summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
authorJernej Jakob <jernej.jakob@gmail.com>2020-04-20 20:54:56 +0200
committerJernej Jakob <jernej.jakob@gmail.com>2020-04-20 21:05:36 +0200
commitfc46751976c17da34aedc591bff737c1090f2704 (patch)
treee8cb99e75c4e101bbeb311d61d469baa03824627 /src/conf_mode
parentfa7d691122683f1b4869d56be8cb2d7665814f9d (diff)
downloadvyos-1x-fc46751976c17da34aedc591bff737c1090f2704.tar.gz
vyos-1x-fc46751976c17da34aedc591bff737c1090f2704.zip
openvpn: T2339: fix for IPv4 local-host addresses
Commit bb9f998 introduced a bug where openvpn fails to start if 'local-host' is an IPv4 address due to 'proto' wanting a IPv6 socket. This adds a conditional check and uses normal proto if it's IPv4.
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/interfaces-openvpn.py20
1 files changed, 19 insertions, 1 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index a5ff3007b..708ac8f91 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -28,7 +28,7 @@ from vyos.config import Config
from vyos.ifconfig import VTunIf
from vyos.template import render
from vyos.util import call, chown, chmod_600, chmod_755
-from vyos.validate import is_addr_assigned, is_bridge_member
+from vyos.validate import is_addr_assigned, is_bridge_member, is_ipv4
from vyos import ConfigError
user = 'openvpn'
@@ -67,6 +67,7 @@ default_config_data = {
'options': [],
'persistent_tunnel': False,
'protocol': 'udp',
+ 'protocol_real': '',
'redirect_gateway': '',
'remote_address': [],
'remote_host': [],
@@ -557,6 +558,23 @@ def get_config():
if openvpn['mode'] == 'server' and not openvpn['server_topology']:
openvpn['server_topology'] = 'net30'
+ # Convert protocol to real protocol used by openvpn.
+ # To make openvpn listen on both IPv4 and IPv6 we must use *6 protocols
+ # (https://community.openvpn.net/openvpn/ticket/360), unless local is IPv4
+ # in which case it must use the standard protocols.
+ # Note: this will break openvpn if IPv6 is disabled on the system.
+ # This currently isn't supported, a check can be added in the future.
+ if openvpn['protocol'] == 'tcp-active':
+ openvpn['protocol_real'] = 'tcp6-client'
+ elif openvpn['protocol'] == 'tcp-passive':
+ openvpn['protocol_real'] = 'tcp6-server'
+ else:
+ openvpn['protocol_real'] = 'udp6'
+
+ if is_ipv4(openvpn['local_host']):
+ # takes out the '6'
+ openvpn['protocol_real'] = openvpn['protocol_real'][:3] + openvpn['protocol_real'][4:]
+
# Set defaults where necessary.
# If any of the input parameters are wrong,
# this will return False and no defaults will be set.