ovpnmain.cgi: Add the option for the firewall to reach OpenVPN clients

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index b40f5ee1e3082847be2449e0d1a55b4c1ffa957a..37b6de88bdcb4d28598e02742eec83d89ef97c3a 100644 (file)
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -653,6 +653,15 @@ sub write_ccd_configs() {
                                print CONF "push \"route-gateway ${gateway}\"\n";
                        }
 
+                       # Add a host route for the dynamic pool gateway so that
+                       # the firewall can reach the client without needing to assign
+                       # the gateway IP address of the static pool to the tun interface.
+                       $netaddr = &Network::get_netaddress($vpnsettings{'DOVPN_SUBNET'});
+                       $gateway = &Network::find_next_ip_address($netaddr, 1);
+                       if (defined $gateway) {
+                               print CONF "push \"route ${gateway} 255.255.255.255\"\n";
+                       }
+
                        # End the block
                        print CONF "\n";
                }