ocserv: T4231: Added OTP support for Openconnect 2FA

3 files changed, 19 insertions, 14 deletions

diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py
index 4fda1c0a9..f39da90e4 100755
--- a/python/vyos/ifconfig/interface.py
+++ b/python/vyos/ifconfig/interface.py
@@ -39,7 +39,7 @@ from vyos.util import read_file
 from vyos.util import get_interface_config
 from vyos.util import get_interface_namespace
 from vyos.util import is_systemd_service_active
-from vyos.util import sysctl_read
+from vyos.util import is_ipv6_enabled
 from vyos.template import is_ipv4
 from vyos.template import is_ipv6
 from vyos.validate import is_intf_addr_assigned
@@ -1083,6 +1083,10 @@ class Interface(Control):
 
         addr_is_v4 = is_ipv4(addr)
 
+        # Failsave - do not add IPv6 address if IPv6 is disabled
+        if is_ipv6(addr) and not is_ipv6_enabled():
+            return False
+
         # add to interface
         if addr == 'dhcp':
             self.set_dhcp(True)
@@ -1498,7 +1502,7 @@ class Interface(Control):
         self.set_ipv4_source_validation(value)
 
         # Only change IPv6 parameters if IPv6 was not explicitly disabled
-        if sysctl_read('net.ipv6.conf.all.disable_ipv6') == '0':
+        if is_ipv6_enabled():
             # Configure MSS value for IPv6 TCP connections
             tmp = dict_search('ipv6.adjust_mss', config)
             value = tmp if (tmp != None) else '0'
@@ -1526,10 +1530,6 @@ class Interface(Control):
             value = tmp if (tmp != None) else '1'
             self.set_ipv6_dad_messages(value)
 
-            # MTU - Maximum Transfer Unit
-            if 'mtu' in config:
-                self.set_mtu(config.get('mtu'))
-
             # Delete old IPv6 EUI64 addresses before changing MAC
             for addr in (dict_search('ipv6.address.eui64_old', config) or []):
                 self.del_ipv6_eui64_address(addr)
@@ -1546,6 +1546,10 @@ class Interface(Control):
                 for addr in tmp:
                     self.add_ipv6_eui64_address(addr)
 
+        # MTU - Maximum Transfer Unit
+        if 'mtu' in config:
+            self.set_mtu(config.get('mtu'))
+
         # re-add ourselves to any bridge we might have fallen out of
         if 'is_bridge_member' in config:
             bridge_dict = config.get('is_bridge_member')
diff --git a/python/vyos/ifconfig/loopback.py b/python/vyos/ifconfig/loopback.py
index de554ef44..30c890fdf 100644
--- a/python/vyos/ifconfig/loopback.py
+++ b/python/vyos/ifconfig/loopback.py
@@ -13,9 +13,8 @@
 # You should have received a copy of the GNU Lesser General Public
 # License along with this library.  If not, see <http://www.gnu.org/licenses/>.
 
-import vyos.util
-
 from vyos.ifconfig.interface import Interface
+from vyos.util import is_ipv6_enabled
 
 @Interface.register
 class LoopbackIf(Interface):
@@ -34,8 +33,6 @@ class LoopbackIf(Interface):
         }
     }
 
-    name = 'loopback'
-
     def remove(self):
         """
         Loopback interface can not be deleted from operating system. We can
@@ -62,11 +59,11 @@ class LoopbackIf(Interface):
         on any interface. """
 
         addr = config.get('address', [])
-        # We must ensure that the loopback addresses are never deleted from the system
-        addr += ['127.0.0.1/8']
 
-        if (vyos.util.sysctl_read('net.ipv6.conf.all.disable_ipv6') == '0'):
-            addr += ['::1/128']
+        # We must ensure that the loopback addresses are never deleted from the system
+        addr.append('127.0.0.1/8')
+        if is_ipv6_enabled():
+            addr.append('::1/128')
 
         # Update IP address entry in our dictionary
         config.update({'address' : addr})
diff --git a/python/vyos/util.py b/python/vyos/util.py
index f46775490..f3f323c34 100644
--- a/python/vyos/util.py
+++ b/python/vyos/util.py
@@ -1019,3 +1019,7 @@ def sysctl_write(name, value):
         call(f'sysctl -wq {name}={value}')
         return True
     return False
+
+def is_ipv6_enabled() -> bool:
+    """ Check if IPv6 support on the system is enabled or not """
+    return (sysctl_read('net.ipv6.conf.all.disable_ipv6') == '0')