Project

General

Profile

Actions

Bug #12792

closed

Automatic Outbound NAT rules do not include OpenVPN CSO entries

Added by Viktor Gurov almost 3 years ago. Updated almost 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Viktor Gurov
Category:
Rules / NAT
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
22.05
Release Notes:
Default
Affected Version:
2.5.2
Affected Architecture:

Description

filter_nat_rules_automatic_tonathosts() generate NAT rules only for OpenVPN Client and Server tunnel networks:
https://github.com/pfsense/pfsense/blob/master/src/etc/inc/filter.inc#L1808-L1825


    /* add openvpn interfaces */
    if (is_array($config['openvpn']['openvpn-server'])) {
        foreach ($config['openvpn']['openvpn-server'] as $ovpnsrv) {
            if (!isset($ovpnsrv['disable']) && !empty($ovpnsrv['tunnel_network'])) {
                $tonathosts[] = implode('/', openvpn_gen_tunnel_network($ovpnsrv['tunnel_network']));
                $descriptions[] = gettext("OpenVPN server");
            }
        }
    }

    if (is_array($config['openvpn']['openvpn-client'])) {
        foreach ($config['openvpn']['openvpn-client'] as $ovpncli) {
            if (!isset($ovpncli['disable']) && !empty($ovpncli['tunnel_network'])) {
                $tonathosts[] = implode('/', openvpn_gen_tunnel_network($ovpncli['tunnel_network']));
                $descriptions[] = gettext("OpenVPN client");
            }
        }
    }

the code to implement this can be taken from https://github.com/pfsense/FreeBSD-ports/pull/1135/commits/3f6f85763d801a5b4a2dd9dab77fe578ee358668

Actions #2

Updated by Jim Pingle almost 3 years ago

  • Status changed from New to Pull Request Review
  • Target version set to 2.7.0
  • Plus Target Version set to 22.05
Actions #3

Updated by Viktor Gurov almost 3 years ago

  • Status changed from Pull Request Review to Feedback
  • % Done changed from 0 to 100
Actions #4

Updated by Danilo Zrenjanin almost 3 years ago

  • Status changed from Feedback to Resolved

Tested on:

2.7.0-DEVELOPMENT (amd64)
built on Sat Mar 19 06:21:02 UTC 2022
FreeBSD 12.3-STABLE

CSO tunnel networks get automatically added by the Automatic outbound NAT rule generation.

Ticket resolved.

Actions #5

Updated by Jim Pingle almost 3 years ago

  • Subject changed from Automatic Outbound NAT rules does not include OpenVPN CSO entries to Automatic Outbound NAT rules do not include OpenVPN CSO entries

Updating subject for release notes.

Actions

Also available in: Atom PDF