openvpn: T4230: Delete checks if local-host address assigned

OpenVPN can't start if it depends on VRRP virtual-address as virtual-address is not yet assigned by HA (openvpn and ha in one commit) as we have checks "if address assigned" It depends on commit priorities: 460 interfaces/openvpn 800 high-availability Replace check if local-host address assigned from raise ConfigError to print (just notification) Allow to bind OpenVPN service to nonlocal address
author: Viacheslav Hletenko <v.gletenko@vyos.io> 2022-02-08 10:58:20 +0000
committer: Viacheslav Hletenko <v.gletenko@vyos.io> 2022-02-09 11:17:11 +0000
commit: 4ecfd5d87c33aea770878a012f3b4956deafd762 (patch)
tree: 13d91336c5306ee85a77774d3e56c5d6cb157033
parent: d96bab4e6da517f07133667834cd6f8bcfb5160f (diff)
download: vyos-1x-4ecfd5d87c33aea770878a012f3b4956deafd762.tar.gz
vyos-1x-4ecfd5d87c33aea770878a012f3b4956deafd762.zip
1 files changed, 10 insertions, 2 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index 3b8fae710..0f6114b4a 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -47,6 +47,7 @@ from vyos.template import is_ipv4
 from vyos.template import is_ipv6
 from vyos.util import call
 from vyos.util import chown
+from vyos.util import cmd
 from vyos.util import dict_search
 from vyos.util import dict_search_args
 from vyos.util import makedir
@@ -423,8 +424,8 @@ def verify(openvpn):
     # verify specified IP address is present on any interface on this system
     if 'local_host' in openvpn:
         if not is_addr_assigned(openvpn['local_host']):
-            raise ConfigError('local-host IP address "{local_host}" not assigned' \
-                              ' to any interface'.format(**openvpn))
+            print('local-host IP address "{local_host}" not assigned' \
+                  ' to any interface'.format(**openvpn))
 
     # TCP active
     if openvpn['protocol'] == 'tcp-active':
@@ -647,6 +648,13 @@ def apply(openvpn):
 
         return None
 
+    # verify specified IP address is present on any interface on this system
+    # Allow to bind service to nonlocal address, if it virtaual-vrrp address
+    # or if address will be assign later
+    if 'local_host' in openvpn:
+        if not is_addr_assigned(openvpn['local_host']):
+            cmd('sysctl -w net.ipv4.ip_nonlocal_bind=1')
+
     # No matching OpenVPN process running - maybe it got killed or none
     # existed - nevertheless, spawn new OpenVPN process
     call(f'systemctl reload-or-restart openvpn@{interface}.service')
author	Viacheslav Hletenko <v.gletenko@vyos.io>	2022-02-08 10:58:20 +0000
committer	Viacheslav Hletenko <v.gletenko@vyos.io>	2022-02-09 11:17:11 +0000
commit	4ecfd5d87c33aea770878a012f3b4956deafd762 (patch)
tree	13d91336c5306ee85a77774d3e56c5d6cb157033
parent	d96bab4e6da517f07133667834cd6f8bcfb5160f (diff)
download	vyos-1x-4ecfd5d87c33aea770878a012f3b4956deafd762.tar.gz vyos-1x-4ecfd5d87c33aea770878a012f3b4956deafd762.zip