diff options
author | Antonio Quartulli <antonio@mandelbit.com> | 2022-11-01 22:43:46 +0100 |
---|---|---|
committer | Antonio Quartulli <antonio@mandelbit.com> | 2022-11-02 19:32:22 +0100 |
commit | 7a0e40ce8df386c0ea2de84bce8fb6c81a0353ce (patch) | |
tree | b66c4d674dc3841018784576cccf99a4d5bd91b2 | |
parent | 3072e507eb1cdc18cfe5429fd0c03d223d2576fe (diff) | |
download | vyos-1x-7a0e40ce8df386c0ea2de84bce8fb6c81a0353ce.tar.gz vyos-1x-7a0e40ce8df386c0ea2de84bce8fb6c81a0353ce.zip |
openvpn: T3214: warn when setting nopool and server-ipv6 is being used
Currently OpenVPN does not allow having an IPv6 subnet if 'nopool'
was specified on the --server directive. For this eason warn if this
specific configuration is being hit.
This is probably something that should be fixed upstream, but for now
we can't allow this combination of parameters.
Signed-off-by: Antonio Quartulli <antonio@mandelbit.com>
-rwxr-xr-x | src/conf_mode/interfaces-openvpn.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index 548ba4449..a06154761 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -370,6 +370,10 @@ def verify(openvpn): for v4PoolNet in v4PoolNets: if IPv4Address(client['ip'][0]) in v4PoolNet: print(f'Warning: Client "{client["name"]}" IP {client["ip"][0]} is in server IP pool, it is not reserved for this client.') + # configuring a client_ip_pool will set 'server ... nopool' which is currently incompatible with 'server-ipv6' (probably to be fixed upstream) + for subnet in (dict_search('server.subnet', openvpn) or []): + if is_ipv6(subnet): + raise ConfigError(f'Setting client-ip-pool is incompatible having an IPv6 server subnet.') for subnet in (dict_search('server.subnet', openvpn) or []): if is_ipv6(subnet): |