diff options
author | Mikhail Rozentsvayg <mih@paranoia.ru> | 2020-06-04 16:51:53 -0700 |
---|---|---|
committer | Mikhail Rozentsvayg <mih@paranoia.ru> | 2020-06-04 23:30:58 -0700 |
commit | 08bd4ed10b3772c61f24cd9564c1639334d7feba (patch) | |
tree | c4c441589a367aff26feb997987d498bfaefae9e /src/conf_mode | |
parent | 9b08d0b881d205c2c137ff2094759c775dfdb399 (diff) | |
download | vyos-1x-08bd4ed10b3772c61f24cd9564c1639334d7feba.tar.gz vyos-1x-08bd4ed10b3772c61f24cd9564c1639334d7feba.zip |
openvpn: T2550: fix for IPv4 remote-host addresses
Commit bb9f998 added IPv6 support for OpenVPN, but IPv4 only
configurations stopped working (Address family for hostname not supported)
Commit fc467519 fixed some scenarios by using IPv4 protocols
if 'local-host' is IPv4 address, but the client mode is using
'remote-host' instead and was still broken.
This commit in addition to 'local-host' also checks all the
'remote-host' addresses.
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-x | src/conf_mode/interfaces-openvpn.py | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index 5afcbe7da..1420b4116 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -578,10 +578,9 @@ def get_config(): # Convert protocol to real protocol used by openvpn. # To make openvpn listen on both IPv4 and IPv6 we must use *6 protocols - # (https://community.openvpn.net/openvpn/ticket/360), unless local is IPv4 + # (https://community.openvpn.net/openvpn/ticket/360), unless the local-host + # or each of the remote-host in client mode is IPv4 # in which case it must use the standard protocols. - # Note: this will break openvpn if IPv6 is disabled on the system. - # This currently isn't supported, a check can be added in the future. if openvpn['protocol'] == 'tcp-active': openvpn['protocol_real'] = 'tcp6-client' elif openvpn['protocol'] == 'tcp-passive': @@ -589,7 +588,9 @@ def get_config(): else: openvpn['protocol_real'] = 'udp6' - if is_ipv4(openvpn['local_host']): + if ( is_ipv4(openvpn['local_host']) or + # in client mode test all the remotes instead + (openvpn['mode'] == 'client' and all([is_ipv4(h) for h in openvpn['remote_host']])) ): # takes out the '6' openvpn['protocol_real'] = openvpn['protocol_real'][:3] + openvpn['protocol_real'][4:] |