Feature #2668
closed
Support aliases in OpenVPN local/remote/tunnel network fields
Added by Phillip Davis over 11 years ago.
Updated about 2 years ago.
Plus Target Version:
22.01
Description
I put aliases in for each of the networks or related groups of networks around my intranet. These are handy to use in firewall rules allowing access across OpenVPN site-to-site links. But then I find myself typing the same IP address numbers in the local/remote/tunnel network fields of the OpenVPN client and server settings. This leaves room for human error when things change and need to be updated in multiple places.
It would be nice to be able to use Aliases from the Firewall Aliases (just the ones that list a network/s).
Note: an alias could be a whole list of networks, so the code would have to expand that into the appropriate list of "route" and "push route" entries to put in the OpenVPN config file. Also, when an alias is edited and saved, the code would also need to check if any OpenVPNs are using the alias, regenerate the appropriate OpenVPN config files and restart those OpenVPN server/clients.
This would also provide one way to get the effect of #1217 - Change OpenVPN local/remote networks to lists instead of single boxes. The user could make an alias for the list of networks, then just put the alias in the local/remote/tunnel network field.
This is an incredibly important feature for anyone managing a large network. We only have 18 sites and the string for the list of subnets is quite long. Ideally we would be able to add subnets to a list with a description attached so they can be referenced by name or subnet.
- Subject changed from Allow Alias network names in OpenVPN local/remote/tunnel networks to Allow aliases to be used in OpenVPN local/remote/tunnel network fields
- Status changed from New to Pull Request Review
- Target version changed from Future to 2.6.0
- Status changed from Pull Request Review to Feedback
The updated patch looks good now.
Aliases work as expected. Servers are restarted as expected with warnings to the user.
Tested against:
2.6.0-DEVELOPMENT (amd64)
built on Fri Aug 20 01:08:52 EDT 2021
FreeBSD 12.2-STABLE
- Status changed from Feedback to Pull Request Review
- Status changed from Pull Request Review to Feedback
- % Done changed from 0 to 100
- Assignee set to Viktor Gurov
- Plus Target Version set to 21.09
- Status changed from Feedback to Pull Request Review
- Status changed from Pull Request Review to Feedback
- Subject changed from Allow aliases to be used in OpenVPN local/remote/tunnel network fields to Support aliases in OpenVPN local/remote/tunnel network fields
Updating subject for release notes.
PHP error on firewall_aliases_edit.php page if OpenVPN server description field is empty
PHP Errors:
[15-Sep-2021 09:12:19 Europe/Moscow] PHP Warning:
implode(): Invalid arguments passed in /usr/local/pfSense/include/www/alias-utils.inc on line 141
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/391
- Status changed from Feedback to Pull Request Review
- Status changed from Pull Request Review to Feedback
- Status changed from Feedback to Waiting on Merge
Needs picked back to the plus-RELENG_21_09 branch after additional approval.
- Status changed from Waiting on Merge to Feedback
Picked back to plus-RELENG_21_09.
- Plus Target Version changed from 21.09 to 22.01
Behaving as expected on
22.01-RC (amd64)
built on Mon Jan 24 18:47:55 UTC 2022
FreeBSD 12.3-STABLE
- Status changed from Feedback to Resolved
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by Viktor Gurov 
Updated by 
Updated by 
Updated by 
Updated by