From bc2bb1ed9ac977c8ad540d7ccbfff8e9980277cf Mon Sep 17 00:00:00 2001
From: fett0 <fernando.gmaidana@gmail.com>
Date: Wed, 31 Jul 2024 18:21:25 +0000
Subject: OPENVPN: T6555: add server-bridge options in mode server

(cherry picked from commit 4acad3eb8d9be173b76fecafc32b0c70eae9b192)
---
 src/conf_mode/interfaces_openvpn.py | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'src/conf_mode')

diff --git a/src/conf_mode/interfaces_openvpn.py b/src/conf_mode/interfaces_openvpn.py
index 320ab7b7b..fcbba30ce 100755
--- a/src/conf_mode/interfaces_openvpn.py
+++ b/src/conf_mode/interfaces_openvpn.py
@@ -378,6 +378,22 @@ def verify(openvpn):
                 if (client_v.get('ip') and len(client_v['ip']) > 1) or (client_v.get('ipv6_ip') and len(client_v['ipv6_ip']) > 1):
                     raise ConfigError(f'Server client "{client_k}": cannot specify more than 1 IPv4 and 1 IPv6 IP')
 
+        if dict_search('server.server_bridge', openvpn):
+            # check if server-bridge is a tap interfaces
+            if not openvpn['device_type'] == 'tap' and dict_search('server.server_bridge', openvpn):
+               raise ConfigError('Must specify "device-type tap" with server-bridge mode')
+            elif not (dict_search('server.server_bridge.start', openvpn) and dict_search('server.server_bridge.stop', openvpn)):
+                raise ConfigError('Server server-bridge requires both start and stop addresses')
+            else:
+                v4PoolStart = IPv4Address(dict_search('server.server_bridge.start', openvpn))
+                v4PoolStop = IPv4Address(dict_search('server.server_bridge.stop', openvpn))
+                if v4PoolStart > v4PoolStop:
+                    raise ConfigError(f'Server server-bridge start address {v4PoolStart} is larger than stop address {v4PoolStop}')
+
+                v4PoolSize = int(v4PoolStop) - int(v4PoolStart)
+                if v4PoolSize >= 65536:
+                    raise ConfigError(f'Server server_bridge is too large [{v4PoolStart} -> {v4PoolStop} = {v4PoolSize}], maximum is 65536 addresses.')
+
         if dict_search('server.client_ip_pool', openvpn):
             if not (dict_search('server.client_ip_pool.start', openvpn) and dict_search('server.client_ip_pool.stop', openvpn)):
                 raise ConfigError('Server client-ip-pool requires both start and stop addresses')
-- 
cgit v1.2.3