diff --git a/security/tinc/Makefile b/security/tinc/Makefile
index fe9f6ac4b..b62415645 100644
--- a/security/tinc/Makefile
+++ b/security/tinc/Makefile
@@ -1,5 +1,6 @@
PLUGIN_NAME= tinc
PLUGIN_VERSION= 1.5
+PLUGIN_REVISION= 1
PLUGIN_COMMENT= Tinc VPN
PLUGIN_DEPENDS= tinc
PLUGIN_MAINTAINER= ad@opnsense.org
diff --git a/security/tinc/src/opnsense/mvc/app/models/OPNsense/Tinc/Tinc.xml b/security/tinc/src/opnsense/mvc/app/models/OPNsense/Tinc/Tinc.xml
index 9741c5d3b..e8abbc0c0 100644
--- a/security/tinc/src/opnsense/mvc/app/models/OPNsense/Tinc/Tinc.xml
+++ b/security/tinc/src/opnsense/mvc/app/models/OPNsense/Tinc/Tinc.xml
@@ -37,10 +37,18 @@
N
- Y
+ N
N
Y
,
+
+
+ Subnet field must be set in router mode.
+ SetIfConstraint
+ mode
+ router
+
+
Y
@@ -69,6 +77,11 @@
router
switch
+
+
+ subnet.check001
+
+
1
@@ -123,7 +136,7 @@
/^([0-9a-zA-Z\.,_\-:]){0,1024}$/u
- Y
+ N
N
Y
,
diff --git a/security/tinc/src/opnsense/scripts/OPNsense/Tinc/lib/objects.py b/security/tinc/src/opnsense/scripts/OPNsense/Tinc/lib/objects.py
index 81cb8e563..6b9ccfcd3 100755
--- a/security/tinc/src/opnsense/scripts/OPNsense/Tinc/lib/objects.py
+++ b/security/tinc/src/opnsense/scripts/OPNsense/Tinc/lib/objects.py
@@ -123,7 +123,6 @@ class Host(NetwConfObject):
def __init__(self):
super(Host, self).__init__()
self._connectTo = "0"
- self._payload['subnet'] = None
self._payload['pubkey'] = None
self._payload['cipher'] = None
@@ -139,9 +138,10 @@ class Host(NetwConfObject):
def config_text(self):
result = list()
result.append('Address=%(address)s %(port)s'%self._payload)
- networks = self._payload['subnet'].split(',')
- for network in networks:
- result.append('Subnet=%s' % network)
+ if 'subnet' in self._payload:
+ networks = self._payload['subnet'].split(',')
+ for network in networks:
+ result.append('Subnet=%s' % network)
result.append('Cipher=%(cipher)s'%self._payload)
result.append('Digest=sha256')
result.append(self._payload['pubkey'])
diff --git a/security/tinc/src/opnsense/scripts/OPNsense/Tinc/tincd.py b/security/tinc/src/opnsense/scripts/OPNsense/Tinc/tincd.py
index f34ae87ef..3f5f887f4 100755
--- a/security/tinc/src/opnsense/scripts/OPNsense/Tinc/tincd.py
+++ b/security/tinc/src/opnsense/scripts/OPNsense/Tinc/tincd.py
@@ -86,11 +86,14 @@ def deploy(config_filename):
# write tinc-up file
interface_address = network.get_local_address()
- interface_family = "inet6" if ipaddress.ip_network(interface_address, False).version == 6 else "inet"
+ interface_network = ipaddress.ip_network(interface_address, False)
+ interface_family = "inet6" if interface_network.version == 6 else "inet"
+ interface_configd = "newipv6" if interface_network.version == 6 else "newip"
if_up = list()
if_up.append("#!/bin/sh")
- if_up.append("ifconfig %s %s %s " % (interface_name, interface_family, pipes.quote(interface_address)))
+ if_up.append("ifconfig %s %s %s" % (interface_name, interface_family, pipes.quote(interface_address)))
+ if_up.append("configctl interface %s %s" % (interface_configd, interface_name))
write_file("%s/tinc-up" % network.get_basepath(), '\n'.join(if_up) + "\n", 0o700)
# configure and rename new tun device, place all in group "tinc" symlink associated tun device
@@ -108,6 +111,10 @@ if len(sys.argv) > 1:
if sys.argv[1] == 'stop':
for instance in glob.glob('/usr/local/etc/tinc/*'):
subprocess.run(['/usr/local/sbin/tincd','-n',instance.split('/')[-1], '-k'])
+ if os.path.exists('%s/tinc.conf' % instance):
+ interface_name = open('%s/tinc.conf' % instance).read().split('Device=')[-1].split()[0].split('/')[-1]
+ if interface_name.startswith('tinc'):
+ subprocess.run(['/sbin/ifconfig',interface_name,'destroy'])
elif sys.argv[1] == 'start':
for netwrk in deploy('/usr/local/etc/tinc_deploy.xml'):
subprocess.run(['/usr/local/sbin/tincd','-n',netwrk.get_network(), '-R', '-d', netwrk.get_debuglevel()])
diff --git a/security/tinc/src/opnsense/service/templates/OPNsense/Syslog/local/tinc.conf b/security/tinc/src/opnsense/service/templates/OPNsense/Syslog/local/tinc.conf
new file mode 100644
index 000000000..48fd37a41
--- /dev/null
+++ b/security/tinc/src/opnsense/service/templates/OPNsense/Syslog/local/tinc.conf
@@ -0,0 +1,6 @@
+###################################################################
+# Local syslog-ng configuration filter definition [tinc].
+###################################################################
+filter f_local_tinc {
+ program("tinc.*");
+};