diff options
| author | Christian Breunig <christian@breunig.cc> | 2024-08-05 07:28:27 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-05 07:28:27 +0200 |
| commit | d30646fad07bd9263b385aa6a26c6d6dbc163e27 (patch) | |
| tree | 429dc8602a8c475ba2424928f1a714c740f7c9ff /src/conf_mode | |
| parent | 60b0614296874c144665417130d4881461114db0 (diff) | |
| parent | aa842a640cbe96719caf4cd1843d718a68f81319 (diff) | |
| download | vyos-1x-d30646fad07bd9263b385aa6a26c6d6dbc163e27.tar.gz vyos-1x-d30646fad07bd9263b385aa6a26c6d6dbc163e27.zip | |
Merge branch 'current' into feature/T4694/gre-match-fields
Diffstat (limited to 'src/conf_mode')
| -rwxr-xr-x | src/conf_mode/interfaces_openvpn.py | 16 | ||||
| -rwxr-xr-x | src/conf_mode/protocols_static_multicast.py | 6 | ||||
| -rwxr-xr-x | src/conf_mode/vpn_ipsec.py | 1 |
3 files changed, 18 insertions, 5 deletions
diff --git a/src/conf_mode/interfaces_openvpn.py b/src/conf_mode/interfaces_openvpn.py index a03bd5959..9105ce1f8 100755 --- a/src/conf_mode/interfaces_openvpn.py +++ b/src/conf_mode/interfaces_openvpn.py @@ -378,6 +378,22 @@ def verify(openvpn): if (client_v.get('ip') and len(client_v['ip']) > 1) or (client_v.get('ipv6_ip') and len(client_v['ipv6_ip']) > 1): raise ConfigError(f'Server client "{client_k}": cannot specify more than 1 IPv4 and 1 IPv6 IP') + if dict_search('server.bridge', openvpn): + # check if server bridge is a tap interfaces + if not openvpn['device_type'] == 'tap' and dict_search('server.bridge', openvpn): + raise ConfigError('Must specify "device-type tap" with server bridge mode') + elif not (dict_search('server.bridge.start', openvpn) and dict_search('server.bridge.stop', openvpn)): + raise ConfigError('Server bridge requires both start and stop addresses') + else: + v4PoolStart = IPv4Address(dict_search('server.bridge.start', openvpn)) + v4PoolStop = IPv4Address(dict_search('server.bridge.stop', openvpn)) + if v4PoolStart > v4PoolStop: + raise ConfigError(f'Server bridge start address {v4PoolStart} is larger than stop address {v4PoolStop}') + + v4PoolSize = int(v4PoolStop) - int(v4PoolStart) + if v4PoolSize >= 65536: + raise ConfigError(f'Server bridge is too large [{v4PoolStart} -> {v4PoolStop} = {v4PoolSize}], maximum is 65536 addresses.') + if dict_search('server.client_ip_pool', openvpn): if not (dict_search('server.client_ip_pool.start', openvpn) and dict_search('server.client_ip_pool.stop', openvpn)): raise ConfigError('Server client-ip-pool requires both start and stop addresses') diff --git a/src/conf_mode/protocols_static_multicast.py b/src/conf_mode/protocols_static_multicast.py index 2bf794042..d323ceb4f 100755 --- a/src/conf_mode/protocols_static_multicast.py +++ b/src/conf_mode/protocols_static_multicast.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2020 VyOS maintainers and contributors +# Copyright (C) 2020-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -14,7 +14,6 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -import os from ipaddress import IPv4Address from sys import exit @@ -22,8 +21,7 @@ from sys import exit from vyos import ConfigError from vyos import frr from vyos.config import Config -from vyos.utils.process import call -from vyos.template import render, render_to_string +from vyos.template import render_to_string from vyos import airbag airbag.enable() diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py index e8a0bc414..b3e05a814 100755 --- a/src/conf_mode/vpn_ipsec.py +++ b/src/conf_mode/vpn_ipsec.py @@ -25,7 +25,6 @@ from ipaddress import ip_address from netaddr import IPNetwork from netaddr import IPRange -from vyos.base import Warning from vyos.config import Config from vyos.config import config_dict_merge from vyos.configdep import set_dependents |