* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 91bfac02068dda705f3eb609fbeac65e71f4f010
@ 2025-10-09 17:31 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2025-10-09 17:31 UTC (permalink / raw)
To: ipfire-scm
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 91bfac02068dda705f3eb609fbeac65e71f4f010 (commit)
via ccab45fbe077ec2b5b8ccc8bbecd6844f9d93247 (commit)
from a85b9d6f8c0c80725e5a12e54081f3313512eb51 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 91bfac02068dda705f3eb609fbeac65e71f4f010
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Oct 9 18:27:02 2025 +0100
core199: Update the OpenVPN configuration
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit ccab45fbe077ec2b5b8ccc8bbecd6844f9d93247
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Oct 9 18:24:29 2025 +0100
ovpnmain.cgi: Enable multihome when using UDP
If the client is connecting from an internal network instead of the
internet, the OpenVPN server replies with the public IP address as the
source address. This won't allow to establish a connection.
Enabling multihome changes the behaviour to reply with whatever IP
address the client has connected to.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/core/199/update.sh | 3 +++
html/cgi-bin/ovpnmain.cgi | 7 +++++++
2 files changed, 10 insertions(+)
Difference in files:
diff --git a/config/rootfiles/core/199/update.sh b/config/rootfiles/core/199/update.sh
index 64cac6687..d71190cc1 100644
--- a/config/rootfiles/core/199/update.sh
+++ b/config/rootfiles/core/199/update.sh
@@ -50,6 +50,9 @@ ldconfig
# Apply SSH configuration
/usr/local/bin/sshctrl
+# Update the OpenVPN configuration
+sudo -u nobody /srv/web/ipfire/cgi-bin/ovpnmain.cgi
+
# Start services
/etc/init.d/openvpn-n2n restart
/etc/init.d/openvpn-rw restart
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 52261b889..1ec327998 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -241,6 +241,13 @@ sub writeserverconf {
print CONF "dev tun\n";
print CONF "proto $vpnsettings{'DPROTOCOL'}\n";
print CONF "port $vpnsettings{'DDEST_PORT'}\n";
+
+ # Enable multihoming when running in UDP mode to send reply packets
+ # from the same IP address that the client was talking to.
+ if ($vpnsettings{'DPROTOCOL'} eq 'udp') {
+ print CONF "multihome\n";
+ }
+
print CONF "script-security 3\n";
print CONF "ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600\n";
print CONF "client-config-dir /var/ipfire/ovpn/ccd\n";
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-10-09 17:31 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-10-09 17:31 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 91bfac02068dda705f3eb609fbeac65e71f4f010 Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox