OpenVPN tun IPs fail HTTP REFERER checks
tun IPs on OpenVPN connections fail the local IP check used for the HTTP_REFERER web interface protection, so the default GUI can't be accessed on tun IPs.
Updated by Per von Zweigbergk over 7 years ago
This bug has not been correctly resolved, as tested with pfSense 2.1-RELEASE.
The changeset listed earlier does remove the red warning box when accessing the OpenVPN server IP address. However, it does not remove the warning box correctly when accessing an OpenVPN client address.
It also does not resolve the issue with the unbypassable HTTP_REFERER warning.
Two further changes need to happen for this to be correctly resolved:
1. The warning box needs to not be shown when accessing an OpenVPN client IP.
2. The HTTP_REFERER check needs to also take into account OpenVPN server and client IP addresses.
Updated by Jim Pingle over 7 years ago
I could not find an ICLA or CCLA in the database.
@Per von Zweigbergk:
If you could please sign either the Individual CLA ( https://portal.pfsense.org/members/signup/ICLA ) or the Corporate CLA (
https://portal.pfsense.org/members/signup/CCLA ) if you're active on behalf of a company, then we can review the patch for inclusion.
I added the same note to the pull request on github.
Updated by Ermal Luçi about 7 years ago
- Status changed from Confirmed to Feedback
The pull request seems to add only the CP users which should anyhow be allowed to go through openvpn to the gui.
The openvpn client is already covered before if assigned.
If not assigned i am unsure this is a safe thing to do.