diff options
author | Christian Poessinger <christian@poessinger.com> | 2022-03-24 18:32:47 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-03-24 18:32:47 +0100 |
commit | a34e1b82089af0799a5a794706bf90e81d17f829 (patch) | |
tree | 2c30e4d9f492898be0d5608cb64d94c67b42f290 | |
parent | 27141654b3cca3083ac50177871235a4eae822ec (diff) | |
parent | 6c20e4a11516203ff9fd6077a1747a8252f9c853 (diff) | |
download | vyos-1x-a34e1b82089af0799a5a794706bf90e81d17f829.tar.gz vyos-1x-a34e1b82089af0799a5a794706bf90e81d17f829.zip |
Merge pull request #1210 from sever-sever/T4230-equ
openvpn: T4230: Delete checks if local-host address assigned
-rwxr-xr-x | src/conf_mode/interfaces-openvpn.py | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index 2ca7b1ee0..38ed127ff 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -40,6 +40,7 @@ from vyos.template import is_ipv6 from vyos.util import call from vyos.util import chown from vyos.util import chmod_600 +from vyos.util import cmd from vyos.util import dict_search from vyos.util import makedir from vyos.validate import is_addr_assigned @@ -303,8 +304,8 @@ def verify(openvpn): # verify specified IP address is present on any interface on this system if 'local_host' in openvpn: if not is_addr_assigned(openvpn['local_host']): - raise ConfigError('local-host IP address "{local_host}" not assigned' \ - ' to any interface'.format(**openvpn)) + print('local-host IP address "{local_host}" not assigned' \ + ' to any interface'.format(**openvpn)) # TCP active if openvpn['protocol'] == 'tcp-active': @@ -512,6 +513,13 @@ def apply(openvpn): return None + # verify specified IP address is present on any interface on this system + # Allow to bind service to nonlocal address, if it virtaual-vrrp address + # or if address will be assign later + if 'local_host' in openvpn: + if not is_addr_assigned(openvpn['local_host']): + cmd('sysctl -w net.ipv4.ip_nonlocal_bind=1') + # No matching OpenVPN process running - maybe it got killed or none # existed - nevertheless, spawn new OpenVPN process action = 'reload-or-restart' |