diff options
author | Jernej Jakob <jernej.jakob@gmail.com> | 2020-04-20 20:54:56 +0200 |
---|---|---|
committer | Jernej Jakob <jernej.jakob@gmail.com> | 2020-04-20 21:05:36 +0200 |
commit | fc46751976c17da34aedc591bff737c1090f2704 (patch) | |
tree | e8cb99e75c4e101bbeb311d61d469baa03824627 /src/conf_mode | |
parent | fa7d691122683f1b4869d56be8cb2d7665814f9d (diff) | |
download | vyos-1x-fc46751976c17da34aedc591bff737c1090f2704.tar.gz vyos-1x-fc46751976c17da34aedc591bff737c1090f2704.zip |
openvpn: T2339: fix for IPv4 local-host addresses
Commit bb9f998 introduced a bug where openvpn fails to start if
'local-host' is an IPv4 address due to 'proto' wanting a IPv6 socket.
This adds a conditional check and uses normal proto if it's IPv4.
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-x | src/conf_mode/interfaces-openvpn.py | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index a5ff3007b..708ac8f91 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -28,7 +28,7 @@ from vyos.config import Config from vyos.ifconfig import VTunIf from vyos.template import render from vyos.util import call, chown, chmod_600, chmod_755 -from vyos.validate import is_addr_assigned, is_bridge_member +from vyos.validate import is_addr_assigned, is_bridge_member, is_ipv4 from vyos import ConfigError user = 'openvpn' @@ -67,6 +67,7 @@ default_config_data = { 'options': [], 'persistent_tunnel': False, 'protocol': 'udp', + 'protocol_real': '', 'redirect_gateway': '', 'remote_address': [], 'remote_host': [], @@ -557,6 +558,23 @@ def get_config(): if openvpn['mode'] == 'server' and not openvpn['server_topology']: openvpn['server_topology'] = 'net30' + # Convert protocol to real protocol used by openvpn. + # To make openvpn listen on both IPv4 and IPv6 we must use *6 protocols + # (https://community.openvpn.net/openvpn/ticket/360), unless local is IPv4 + # in which case it must use the standard protocols. + # Note: this will break openvpn if IPv6 is disabled on the system. + # This currently isn't supported, a check can be added in the future. + if openvpn['protocol'] == 'tcp-active': + openvpn['protocol_real'] = 'tcp6-client' + elif openvpn['protocol'] == 'tcp-passive': + openvpn['protocol_real'] = 'tcp6-server' + else: + openvpn['protocol_real'] = 'udp6' + + if is_ipv4(openvpn['local_host']): + # takes out the '6' + openvpn['protocol_real'] = openvpn['protocol_real'][:3] + openvpn['protocol_real'][4:] + # Set defaults where necessary. # If any of the input parameters are wrong, # this will return False and no defaults will be set. |