[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 91bfac02068dda705f3eb609fbeac65e71f4f010

[Michael Tremer <git@ipfire.org>]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, next has been updated
       via  91bfac02068dda705f3eb609fbeac65e71f4f010 (commit)
       via  ccab45fbe077ec2b5b8ccc8bbecd6844f9d93247 (commit)
      from  a85b9d6f8c0c80725e5a12e54081f3313512eb51 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 91bfac02068dda705f3eb609fbeac65e71f4f010
Author: Michael Tremer <michael.tremer@ipfire.org>
Date:   Thu Oct 9 18:27:02 2025 +0100

    core199: Update the OpenVPN configuration
    
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit ccab45fbe077ec2b5b8ccc8bbecd6844f9d93247
Author: Michael Tremer <michael.tremer@ipfire.org>
Date:   Thu Oct 9 18:24:29 2025 +0100

    ovpnmain.cgi: Enable multihome when using UDP
    
    If the client is connecting from an internal network instead of the
    internet, the OpenVPN server replies with the public IP address as the
    source address. This won't allow to establish a connection.
    
    Enabling multihome changes the behaviour to reply with whatever IP
    address the client has connected to.
    
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 config/rootfiles/core/199/update.sh | 3 +++
 html/cgi-bin/ovpnmain.cgi           | 7 +++++++
 2 files changed, 10 insertions(+)

Difference in files:
diff --git a/config/rootfiles/core/199/update.sh b/config/rootfiles/core/199/update.sh
index 64cac6687..d71190cc1 100644
--- a/config/rootfiles/core/199/update.sh
+++ b/config/rootfiles/core/199/update.sh
@@ -50,6 +50,9 @@ ldconfig
 # Apply SSH configuration
 /usr/local/bin/sshctrl
 
+# Update the OpenVPN configuration
+sudo -u nobody /srv/web/ipfire/cgi-bin/ovpnmain.cgi
+
 # Start services
 /etc/init.d/openvpn-n2n restart
 /etc/init.d/openvpn-rw restart
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 52261b889..1ec327998 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -241,6 +241,13 @@ sub writeserverconf {
     print CONF "dev tun\n";
     print CONF "proto $vpnsettings{'DPROTOCOL'}\n";
     print CONF "port $vpnsettings{'DDEST_PORT'}\n";
+
+    # Enable multihoming when running in UDP mode to send reply packets
+    # from the same IP address that the client was talking to.
+    if ($vpnsettings{'DPROTOCOL'} eq 'udp') {
+      print CONF "multihome\n";
+    }
+
     print CONF "script-security 3\n";
     print CONF "ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600\n";
     print CONF "client-config-dir /var/ipfire/ovpn/ccd\n";


hooks/post-receive
--
IPFire 2.x development tree