summaryrefslogtreecommitdiff
path: root/src/conf_mode/interfaces-openvpn.py
diff options
context:
space:
mode:
Diffstat (limited to 'src/conf_mode/interfaces-openvpn.py')
-rwxr-xr-xsrc/conf_mode/interfaces-openvpn.py23
1 files changed, 23 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index ea8e1a7c4..5afcbe7da 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -32,6 +32,9 @@ from vyos.util import call, chown, chmod_600, chmod_755
from vyos.validate import is_addr_assigned, is_member, is_ipv4
from vyos import ConfigError
+from vyos import airbag
+airbag.enable()
+
user = 'openvpn'
group = 'openvpn'
@@ -109,6 +112,7 @@ default_config_data = {
'type': 'tun',
'uid': user,
'gid': group,
+ 'vrf': ''
}
@@ -630,6 +634,10 @@ def get_config():
if openvpn['redirect_gateway']:
openvpn['redirect_gateway'] += ' ipv6'
+ # retrieve VRF instance
+ if conf.exists('vrf'):
+ openvpn['vrf'] = conf.return_value('vrf')
+
return openvpn
def verify(openvpn):
@@ -941,6 +949,16 @@ def verify(openvpn):
if not openvpn['auth_pass']:
raise ConfigError('Password for authentication is missing')
+ if openvpn['vrf']:
+ if openvpn['vrf'] not in interfaces():
+ raise ConfigError(f'VRF "{openvpn["vrf"]}" does not exist')
+
+ if openvpn['is_bridge_member']:
+ raise ConfigError((
+ f'Interface "{openvpn["intf"]}" cannot be member of VRF '
+ f'"{openvpn["vrf"]}" and bridge "{openvpn["is_bridge_member"]}" '
+ f'at the same time!'))
+
return None
def generate(openvpn):
@@ -1070,6 +1088,11 @@ def apply(openvpn):
for addr in openvpn['ipv6_eui64_prefix']:
o.add_ipv6_eui64_address(addr)
+ # assign/remove VRF (ONLY when not a member of a bridge,
+ # otherwise 'nomaster' removes it from it)
+ if not openvpn['is_bridge_member']:
+ o.set_vrf(openvpn['vrf'])
+
except:
pass