summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
authorViacheslav Hletenko <v.gletenko@vyos.io>2022-02-08 10:39:46 +0000
committerViacheslav Hletenko <v.gletenko@vyos.io>2022-02-09 11:55:53 +0000
commit6c20e4a11516203ff9fd6077a1747a8252f9c853 (patch)
treeb5444ce2bf59bb24f90fac98c6816283ca92817a /src/conf_mode
parent8a8d363d65cab77f2617a3519471c856e92342db (diff)
downloadvyos-1x-6c20e4a11516203ff9fd6077a1747a8252f9c853.tar.gz
vyos-1x-6c20e4a11516203ff9fd6077a1747a8252f9c853.zip
openvpn: T4230: Delete checks if local-host address assigned
OpenVPN can't start if it depends on VRRP virtual-address as virtual-address is not yet assigned by HA (openvpn and ha in one commit) as we have checks "if address assigned" It depends on commit priorities: 460 interfaces/openvpn 800 high-availability Replace check if local-host address assigned from raise ConfigError to print (just notification) Allow to bind OpenVPN service to nonlocal address
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/interfaces-openvpn.py12
1 files changed, 10 insertions, 2 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index ae35ed3c4..ffb022847 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -39,6 +39,7 @@ from vyos.template import is_ipv6
from vyos.util import call
from vyos.util import chown
from vyos.util import chmod_600
+from vyos.util import cmd
from vyos.util import dict_search
from vyos.util import makedir
from vyos.validate import is_addr_assigned
@@ -297,8 +298,8 @@ def verify(openvpn):
# verify specified IP address is present on any interface on this system
if 'local_host' in openvpn:
if not is_addr_assigned(openvpn['local_host']):
- raise ConfigError('local-host IP address "{local_host}" not assigned' \
- ' to any interface'.format(**openvpn))
+ print('local-host IP address "{local_host}" not assigned' \
+ ' to any interface'.format(**openvpn))
# TCP active
if openvpn['protocol'] == 'tcp-active':
@@ -506,6 +507,13 @@ def apply(openvpn):
return None
+ # verify specified IP address is present on any interface on this system
+ # Allow to bind service to nonlocal address, if it virtaual-vrrp address
+ # or if address will be assign later
+ if 'local_host' in openvpn:
+ if not is_addr_assigned(openvpn['local_host']):
+ cmd('sysctl -w net.ipv4.ip_nonlocal_bind=1')
+
# No matching OpenVPN process running - maybe it got killed or none
# existed - nevertheless, spawn new OpenVPN process
call(f'systemctl reload-or-restart openvpn@{interface}.service')