Bug #3174
closedOpenVPN Client bound to a gateway group should not start on backup CARP vip
100%
Description
There is no handling for gateway groups in
function openvpn_restart($mode, $settings). This causes an OpenVPN client to start even if the underlying vip is a CARP backup.
Recommend adding at line 792 of
openvpn.inc:
/* Check if client is bound to a gateway group */ $a_groups = return_gateway_groups_array(); if (is_array($a_groups[$settings['interface']])) { /* the interface is a gateway group. If a vip is defined and its a CARP backup then do not start */ if (($a_groups[$settings['interface']][0]['vip'] <> "") && (get_carp_interface_status($a_groups[$settings['interface']][0]['vip']) == "BACKUP")) return; }
Updated by Renato Botelho over 11 years ago
Could you please send a pull request to pfSense repo [1] at github? This is the right path to submit patches. Here you can find instructions [2].
[1] https://github.com/pfsense/pfsense
[2] https://help.github.com/articles/using-pull-requests
Updated by Shahid Sheikh over 11 years ago
Updated by Shahid Sheikh over 11 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 330ecea1bf568f1284d31628668b84250641e066.
Updated by Chris Buechler over 11 years ago
Applied in changeset fcb5121d6fa41e9858beb3111de24e56b0b49c07.
Updated by Chris Buechler over 11 years ago
Thanks, merged. If you could, please gitsync and confirm fix here.
Updated by Shahid Sheikh over 11 years ago
The fix is there. Thx. But I am still seeing some instances where OpenVPN Client is starting up when bound to a GW group with a VIP in CARP backup mode. So far have only seen this happen during bootup so it may be because of race conditions during bootup.
Let me test a couple of more times and I'll provide feedback on if this can be closed or not.
Updated by Chris Buechler over 11 years ago
- Status changed from Feedback to Resolved
CARP will very briefly take master status while booting before reverting to backup, which is likely why. This particular issue is fixed, though for 2.2 we may want to look at improving that so the brief master status at bootup doesn't start those. You're welcome to submit a pull request on master to improve things there.