diff options
Diffstat (limited to 'data/templates/openvpn')
| -rw-r--r-- | data/templates/openvpn/auth.pw.tmpl | 5 | ||||
| -rw-r--r-- | data/templates/openvpn/server.conf.tmpl | 35 |
2 files changed, 26 insertions, 14 deletions
diff --git a/data/templates/openvpn/auth.pw.tmpl b/data/templates/openvpn/auth.pw.tmpl new file mode 100644 index 000000000..9b20c9742 --- /dev/null +++ b/data/templates/openvpn/auth.pw.tmpl @@ -0,0 +1,5 @@ +{# Autogenerated by interfaces-openvpn.py #} +{% if authentication is defined and authentication is not none %} +{{ authentication.username }} +{{ authentication.password }} +{% endif %} diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl index 1fdf6b848..a1daaa078 100644 --- a/data/templates/openvpn/server.conf.tmpl +++ b/data/templates/openvpn/server.conf.tmpl @@ -14,9 +14,9 @@ dev {{ ifname }} persist-key iproute /usr/libexec/vyos/system/unpriv-ip {% if protocol == 'tcp-active' %} -proto tcp6-client +proto tcp-client {% elif protocol == 'tcp-passive' %} -proto tcp6-server +proto tcp-server {% else %} proto udp {% endif %} @@ -52,13 +52,14 @@ push "redirect-gateway def1" compress lzo {% endif %} -{% if 'client' in mode %} +{% if mode == 'client' %} # # OpenVPN Client mode # client nobind -{% elif 'server' in mode %} + +{% elif mode == 'server' %} # # OpenVPN Server mode # @@ -94,7 +95,7 @@ max-clients {{ server.max_connections }} client-config-dir /run/openvpn/ccd/{{ ifname }} {% endif %} {% endif %} -keepalive {{ keep_alive.interval }} {{ keep_alive.failure_count }} +keepalive {{ keep_alive.interval }} {{ keep_alive.interval|int * keep_alive.failure_count|int }} management /run/openvpn/openvpn-mgmt-intf unix {% if server is defined and server is not none %} {% if server.reject_unconfigured_clients is defined %} @@ -129,6 +130,7 @@ push "route-ipv6 {{ route6 }}" push "dhcp-option DNS6 {{ ns6 }}" {% endfor %} {% endif %} + {% else %} # # OpenVPN site-2-site mode @@ -136,19 +138,24 @@ push "dhcp-option DNS6 {{ ns6 }}" ping {{ keep_alive.interval }} ping-restart {{ keep_alive.failure_count }} -{% for laddr, laddr_conf in local_address.items() if laddr | is_ipv4 %} -{% if laddr_conf is defined and laddr_conf.subnet_mask is defined and laddr_conf.subnet_mask is not none %} +{% if device_type == 'tap' %} +{% for laddr, laddr_conf in local_address.items() if laddr | is_ipv4 %} +{% if laddr_conf is defined and laddr_conf.subnet_mask is defined and laddr_conf.subnet_mask is not none %} ifconfig {{ laddr }} {{ laddr_conf.subnet_mask }} -{% else %} -{% for raddr in remote_address %} -{% if raddr | is_ipv4 %} +{% endif %} +{% endfor %} +{% else %} +{% for laddr in local_address if laddr | is_ipv4 %} +{% for raddr in remote_address if raddr | is_ipv4 %} ifconfig {{ laddr }} {{ raddr }} -{% else %} +{% endfor %} +{% endfor %} +{% for laddr in local_address if laddr | is_ipv6 %} +{% for raddr in remote_address if raddr | is_ipv6 %} ifconfig-ipv6 {{ laddr }} {{ raddr }} -{% endif %} {% endfor %} -{% endif %} -{% endfor %} +{% endfor %} +{% endif %} {% endif %} {% if tls is defined and tls is not none %} |