/ - Diff - pfSense - pfSense bugtracker

« Previous | Next »

Revision 51b682d9

Added by Reid Linnemann over 2 years ago

ID 51b682d9d7eb3bbba5bb6af96b09ab709115be58
Parent f67c3ec2
Child 04d726ac

Add ovpn qinqs to bridges instead of rebuilding them. Fixes #13666

qinq interfaces defined with parent openvpn interfaces are configured late in
rc.bootup, after qinqs for other physical and logical interfaces and bridges are
configured. The resolution to #13225 ensured that these late interfaces were
added to bridges by calling interfaces_bridge_configure() to reconfigure all
bridges interfaces but this had the inadvertent effect of removing all IP
configuration from bridge interfaces, which must be restored via
interface_configure(). This measure was also overly aggressive in destroying all
bridges when few or no openvpn qinqs exist. Since interface_configure() is never
called for these interfaces, they also lack a description at the OS level.

This change:

Alters the behavior of openvpn_resync_all() to cycle through all configured
openvpn interfaces, calling interface_configure() on them.

Alters the behavior of interface_configure() to always call
interface_bridge_add_member() for openvpn and ipsec interfaces, not just
after platform booting is complete.

Alters the behavior of interface_bridge_add_member() to reconfigure either
the bridge or member interface to the lower of their respective MTUs. gif
interface MTUs associated with a bridge MTU <= 1500 are not reconfigured
according to prior precendent.

     	if ($flagsapplied == false) {
     		$mtu = get_interface_mtu($bridgeif);
     		$mtum = get_interface_mtu($interface);
     		if ($mtu != $mtum && !(substr($interface, 0, 3) == "gif" && $mtu <= 1500)) {
     		/* Reconfigure the bridge mtu if the new member's MTU is lower, or
     		 * reconfigure a non-gif interface MTU if the bridge's MTU is lower */
     		if ($mtu > $mtum) {
     			pfSense_interface_mtu($bridgeif, $mtum);
     		} else if ($mtu < $mtum && !(substr($interface, 0, 3) == "gif" && $mtu <= 1500)) {
     			pfSense_interface_mtu($interface, $mtu);
+    		}
-...
     			break;
+    	}
     	if (($linkupevent == false) || (substr($realif, 0, 4) == "ovpn") || (substr($realif, 0, 5) == "ipsec")) {
     		$bridgetmp = link_interface_to_bridge($interface);
     		if (!empty($bridgetmp)) {
     			interface_bridge_add_member($bridgetmp, $realif);
+    		}
+    	}
     	if (!platform_booting()) {
     		link_interface_to_vips($interface, "update");
-...
     			array_walk($gif, 'interface_gif_configure');
+    		}
     		if (($linkupevent == false) || (substr($realif, 0, 4) == "ovpn") || (substr($realif, 0, 5) == "ipsec")) {
     			unset($bridgetmp);
     			$bridgetmp = link_interface_to_bridge($interface);
     			if (!empty($bridgetmp)) {
     				interface_bridge_add_member($bridgetmp, $realif);
+    			}
+    		}
     		$grouptmp = link_interface_to_group($interface);
     		if (!empty($grouptmp)) {
     			array_walk($grouptmp, 'interface_group_add_member');

     		 * see https://redmine.pfsense.org/issues/11662 */
     		if (platform_booting()) {
     			interfaces_qinq_configure(true);
     			/* reconfigure bridges with QinQ interfaces,
     			 * see https://redmine.pfsense.org/issues/13225 */
     			interfaces_bridge_configure(1);
     			/* Configure all qinq interface addresses and add them to their
     			 * bridges. See https://redmine.pfsense.org/issues/13225,
     			 * https://redmine.pfsense.org/issues/13666 */
     			foreach (config_get_path('interfaces', []) as $ifname => $iface) {
     				$qinq = interface_is_qinq($iface['if']);
     				if ($qinq && strstr($qinq['if'], "ovpn")) {
     					interface_configure($ifname);
+    				}
+    			}
+    		}
+    	}
+    }

Also available in: Unified diff

Project

General

Profile

pfSense

Revision 51b682d9

Added by Reid Linnemann over 2 years ago

Project

General

Profile

pfSense

Revision 51b682d9

Added by Reid Linnemann over 2 years ago

Related issues