diff --git a/security/tinc/src/opnsense/mvc/app/controllers/OPNsense/Tinc/forms/dialogNetwork.xml b/security/tinc/src/opnsense/mvc/app/controllers/OPNsense/Tinc/forms/dialogNetwork.xml
index 2545c3730..113023c6a 100644
--- a/security/tinc/src/opnsense/mvc/app/controllers/OPNsense/Tinc/forms/dialogNetwork.xml
+++ b/security/tinc/src/opnsense/mvc/app/controllers/OPNsense/Tinc/forms/dialogNetwork.xml
@@ -96,6 +96,12 @@
true
This machines part of the network
+
+ network.disablesubnetroutes
+
+ checkbox
+ This will prevent installing subnet routes. Usually you only enable this to do own routing decisions via a local gateway and gateway rules.
+
network.privkey
diff --git a/security/tinc/src/opnsense/mvc/app/models/OPNsense/Tinc/Tinc.xml b/security/tinc/src/opnsense/mvc/app/models/OPNsense/Tinc/Tinc.xml
index 18c611398..874f96733 100644
--- a/security/tinc/src/opnsense/mvc/app/models/OPNsense/Tinc/Tinc.xml
+++ b/security/tinc/src/opnsense/mvc/app/models/OPNsense/Tinc/Tinc.xml
@@ -1,6 +1,6 @@
//OPNsense/Tinc
- 1.0.4
+ 1.0.5
OPNsense Tinc VPN
@@ -64,6 +64,10 @@
0
Y
+
+ 0
+ Y
+
Y
diff --git a/security/tinc/src/opnsense/scripts/OPNsense/Tinc/lib/objects.py b/security/tinc/src/opnsense/scripts/OPNsense/Tinc/lib/objects.py
index ae4a291aa..ff7204ab2 100755
--- a/security/tinc/src/opnsense/scripts/OPNsense/Tinc/lib/objects.py
+++ b/security/tinc/src/opnsense/scripts/OPNsense/Tinc/lib/objects.py
@@ -70,6 +70,7 @@ class Network(NetwConfObject):
self._payload['mode'] = 'switch'
self._payload['PMTUDiscovery'] = 'yes'
self._payload['StrictSubnets'] = 'no'
+ self._disablesubnetroutes = False
self._hosts = list()
def get_id(self):
@@ -84,6 +85,9 @@ class Network(NetwConfObject):
def get_debuglevel(self):
return self._payload['debuglevel'][1] if len(self._payload['debuglevel']) > 1 else '0'
+ def get_disablesubnetroutes(self):
+ return self._disablesubnetroutes
+
def set_hosts(self, hosts):
for host in hosts:
hostObj = Host()
@@ -97,6 +101,9 @@ class Network(NetwConfObject):
def set_StrictSubnets(self, value):
self._payload['StrictSubnets'] = 'no' if value.text != '1' else 'yes'
+ def set_disablesubnetroutes(self, value):
+ self._disablesubnetroutes = value.text == '1'
+
def config_text(self):
result = list()
result.append('AddressFamily=any')
diff --git a/security/tinc/src/opnsense/scripts/OPNsense/Tinc/tincd.py b/security/tinc/src/opnsense/scripts/OPNsense/Tinc/tincd.py
index 43839a8cf..95aadc99b 100755
--- a/security/tinc/src/opnsense/scripts/OPNsense/Tinc/tincd.py
+++ b/security/tinc/src/opnsense/scripts/OPNsense/Tinc/tincd.py
@@ -105,14 +105,15 @@ def deploy(config_filename):
for filename in chroot_needs:
os.makedirs('%s%s' % (network.get_basepath(), os.path.dirname(filename)), exist_ok=True)
shutil.copy(filename, '%s/%s' % (network.get_basepath(), filename))
- write_file("%s/subnet-up" % network.get_basepath(), '\n'.join([
- "#!/bin/sh",
- "route add $SUBNET -iface %s\n" % interface_name
- ]), 0o700)
- write_file("%s/subnet-down" % network.get_basepath(), '\n'.join([
- "#!/bin/sh",
- "route delete $SUBNET -iface %s\n" % interface_name
- ]), 0o700)
+ if not network.get_disablesubnetroutes():
+ write_file("%s/subnet-up" % network.get_basepath(), '\n'.join([
+ "#!/bin/sh",
+ "route add $SUBNET -iface %s\n" % interface_name
+ ]), 0o700)
+ write_file("%s/subnet-down" % network.get_basepath(), '\n'.join([
+ "#!/bin/sh",
+ "route delete $SUBNET -iface %s\n" % interface_name
+ ]), 0o700)
# configure and rename new tun device, place all in group "tinc" symlink associated tun device
if interface_name not in interfaces:
diff --git a/security/tinc/src/opnsense/service/templates/OPNsense/Tinc/tinc_deploy.xml b/security/tinc/src/opnsense/service/templates/OPNsense/Tinc/tinc_deploy.xml
index f8120fca1..46c12f168 100644
--- a/security/tinc/src/opnsense/service/templates/OPNsense/Tinc/tinc_deploy.xml
+++ b/security/tinc/src/opnsense/service/templates/OPNsense/Tinc/tinc_deploy.xml
@@ -15,6 +15,7 @@
{{network.debuglevel}}
{{network.pingtimeout}}
{{network.StrictSubnets}}
+ {{network.disablesubnetroutes}}
{{network.hostname}}