ovpnmain.cgi: Enable multihome when using UDP

If the client is connecting from an internal network instead of the
internet, the OpenVPN server replies with the public IP address as the
source address. This won't allow to establish a connection.

Enabling multihome changes the behaviour to reply with whatever IP
address the client has connected to.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 52261b88990c8a13edf9c85d549a104b8ef852f7..1ec32799889306ef02fd06504349c2ead30566f0 100644 (file)
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -241,6 +241,13 @@ sub writeserverconf {
     print CONF "dev tun\n";
     print CONF "proto $vpnsettings{'DPROTOCOL'}\n";
     print CONF "port $vpnsettings{'DDEST_PORT'}\n";
+
+    # Enable multihoming when running in UDP mode to send reply packets
+    # from the same IP address that the client was talking to.
+    if ($vpnsettings{'DPROTOCOL'} eq 'udp') {
+      print CONF "multihome\n";
+    }
+
     print CONF "script-security 3\n";
     print CONF "ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600\n";
     print CONF "client-config-dir /var/ipfire/ovpn/ccd\n";