summaryrefslogtreecommitdiff
path: root/src/conf_mode/vpn_openconnect.py
diff options
context:
space:
mode:
authorDaniil Baturin <daniil@vyos.io>2021-08-09 17:16:30 +0700
committerGitHub <noreply@github.com>2021-08-09 17:16:30 +0700
commit8709e3561f1d2ecdd3f98c86f2ed744313780ffa (patch)
treef2ed0113ec0f001a0edaaf336c4bdd87d3c13ba5 /src/conf_mode/vpn_openconnect.py
parent92db99f8e21b0dc0965b544a3a88e82bbea26eaa (diff)
parentc3d536f77d62da7c37406dd831dae8d22cb9bd1a (diff)
downloadvyos-1x-8709e3561f1d2ecdd3f98c86f2ed744313780ffa.tar.gz
vyos-1x-8709e3561f1d2ecdd3f98c86f2ed744313780ffa.zip
Merge pull request #957 from DmitriyEshenko/1x-equuleus-09082021
openconnect: T3695: Add systemd service checker on commit
Diffstat (limited to 'src/conf_mode/vpn_openconnect.py')
-rwxr-xr-xsrc/conf_mode/vpn_openconnect.py20
1 files changed, 19 insertions, 1 deletions
diff --git a/src/conf_mode/vpn_openconnect.py b/src/conf_mode/vpn_openconnect.py
index 2986c3458..021ee7046 100755
--- a/src/conf_mode/vpn_openconnect.py
+++ b/src/conf_mode/vpn_openconnect.py
@@ -21,9 +21,10 @@ from vyos.config import Config
from vyos.configdict import dict_merge
from vyos.xml import defaults
from vyos.template import render
-from vyos.util import call
+from vyos.util import call, is_systemd_service_running
from vyos import ConfigError
from crypt import crypt, mksalt, METHOD_SHA512
+from time import sleep
from vyos import airbag
airbag.enable()
@@ -82,6 +83,20 @@ def verify(ocserv):
# Check network settings
if "network_settings" in ocserv:
+ # IPv4 or IPv6 pool must be defined
+ ipv4_net_conf = 0
+ if "client_ip_settings" in ocserv["network_settings"]:
+ if "subnet" in ocserv["network_settings"]["client_ip_settings"]:
+ ipv4_net_conf = 1
+
+ ipv6_net_conf = 0
+ if 'client_ipv6_pool' in ocserv["network_settings"]:
+ if 'prefix' in ocserv["network_settings"]["client_ipv6_pool"]:
+ ipv6_net_conf = 1
+
+ if not ipv4_net_conf and not ipv6_net_conf:
+ raise ConfigError('openconnect client-ip-settings or client-ipv6-pool required')
+
if "push_route" in ocserv["network_settings"]:
# Replace default route
if "0.0.0.0/0" in ocserv["network_settings"]["push_route"]:
@@ -121,6 +136,9 @@ def apply(ocserv):
os.unlink(file)
else:
call('systemctl restart ocserv.service')
+ sleep(1)
+ if not is_systemd_service_running("ocserv.service"):
+ raise ConfigError('openconnect is not started. Check log output')
if __name__ == '__main__':