summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-03-24 18:32:47 +0100
committerGitHub <noreply@github.com>2022-03-24 18:32:47 +0100
commita34e1b82089af0799a5a794706bf90e81d17f829 (patch)
tree2c30e4d9f492898be0d5608cb64d94c67b42f290
parent27141654b3cca3083ac50177871235a4eae822ec (diff)
parent6c20e4a11516203ff9fd6077a1747a8252f9c853 (diff)
downloadvyos-1x-a34e1b82089af0799a5a794706bf90e81d17f829.tar.gz
vyos-1x-a34e1b82089af0799a5a794706bf90e81d17f829.zip
Merge pull request #1210 from sever-sever/T4230-equ
openvpn: T4230: Delete checks if local-host address assigned
-rwxr-xr-xsrc/conf_mode/interfaces-openvpn.py12
1 files changed, 10 insertions, 2 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index 2ca7b1ee0..38ed127ff 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -40,6 +40,7 @@ from vyos.template import is_ipv6
from vyos.util import call
from vyos.util import chown
from vyos.util import chmod_600
+from vyos.util import cmd
from vyos.util import dict_search
from vyos.util import makedir
from vyos.validate import is_addr_assigned
@@ -303,8 +304,8 @@ def verify(openvpn):
# verify specified IP address is present on any interface on this system
if 'local_host' in openvpn:
if not is_addr_assigned(openvpn['local_host']):
- raise ConfigError('local-host IP address "{local_host}" not assigned' \
- ' to any interface'.format(**openvpn))
+ print('local-host IP address "{local_host}" not assigned' \
+ ' to any interface'.format(**openvpn))
# TCP active
if openvpn['protocol'] == 'tcp-active':
@@ -512,6 +513,13 @@ def apply(openvpn):
return None
+ # verify specified IP address is present on any interface on this system
+ # Allow to bind service to nonlocal address, if it virtaual-vrrp address
+ # or if address will be assign later
+ if 'local_host' in openvpn:
+ if not is_addr_assigned(openvpn['local_host']):
+ cmd('sysctl -w net.ipv4.ip_nonlocal_bind=1')
+
# No matching OpenVPN process running - maybe it got killed or none
# existed - nevertheless, spawn new OpenVPN process
action = 'reload-or-restart'