From 74ccf1683b94ddf9eb2ad8d7feca852c4d039cbf Mon Sep 17 00:00:00 2001
From: kulikov-a <36099472+kulikov-a@users.noreply.github.com>
Date: Wed, 21 Jul 2021 20:13:28 +0300
Subject: [PATCH] wizard.inc: make working rules (#5112)

---
 src/etc/inc/plugins.inc.d/openvpn/wizard.inc | 24 ++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/src/etc/inc/plugins.inc.d/openvpn/wizard.inc b/src/etc/inc/plugins.inc.d/openvpn/wizard.inc
index 781c8c9fa..2dd470692 100644
--- a/src/etc/inc/plugins.inc.d/openvpn/wizard.inc
+++ b/src/etc/inc/plugins.inc.d/openvpn/wizard.inc
@@ -751,22 +751,38 @@ function step12_submitphpaction()
 
     if (isset($pconfig['step11']['ovpnrule'])) {
         $rule = array();
-        $rule['descr'] = sprintf(gettext("OpenVPN %s wizard"), $server['description']);
+        $rule['descr'] = sprintf(gettext("OpenVPN %s wizard allow client access"), $server['description']);
         /* Ensure the rule descr is not too long for pf to handle */
         if (strlen($rule['descr']) > 52) {
             $rule['descr'] = substr($rule['descr'], 0, 52);
         }
         $rule['direction'] = "in";
         $rule['source']['any'] = true;
-        $rule['destination']['network'] = $server['interface'] . "ip";
+        if ($server['interface'] != "any") {
+            $rule['destination']['network'] = $server['interface'] . "ip";
+            $rule['interface'] = $server['interface'];
+        } else {
+            $rule['destination']['network'] = "(self)";
+            $rule['floating'] = "yes";
+        }
         $rule['destination']['port'] = $server['local_port'];
-        $rule['interface'] = $server['interface'];
-        $rule['protocol'] = strtolower($server['protocol']);
+        $proto = strtolower($server['protocol']);
+        if (strpos($proto, '4') !== false) {
+            $rule['protocol'] = substr($proto, 0, -1);
+            $rule['ipprotocol'] = "inet";
+        } elseif  (strpos($proto, '6') !== false) {
+            $rule['protocol'] = substr($proto, 0, -1);
+            $rule['ipprotocol'] = "inet6";
+        } else {
+            $rule['protocol'] = $proto;
+            $rule['ipprotocol'] = "inet46";
+        }
         $rule['type'] = "pass";
         $rule['enabled'] = "on";
         $rule['created'] = make_config_revision_entry();
         $config['filter']['rule'][] = $rule;
     }
+
     if (isset($pconfig['step11']['ovpnallow'])) {
         $rule = array();
         $rule['descr'] = sprintf(gettext("OpenVPN %s wizard"), $server['description']);