diff options
| -rw-r--r-- | data/templates/openvpn/server.conf.tmpl | 2 | ||||
| -rw-r--r-- | python/vyos/util.py | 3 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces-openvpn.py | 20 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces-tunnel.py | 2 | ||||
| -rwxr-xr-x | src/op_mode/show_dhcp.py | 2 |
5 files changed, 24 insertions, 5 deletions
diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl index 396888c0f..75ab602f8 100644 --- a/data/templates/openvpn/server.conf.tmpl +++ b/data/templates/openvpn/server.conf.tmpl @@ -18,7 +18,7 @@ dev {{ intf }} persist-key iproute /usr/libexec/vyos/system/unpriv-ip -proto {% if 'tcp-active' in protocol -%}tcp6-client{% elif 'tcp-passive' in protocol -%}tcp6-server{% else %}udp6{% endif %} +proto {{ protocol_real }} {%- if local_host %} local {{ local_host }} diff --git a/python/vyos/util.py b/python/vyos/util.py index b1d95fbbf..3d4f1c42f 100644 --- a/python/vyos/util.py +++ b/python/vyos/util.py @@ -155,7 +155,8 @@ def call(command, flag='', shell=None, input=None, timeout=None, env=None, env=env, shell=shell, decode=decode, ) - print(out) + if out: + print(out) return code diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index a5ff3007b..708ac8f91 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -28,7 +28,7 @@ from vyos.config import Config from vyos.ifconfig import VTunIf from vyos.template import render from vyos.util import call, chown, chmod_600, chmod_755 -from vyos.validate import is_addr_assigned, is_bridge_member +from vyos.validate import is_addr_assigned, is_bridge_member, is_ipv4 from vyos import ConfigError user = 'openvpn' @@ -67,6 +67,7 @@ default_config_data = { 'options': [], 'persistent_tunnel': False, 'protocol': 'udp', + 'protocol_real': '', 'redirect_gateway': '', 'remote_address': [], 'remote_host': [], @@ -557,6 +558,23 @@ def get_config(): if openvpn['mode'] == 'server' and not openvpn['server_topology']: openvpn['server_topology'] = 'net30' + # Convert protocol to real protocol used by openvpn. + # To make openvpn listen on both IPv4 and IPv6 we must use *6 protocols + # (https://community.openvpn.net/openvpn/ticket/360), unless local is IPv4 + # in which case it must use the standard protocols. + # Note: this will break openvpn if IPv6 is disabled on the system. + # This currently isn't supported, a check can be added in the future. + if openvpn['protocol'] == 'tcp-active': + openvpn['protocol_real'] = 'tcp6-client' + elif openvpn['protocol'] == 'tcp-passive': + openvpn['protocol_real'] = 'tcp6-server' + else: + openvpn['protocol_real'] = 'udp6' + + if is_ipv4(openvpn['local_host']): + # takes out the '6' + openvpn['protocol_real'] = openvpn['protocol_real'][:3] + openvpn['protocol_real'][4:] + # Set defaults where necessary. # If any of the input parameters are wrong, # this will return False and no defaults will be set. diff --git a/src/conf_mode/interfaces-tunnel.py b/src/conf_mode/interfaces-tunnel.py index be0279bd2..2ab75fcec 100755 --- a/src/conf_mode/interfaces-tunnel.py +++ b/src/conf_mode/interfaces-tunnel.py @@ -434,7 +434,7 @@ def verify(conf): if ifname in options['nhrp']: raise ConfigError(f'Can not delete interface tunnel {iftype} {ifname}, it is used by nhrp') - bridge = changes['bridge'] + bridge = options['bridge'] if bridge: raise ConfigError(f'Interface "{ifname}" can not be deleted as it belongs to bridge "{bridge}"!') diff --git a/src/op_mode/show_dhcp.py b/src/op_mode/show_dhcp.py index fd23cd9f1..f9577e57e 100755 --- a/src/op_mode/show_dhcp.py +++ b/src/op_mode/show_dhcp.py @@ -240,7 +240,7 @@ if __name__ == '__main__': stats = [] for p in pools: size = get_pool_size(conf, p) - leases = len(get_leases(lease_file, state='active', pool=p)) + leases = len(get_leases(conf, lease_file, state='active', pool=p)) use_percentage = round(leases / size * 100) if size != 0 else 0 |