Merge pull request #2763 from vyos/mergify/bp/sagitta/pr-1637

openvpn: T3214: fix server-ipv6 and nopool handling (backport #1637)

1 files changed, 4 insertions, 3 deletions

diff --git a/src/conf_mode/interfaces_openvpn.py b/src/conf_mode/interfaces_openvpn.py
index 5795ce0bc..45569dd21 100755
--- a/src/conf_mode/interfaces_openvpn.py
+++ b/src/conf_mode/interfaces_openvpn.py
@@ -347,9 +347,6 @@ def verify(openvpn):
             if v6_subnets > 1:
                 raise ConfigError('Cannot specify more than 1 IPv6 server subnet')
 
-            if v6_subnets > 0 and v4_subnets == 0:
-                raise ConfigError('IPv6 server requires an IPv4 server subnet')
-
             for subnet in tmp:
                 if is_ipv4(subnet):
                     subnet = IPv4Network(subnet)
@@ -391,6 +388,10 @@ def verify(openvpn):
                         for v4PoolNet in v4PoolNets:
                             if IPv4Address(client['ip'][0]) in v4PoolNet:
                                 print(f'Warning: Client "{client["name"]}" IP {client["ip"][0]} is in server IP pool, it is not reserved for this client.')
+            # configuring a client_ip_pool will set 'server ... nopool' which is currently incompatible with 'server-ipv6' (probably to be fixed upstream)
+            for subnet in (dict_search('server.subnet', openvpn) or []):
+                if is_ipv6(subnet):
+                    raise ConfigError(f'Setting client-ip-pool is incompatible having an IPv6 server subnet.')
 
         for subnet in (dict_search('server.subnet', openvpn) or []):
             if is_ipv6(subnet):