diff options
| author | Daniil Baturin <daniil@vyos.io> | 2024-09-10 14:16:03 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-09-10 14:16:03 +0100 |
| commit | dc1da7cbd594630124211c515592e4b9cefae261 (patch) | |
| tree | 271bbe62c7246b6798bb2e75ae9a5876a69e8ab1 /src | |
| parent | 92504cee34006f2198393a51efd93bea46346ec2 (diff) | |
| parent | 8461eea6c964f4a892028b6743d1bc9c5bcce2ff (diff) | |
| download | vyos-1x-dc1da7cbd594630124211c515592e4b9cefae261.tar.gz vyos-1x-dc1da7cbd594630124211c515592e4b9cefae261.zip | |
Merge pull request #4037 from vyos/mergify/bp/sagitta/pr-3920
OPENVPN: T6555: add server-bridge options in mode server (backport #3920)
Diffstat (limited to 'src')
| -rwxr-xr-x | src/conf_mode/interfaces_openvpn.py | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces_openvpn.py b/src/conf_mode/interfaces_openvpn.py index 5bb663a9b..467b6f6af 100755 --- a/src/conf_mode/interfaces_openvpn.py +++ b/src/conf_mode/interfaces_openvpn.py @@ -378,6 +378,22 @@ def verify(openvpn): if (client_v.get('ip') and len(client_v['ip']) > 1) or (client_v.get('ipv6_ip') and len(client_v['ipv6_ip']) > 1): raise ConfigError(f'Server client "{client_k}": cannot specify more than 1 IPv4 and 1 IPv6 IP') + if dict_search('server.bridge', openvpn): + # check if server bridge is a tap interfaces + if not openvpn['device_type'] == 'tap' and dict_search('server.bridge', openvpn): + raise ConfigError('Must specify "device-type tap" with server bridge mode') + elif not (dict_search('server.bridge.start', openvpn) and dict_search('server.bridge.stop', openvpn)): + raise ConfigError('Server bridge requires both start and stop addresses') + else: + v4PoolStart = IPv4Address(dict_search('server.bridge.start', openvpn)) + v4PoolStop = IPv4Address(dict_search('server.bridge.stop', openvpn)) + if v4PoolStart > v4PoolStop: + raise ConfigError(f'Server bridge start address {v4PoolStart} is larger than stop address {v4PoolStop}') + + v4PoolSize = int(v4PoolStop) - int(v4PoolStart) + if v4PoolSize >= 65536: + raise ConfigError(f'Server bridge is too large [{v4PoolStart} -> {v4PoolStop} = {v4PoolSize}], maximum is 65536 addresses.') + if dict_search('server.client_ip_pool', openvpn): if not (dict_search('server.client_ip_pool.start', openvpn) and dict_search('server.client_ip_pool.stop', openvpn)): raise ConfigError('Server client-ip-pool requires both start and stop addresses') |