Project

General

Profile

Actions
Copy link

Bug #3174

closed

OpenVPN Client bound to a gateway group should not start on backup CARP vip

Added by Shahid Sheikh about 11 years ago. Updated about 11 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
2.1
Start date:
09/01/2013
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1
Affected Architecture:

Description

There is no handling for gateway groups in 

function openvpn_restart($mode, $settings)
. This causes an OpenVPN client to start even if the underlying vip is a CARP backup.

Recommend adding at line 792 of 

openvpn.inc
:


    /* Check if client is bound to a gateway group */    
    $a_groups = return_gateway_groups_array();
    if (is_array($a_groups[$settings['interface']])) {
        /* the interface is a gateway group. If a vip is defined and its a CARP backup then do not start */
        if (($a_groups[$settings['interface']][0]['vip'] <> "") && (get_carp_interface_status($a_groups[$settings['interface']][0]['vip']) == "BACKUP"))
            return;
    }
Actions
Copy link
 #1

Updated by Renato Botelho about 11 years ago

Could you please send a pull request to pfSense repo [1] at github? This is the right path to submit patches. Here you can find instructions [2].

[1] https://github.com/pfsense/pfsense
[2] https://help.github.com/articles/using-pull-requests

Actions
Copy link
 #2

Updated by Shahid Sheikh about 11 years ago

Pull requests #793 (for master) and #790 (for RELENG_2_1). Thx.

Actions
Copy link
 #3

Updated by Shahid Sheikh about 11 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions
Copy link
 #5

Updated by Chris Buechler about 11 years ago

Thanks, merged. If you could, please gitsync and confirm fix here.

Actions
Copy link
 #6

Updated by Shahid Sheikh about 11 years ago

The fix is there. Thx. But I am still seeing some instances where OpenVPN Client is starting up when bound to a GW group with a VIP in CARP backup mode. So far have only seen this happen during bootup so it may be because of race conditions during bootup.

Let me test a couple of more times and I'll provide feedback on if this can be closed or not.

Actions
Copy link
 #7

Updated by Chris Buechler about 11 years ago

  • Status changed from Feedback to Resolved

CARP will very briefly take master status while booting before reverting to backup, which is likely why. This particular issue is fixed, though for 2.2 we may want to look at improving that so the brief master status at bootup doesn't start those. You're welcome to submit a pull request on master to improve things there.

Actions
Copy link

Also available in: Atom PDF