to handle */ if (strlen($rule['descr']) > 52) { $rule['descr'] = substr($rule['descr'], 0, 52); } $rule['direction'] = "in"; $rule['source']['any'] = true; - $rule['destination']['network'] = $server['interface'] . "ip"; + if ($server['interface'] != "any") { + $rule['destination']['network'] = $server['interface'] . "ip"; + $rule['interface'] = $server['interface']; + } else { + $rule['destination']['network'] = "(self)"; + $rule['floating'] = "yes"; + } $rule['destination']['port'] = $server['local_port']; - $rule['interface'] = $server['interface']; - $rule['protocol'] = strtolower($server['protocol']); + $proto = strtolower($server['protocol']); + if (strpos($proto, '4') !== false) { + $rule['protocol'] = substr($proto, 0, -1); + $rule['ipprotocol'] = "inet"; + } elseif (strpos($proto, '6') !== false) { + $rule['protocol'] = substr($proto, 0, -1); + $rule['ipprotocol'] = "inet6"; + } else { + $rule['protocol'] = $proto; + $rule['ipprotocol'] = "inet46"; + } $rule['type'] = "pass"; $rule['enabled'] = "on"; $rule['created'] = make_config_revision_entry(); $config['filter']['rule'][] = $rule; } + if (isset($pconfig['step11']['ovpnallow'])) { $rule = array(); $rule['descr'] = sprintf(gettext("OpenVPN %s wizard"), $server['description']);