From: Michael Tremer Date: Thu, 9 Oct 2025 17:24:29 +0000 (+0100) Subject: ovpnmain.cgi: Enable multihome when using UDP X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ccab45fbe077ec2b5b8ccc8bbecd6844f9d93247;p=ipfire-2.x.git ovpnmain.cgi: Enable multihome when using UDP If the client is connecting from an internal network instead of the internet, the OpenVPN server replies with the public IP address as the source address. This won't allow to establish a connection. Enabling multihome changes the behaviour to reply with whatever IP address the client has connected to. Signed-off-by: Michael Tremer --- diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 52261b889..1ec327998 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -241,6 +241,13 @@ sub writeserverconf { print CONF "dev tun\n"; print CONF "proto $vpnsettings{'DPROTOCOL'}\n"; print CONF "port $vpnsettings{'DDEST_PORT'}\n"; + + # Enable multihoming when running in UDP mode to send reply packets + # from the same IP address that the client was talking to. + if ($vpnsettings{'DPROTOCOL'} eq 'udp') { + print CONF "multihome\n"; + } + print CONF "script-security 3\n"; print CONF "ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600\n"; print CONF "client-config-dir /var/ipfire/ovpn/ccd\n";