summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorzsdc <taras@vyos.io>2021-10-04 10:40:31 +0300
committerChristian Poessinger <christian@poessinger.com>2021-11-17 20:41:14 +0100
commit50a1b4a1170182864760613216b68322f165a749 (patch)
tree45cc9652328548d13bdaf446a824c504b2af34fc /src
parent0105450e7d103559455c3646091dc40983e68d61 (diff)
downloadvyos-1x-50a1b4a1170182864760613216b68322f165a749.tar.gz
vyos-1x-50a1b4a1170182864760613216b68322f165a749.zip
OpenVPN: T3350: Changed custom options for OpenVPN processing
Custom OpenVPN options moved back to the command line from a configuration file. This should keep full compatibility with the `crux` branch, and allows to avoid mistakes with parsing options that contain `--` in the middle. The only smart part of this - handling a `push` option. Because of internal changes in OpenVPN, previously it did not require an argument in the double-quotes, but after version update in `equuleus` and `sagitta` old syntax became invalid. So, all the `push` options are processed to add quotes. The solution is still not complete, because if a single config line contains `push` with other options, it will not work, but it is better than nothing. (cherry picked from commit 3fd2ff423b6c6e992b2ed531c7ba99fb9e1a2123)
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/interfaces-openvpn.py12
-rw-r--r--src/etc/systemd/system/openvpn@.service.d/10-override.conf (renamed from src/etc/systemd/system/openvpn@.service.d/override.conf)0
2 files changed, 12 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index 5d537dadf..4e3c19be2 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -51,6 +51,7 @@ user = 'openvpn'
group = 'openvpn'
cfg_file = '/run/openvpn/{ifname}.conf'
+service_file = '/run/systemd/system/openvpn@{ifname}.service.d/20-override.conf'
def checkCertHeader(header, filename):
"""
@@ -434,6 +435,11 @@ def generate(openvpn):
if os.path.isdir(ccd_dir):
rmtree(ccd_dir, ignore_errors=True)
+ # Remove systemd directories with overrides
+ service_dir = os.path.dirname(service_file.format(**openvpn))
+ if os.path.isdir(service_dir):
+ rmtree(service_dir, ignore_errors=True)
+
if 'deleted' in openvpn or 'disable' in openvpn:
return None
@@ -477,6 +483,12 @@ def generate(openvpn):
render(cfg_file.format(**openvpn), 'openvpn/server.conf.tmpl', openvpn,
formater=lambda _: _.replace("&quot;", '"'), user=user, group=group)
+ # Render 20-override.conf for OpenVPN service
+ render(service_file.format(**openvpn), 'openvpn/service-override.conf.tmpl', openvpn,
+ formater=lambda _: _.replace("&quot;", '"'), user=user, group=group)
+ # Reload systemd services config to apply an override
+ call(f'systemctl daemon-reload')
+
return None
def apply(openvpn):
diff --git a/src/etc/systemd/system/openvpn@.service.d/override.conf b/src/etc/systemd/system/openvpn@.service.d/10-override.conf
index 03fe6b587..03fe6b587 100644
--- a/src/etc/systemd/system/openvpn@.service.d/override.conf
+++ b/src/etc/systemd/system/openvpn@.service.d/10-override.conf