From 08bd4ed10b3772c61f24cd9564c1639334d7feba Mon Sep 17 00:00:00 2001 From: Mikhail Rozentsvayg Date: Thu, 4 Jun 2020 16:51:53 -0700 Subject: openvpn: T2550: fix for IPv4 remote-host addresses Commit bb9f998 added IPv6 support for OpenVPN, but IPv4 only configurations stopped working (Address family for hostname not supported) Commit fc467519 fixed some scenarios by using IPv4 protocols if 'local-host' is IPv4 address, but the client mode is using 'remote-host' instead and was still broken. This commit in addition to 'local-host' also checks all the 'remote-host' addresses. --- interface-definitions/interfaces-openvpn.xml.in | 2 +- src/conf_mode/interfaces-openvpn.py | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in index bdf5aeddb..905c76507 100644 --- a/interface-definitions/interfaces-openvpn.xml.in +++ b/interface-definitions/interfaces-openvpn.xml.in @@ -323,7 +323,7 @@ udp - Site-to-site mode + UDP tcp-passive diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index 5afcbe7da..1420b4116 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -578,10 +578,9 @@ def get_config(): # Convert protocol to real protocol used by openvpn. # To make openvpn listen on both IPv4 and IPv6 we must use *6 protocols - # (https://community.openvpn.net/openvpn/ticket/360), unless local is IPv4 + # (https://community.openvpn.net/openvpn/ticket/360), unless the local-host + # or each of the remote-host in client mode is IPv4 # in which case it must use the standard protocols. - # Note: this will break openvpn if IPv6 is disabled on the system. - # This currently isn't supported, a check can be added in the future. if openvpn['protocol'] == 'tcp-active': openvpn['protocol_real'] = 'tcp6-client' elif openvpn['protocol'] == 'tcp-passive': @@ -589,7 +588,9 @@ def get_config(): else: openvpn['protocol_real'] = 'udp6' - if is_ipv4(openvpn['local_host']): + if ( is_ipv4(openvpn['local_host']) or + # in client mode test all the remotes instead + (openvpn['mode'] == 'client' and all([is_ipv4(h) for h in openvpn['remote_host']])) ): # takes out the '6' openvpn['protocol_real'] = openvpn['protocol_real'][:3] + openvpn['protocol_real'][4:] -- cgit v1.2.3