summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-09-16 09:26:58 +0200
committerChristian Poessinger <christian@poessinger.com>2022-09-16 09:51:26 +0200
commit734a779523b85db53b07208dc089d609a9738bf2 (patch)
tree7104250ed5d4f281b6d79a422099facf45ca38f6
parentecb2a4077f90e6e4699c8250bcf8f7d6221d9fc6 (diff)
downloadvyos-1x-734a779523b85db53b07208dc089d609a9738bf2.tar.gz
vyos-1x-734a779523b85db53b07208dc089d609a9738bf2.zip
ocserv: T4656: use "0.0.0.0" defaultValue via XML definition"
-rw-r--r--interface-definitions/vpn-openconnect.xml.in5
-rwxr-xr-xsrc/conf_mode/vpn_openconnect.py4
2 files changed, 6 insertions, 3 deletions
diff --git a/interface-definitions/vpn-openconnect.xml.in b/interface-definitions/vpn-openconnect.xml.in
index fe9484bf1..bc7f78e79 100644
--- a/interface-definitions/vpn-openconnect.xml.in
+++ b/interface-definitions/vpn-openconnect.xml.in
@@ -163,7 +163,10 @@
</node>
</children>
</node>
- #include <include/listen-address.xml.i>
+ #include <include/listen-address-ipv4.xml.i>
+ <leafNode name="listen-address">
+ <defaultValue>0.0.0.0</defaultValue>
+ </leafNode>
<node name="listen-ports">
<properties>
<help>Specify custom ports to use for client connections</help>
diff --git a/src/conf_mode/vpn_openconnect.py b/src/conf_mode/vpn_openconnect.py
index e32d83b9e..c050b796b 100755
--- a/src/conf_mode/vpn_openconnect.py
+++ b/src/conf_mode/vpn_openconnect.py
@@ -80,11 +80,11 @@ def verify(ocserv):
return None
# Check if listen-ports not binded other services
# It can be only listen by 'ocserv-main'
- listen_address = ocserv["listen_address"] if "listen_address" in ocserv else '0.0.0.0'
for proto, port in ocserv.get('listen_ports').items():
- if check_port_availability(listen_address, int(port), proto) is not True and \
+ if check_port_availability(ocserv['listen_address'], int(port), proto) is not True and \
not is_listen_port_bind_service(int(port), 'ocserv-main'):
raise ConfigError(f'"{proto}" port "{port}" is used by another service')
+
# Check authentication
if "authentication" in ocserv:
if "mode" in ocserv["authentication"]: