a tcp management port option to each OpenVPN server. Instead of rooting
through the OpenVPN logs once a minute for status updates, we now submit a
request to the management port to obtain informaiton. We probably need to
add a pf rule to prevent management ports from being accessed by unwanted
processes.
on data that wasn't necessarily a valid array.
Modify the OpenVPN code to stop passing the array index around and then
immediately obtaining a reference to the array entry. We already have a
reference to the data, just pass it instead. Also add some check to make
certain tap configuration steps more conditional. Make sure we remove
configuration and pid files when they are no longer required. Fix a few
other OpenVPN related bugs.
this information in the configuration as its not specific to the server.
It only contains the parameters ( a safe large prime number ) that is
used during a DH key exchange. Instead, we now use a system wide dh file
that is generated when the /var/etc/openvpn directory is setup. This
shaves 10 to 30 seconds off of the server config creation process. Also
correct a bug in the hack I added to work around carp related issues
that prevented filter re-configuration from working properly.
not use the pkg system and the configuration has been migrated to an
openvpn prefix. The centralized user and certificate manager is now used
to support the openvpn configurations. Most of the files removed in this
commit were not being referenced.
This commit also splits out the certificate management components into a
new system menu item.
a destination of lan, pptp or pppoe, generate_user_filter_rule() would
overwrite the source address instead of setting the destination address.
The OpenVPN interface alias configuration was completely broken which
prevented any user defined rules from working correctly. While here, also
perform some whitespace and simple code cleanup.
It seems uncertain either to be a typo of $new_ip_address and $old_ip_address my test show that either cases it does more harm than good.
For now remove it altogether since it causes strange issues and makes ipsec tunnels not work on the interface with the new address.