diff options
| author | Christian Poessinger <christian@poessinger.com> | 2019-09-28 14:03:20 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2019-09-28 14:03:20 +0200 |
| commit | e541ffc4f34ced045b89bd039f391d1322ff5f00 (patch) | |
| tree | 83b329953d9b277238237aac9e5638a9f2ea149f /src/conf_mode/interface-openvpn.py | |
| parent | ce8cc3514acdc1f2c06bcd3ef7f3ef32561df9c8 (diff) | |
| parent | 6ac5271e93d06712f6e318d2f6b96280ae16f040 (diff) | |
| download | vyos-1x-e541ffc4f34ced045b89bd039f391d1322ff5f00.tar.gz vyos-1x-e541ffc4f34ced045b89bd039f391d1322ff5f00.zip | |
Merge branch 'current' of github.com:vyos/vyos-1x into equuleus
* 'current' of github.com:vyos/vyos-1x:
T1694: delete the now broken tests for NTP.
Jenkins: assume dependencies are available in DOcker container
OpenVPN: T1512: always enable compat-names option
Interface: T1695: Syntax error in interface-dummy.py - Missing colon
T1694 NTPd: Do not listen on all interfaces by default
openvpn: T1691: interface is not always created - take care when setting alias
openvpn: T1691: add artifical abort when waiting on interface
ipoe-server: T1690 - restart op-mode command for service ipoe-server
ipoe-server: T1692 - ipoe-server verify function error
pppoe-server: T1690 - restart op-mode commands for pppoe-server
T1685 Adding ethernet valueHelp for vif,vif-s,vif-c
wireguard: T1681 - code cleanup and maintenace.
Diffstat (limited to 'src/conf_mode/interface-openvpn.py')
| -rwxr-xr-x | src/conf_mode/interface-openvpn.py | 34 |
1 files changed, 32 insertions, 2 deletions
diff --git a/src/conf_mode/interface-openvpn.py b/src/conf_mode/interface-openvpn.py index 57d565749..a988e1ab1 100755 --- a/src/conf_mode/interface-openvpn.py +++ b/src/conf_mode/interface-openvpn.py @@ -225,6 +225,20 @@ auth-retry nointeract client-config-dir /opt/vyatta/etc/openvpn/ccd/{{ intf }} {% endif %} +# DEPRECATED This option will be removed in OpenVPN 2.5 +# Until OpenVPN v2.3 the format of the X.509 Subject fields was formatted like this: +# /C=US/L=Somewhere/CN=John Doe/emailAddress=john@example.com In addition the old +# behaviour was to remap any character other than alphanumeric, underscore ('_'), +# dash ('-'), dot ('.'), and slash ('/') to underscore ('_'). The X.509 Subject +# string as returned by the tls_id environmental variable, could additionally +# contain colon (':') or equal ('='). When using the --compat-names option, this +# old formatting and remapping will be re-enabled again. This is purely implemented +# for compatibility reasons when using older plug-ins or scripts which does not +# handle the new formatting or UTF-8 characters. +# +# See https://phabricator.vyos.net/T1512 +compat-names + {% for option in options -%} {{ option }} {% endfor -%} @@ -903,9 +917,25 @@ def apply(openvpn): # better late then sorry ... but we can only set interface alias after # OpenVPN has been launched and created the interface + cnt = 0 while openvpn['intf'] not in interfaces(): - sleep(0.250) # 250ms - Interface(openvpn['intf']).set_alias(openvpn['description']) + # If VPN tunnel can't be established because the peer/server isn't + # (temporarily) available, the vtun interface never becomes registered + # with the kernel, and the commit would hang if there is no bail out + # condition + cnt += 1 + if cnt == 50: + break + + # sleep 250ms + sleep(0.250) + + try: + # we need to catch the exception if the interface is not up due to + # reason stated above + Interface(openvpn['intf']).set_alias(openvpn['description']) + except: + pass return None |