Project

General

Profile

Actions
Copy link

Bug #12792

closed

Automatic Outbound NAT rules do not include OpenVPN CSO entries

Added by Viktor Gurov about 2 years ago. Updated about 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Viktor Gurov
Category:
Rules / NAT
Target version:
2.7.0
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
22.05
Release Notes:
Default
Affected Version:
2.5.2
Affected Architecture:

Description

filter_nat_rules_automatic_tonathosts() generate NAT rules only for OpenVPN Client and Server tunnel networks:
https://github.com/pfsense/pfsense/blob/master/src/etc/inc/filter.inc#L1808-L1825


    /* add openvpn interfaces */
    if (is_array($config['openvpn']['openvpn-server'])) {
        foreach ($config['openvpn']['openvpn-server'] as $ovpnsrv) {
            if (!isset($ovpnsrv['disable']) && !empty($ovpnsrv['tunnel_network'])) {
                $tonathosts[] = implode('/', openvpn_gen_tunnel_network($ovpnsrv['tunnel_network']));
                $descriptions[] = gettext("OpenVPN server");
            }
        }
    }

    if (is_array($config['openvpn']['openvpn-client'])) {
        foreach ($config['openvpn']['openvpn-client'] as $ovpncli) {
            if (!isset($ovpncli['disable']) && !empty($ovpncli['tunnel_network'])) {
                $tonathosts[] = implode('/', openvpn_gen_tunnel_network($ovpncli['tunnel_network']));
                $descriptions[] = gettext("OpenVPN client");
            }
        }
    }

the code to implement this can be taken from https://github.com/pfsense/FreeBSD-ports/pull/1135/commits/3f6f85763d801a5b4a2dd9dab77fe578ee358668

Actions
Copy link
 #2

Updated by Jim Pingle about 2 years ago

  • Status changed from New to Pull Request Review
  • Target version set to 2.7.0
  • Plus Target Version set to 22.05
Actions
Copy link
 #3

Updated by Viktor Gurov about 2 years ago

  • Status changed from Pull Request Review to Feedback
  • % Done changed from 0 to 100
Actions
Copy link
 #4

Updated by Danilo Zrenjanin about 2 years ago

  • Status changed from Feedback to Resolved

Tested on:

2.7.0-DEVELOPMENT (amd64)
built on Sat Mar 19 06:21:02 UTC 2022
FreeBSD 12.3-STABLE

CSO tunnel networks get automatically added by the Automatic outbound NAT rule generation.

Ticket resolved.

Actions
Copy link
 #5

Updated by Jim Pingle about 2 years ago

  • Subject changed from Automatic Outbound NAT rules does not include OpenVPN CSO entries to Automatic Outbound NAT rules do not include OpenVPN CSO entries

Updating subject for release notes.

Actions
Copy link

Also available in: Atom PDF