4 files changed, 47 insertions, 3 deletions

diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py
index 2a5dc7af2..675dac5b1 100644
--- a/python/vyos/configverify.py
+++ b/python/vyos/configverify.py
@@ -278,7 +278,7 @@ def verify_diffie_hellman_length(file, min_keysize):
         prog = re.compile('\d+\s+bit')
         if prog.search(out):
             bits = prog.search(out)[0].split()[0]
-            if int(min_keysize) >= int(bits):
+            if int(bits) >= int(min_keysize):
                 return True
 
     return False
diff --git a/python/vyos/ifconfig/tunnel.py b/python/vyos/ifconfig/tunnel.py
index 4122d1a2f..926d66c18 100644
--- a/python/vyos/ifconfig/tunnel.py
+++ b/python/vyos/ifconfig/tunnel.py
@@ -22,6 +22,10 @@ from vyos.ifconfig.interface import Interface
 from vyos.ifconfig.afi import IP4, IP6
 from vyos.validate import assert_list
 
+import random
+from random import seed, getrandbits
+from ipaddress import IPv6Network, IPv6Address
+
 def enable_to_on(value):
     if value == 'enable':
         return 'on'
@@ -122,6 +126,16 @@ class _Tunnel(Interface):
     @classmethod
     def get_config(cls):
         return dict(zip(cls.options, ['']*len(cls.options)))
+        
+    def generate_link_local():
+        # Linux Kernel does not generate IPv6 Link Local address do to missing MAC
+        # We have to generate address manually and assign to interface
+        net = IPv6Network("FE80::/16")
+        rand_net = IPv6Network((net.network_address + (random.getrandbits(64 - net.prefixlen) << 64 ),64))
+        network = IPv6Network(rand_net)
+        address = str(IPv6Address(network.network_address + getrandbits(network.max_prefixlen - network.prefixlen)))+'/'+str(network.prefixlen)
+        
+        return address
 
 
 class GREIf(_Tunnel):
@@ -154,6 +168,12 @@ class GREIf(_Tunnel):
     create = 'ip tunnel add {ifname} mode {type}'
     change = 'ip tunnel cha {ifname}'
     delete = 'ip tunnel del {ifname}'
+    
+    
+    def _create(self):
+        super()._create(self)
+        # Assign generated IPv6 Link Local address to the interface
+        self.add_addr(self.generate_link_local())
 
 
 # GreTap also called GRE Bridge
@@ -219,6 +239,11 @@ class IP6GREIf(_Tunnel):
     # sudo ip tunnel cha tun100 local: : 2
     # Error: an IP address is expected rather than "::2"
     # works if mode is explicit
+    
+    def _create(self):
+        super()._create(self)
+        # Assign generated IPv6 Link Local address to the interface
+        self.add_addr(self.generate_link_local())
 
 
 class IPIPIf(_Tunnel):
@@ -270,6 +295,11 @@ class IPIP6If(_Tunnel):
     create = 'ip -6 tunnel add {ifname} mode {type}'
     change = 'ip -6 tunnel cha {ifname}'
     delete = 'ip -6 tunnel del {ifname}'
+    
+    def _create(self):
+        super()._create(self)
+        # Assign generated IPv6 Link Local address to the interface
+        self.add_addr(self.generate_link_local())
 
 
 class IP6IP6If(IPIP6If):
@@ -283,6 +313,11 @@ class IP6IP6If(IPIP6If):
     ip = [IP6,]
 
     default = {'type': 'ip6ip6'}
+    
+    def _create(self):
+        super()._create(self)
+        # Assign generated IPv6 Link Local address to the interface
+        self.add_addr(self.generate_link_local())
 
 
 class SitIf(_Tunnel):
@@ -306,6 +341,11 @@ class SitIf(_Tunnel):
     create = 'ip tunnel add {ifname} mode {type}'
     change = 'ip tunnel cha {ifname}'
     delete = 'ip tunnel del {ifname}'
+    
+    def _create(self):
+        super()._create(self)
+        # Assign generated IPv6 Link Local address to the interface
+        self.add_addr(self.generate_link_local())
 
 
 class Sit6RDIf(SitIf):
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index 7d5f7f3a0..c23e79948 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -320,7 +320,7 @@ def verify(openvpn):
         if 'local_port' in openvpn:
             raise ConfigError('Cannot specify "local-port" with "tcp-active"')
 
-        if 'remote_host' in openvpn:
+        if 'remote_host' not in openvpn:
             raise ConfigError('Must specify "remote-host" with "tcp-active"')
 
     # shared secret and TLS
diff --git a/src/op_mode/powerctrl.py b/src/op_mode/powerctrl.py
index 69af427ec..c000d7d06 100755
--- a/src/op_mode/powerctrl.py
+++ b/src/op_mode/powerctrl.py
@@ -34,7 +34,11 @@ def utc2local(datetime):
 def parse_time(s):
     try:
         if re.match(r'^\d{1,2}$', s):
-            return datetime.strptime(s, "%M").time()
+            if (int(s) > 59):
+                s = str(int(s)//60) + ":" + str(int(s)%60)
+                return datetime.strptime(s, "%H:%M").time()
+            else:
+                return datetime.strptime(s, "%M").time()
         else:
             return datetime.strptime(s, "%H:%M").time()
     except ValueError: