Project

General

Profile

Bug #3174

OpenVPN Client bound to a gateway group should not start on backup CARP vip

Added by Shahid Sheikh about 6 years ago. Updated about 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
Start date:
09/01/2013
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.1
Affected Architecture:

Description

There is no handling for gateway groups in

function openvpn_restart($mode, $settings)
. This causes an OpenVPN client to start even if the underlying vip is a CARP backup.

Recommend adding at line 792 of

openvpn.inc
:


    /* Check if client is bound to a gateway group */    
    $a_groups = return_gateway_groups_array();
    if (is_array($a_groups[$settings['interface']])) {
        /* the interface is a gateway group. If a vip is defined and its a CARP backup then do not start */
        if (($a_groups[$settings['interface']][0]['vip'] <> "") && (get_carp_interface_status($a_groups[$settings['interface']][0]['vip']) == "BACKUP"))
            return;
    }

Associated revisions

Revision 330ecea1 (diff)
Added by Shahid Sheikh about 6 years ago

Fix #3174 Handling of gateway groups in openvpn_restart()
If the underlying vip of a gateway group that an openvpn client is bound
to is in backup mode then the client should not start.

Revision fcb5121d
Added by Chris Buechler about 6 years ago

Merge pull request #793 from shahidsheikh/master

Fix #3174 Handling of gateway groups in openvpn_restart()

History

#1 Updated by Renato Botelho about 6 years ago

Could you please send a pull request to pfSense repo [1] at github? This is the right path to submit patches. Here you can find instructions [2].

[1] https://github.com/pfsense/pfsense
[2] https://help.github.com/articles/using-pull-requests

#2 Updated by Shahid Sheikh about 6 years ago

Pull requests #793 (for master) and #790 (for RELENG_2_1). Thx.

#3 Updated by Shahid Sheikh about 6 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#5 Updated by Chris Buechler about 6 years ago

Thanks, merged. If you could, please gitsync and confirm fix here.

#6 Updated by Shahid Sheikh about 6 years ago

The fix is there. Thx. But I am still seeing some instances where OpenVPN Client is starting up when bound to a GW group with a VIP in CARP backup mode. So far have only seen this happen during bootup so it may be because of race conditions during bootup.

Let me test a couple of more times and I'll provide feedback on if this can be closed or not.

#7 Updated by Chris Buechler about 6 years ago

  • Status changed from Feedback to Resolved

CARP will very briefly take master status while booting before reverting to backup, which is likely why. This particular issue is fixed, though for 2.2 we may want to look at improving that so the brief master status at bootup doesn't start those. You're welcome to submit a pull request on master to improve things there.

Also available in: Atom PDF