From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun, 14 Sep 2025 10:08:58 +0000 (+0200)
Subject: ovpnmain.cgi: Add the option for the firewall to reach OpenVPN clients
X-Git-Tag: v2.29-core197~4
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=771afe5726c4faef8efeea7e569b7537ed78c9aa;p=ipfire-2.x.git

ovpnmain.cgi: Add the option for the firewall to reach OpenVPN clients

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index b40f5ee1e..37b6de88b 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -653,6 +653,15 @@ sub write_ccd_configs() {
 				print CONF "push \"route-gateway ${gateway}\"\n";
 			}
 
+			# Add a host route for the dynamic pool gateway so that
+			# the firewall can reach the client without needing to assign
+			# the gateway IP address of the static pool to the tun interface.
+			$netaddr = &Network::get_netaddress($vpnsettings{'DOVPN_SUBNET'});
+			$gateway = &Network::find_next_ip_address($netaddr, 1);
+			if (defined $gateway) {
+				print CONF "push \"route ${gateway} 255.255.255.255\"\n";
+			}
+
 			# End the block
 			print CONF "\n";
 		}