diff options
Diffstat (limited to 'src/conf_mode/interfaces-openvpn.py')
-rwxr-xr-x | src/conf_mode/interfaces-openvpn.py | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index ea8e1a7c4..5afcbe7da 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -32,6 +32,9 @@ from vyos.util import call, chown, chmod_600, chmod_755 from vyos.validate import is_addr_assigned, is_member, is_ipv4 from vyos import ConfigError +from vyos import airbag +airbag.enable() + user = 'openvpn' group = 'openvpn' @@ -109,6 +112,7 @@ default_config_data = { 'type': 'tun', 'uid': user, 'gid': group, + 'vrf': '' } @@ -630,6 +634,10 @@ def get_config(): if openvpn['redirect_gateway']: openvpn['redirect_gateway'] += ' ipv6' + # retrieve VRF instance + if conf.exists('vrf'): + openvpn['vrf'] = conf.return_value('vrf') + return openvpn def verify(openvpn): @@ -941,6 +949,16 @@ def verify(openvpn): if not openvpn['auth_pass']: raise ConfigError('Password for authentication is missing') + if openvpn['vrf']: + if openvpn['vrf'] not in interfaces(): + raise ConfigError(f'VRF "{openvpn["vrf"]}" does not exist') + + if openvpn['is_bridge_member']: + raise ConfigError(( + f'Interface "{openvpn["intf"]}" cannot be member of VRF ' + f'"{openvpn["vrf"]}" and bridge "{openvpn["is_bridge_member"]}" ' + f'at the same time!')) + return None def generate(openvpn): @@ -1070,6 +1088,11 @@ def apply(openvpn): for addr in openvpn['ipv6_eui64_prefix']: o.add_ipv6_eui64_address(addr) + # assign/remove VRF (ONLY when not a member of a bridge, + # otherwise 'nomaster' removes it from it) + if not openvpn['is_bridge_member']: + o.set_vrf(openvpn['vrf']) + except: pass |