summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAntonio Quartulli <antonio@mandelbit.com>2022-11-01 22:43:46 +0100
committerAntonio Quartulli <antonio@mandelbit.com>2022-11-02 19:32:22 +0100
commit7a0e40ce8df386c0ea2de84bce8fb6c81a0353ce (patch)
treeb66c4d674dc3841018784576cccf99a4d5bd91b2
parent3072e507eb1cdc18cfe5429fd0c03d223d2576fe (diff)
downloadvyos-1x-7a0e40ce8df386c0ea2de84bce8fb6c81a0353ce.tar.gz
vyos-1x-7a0e40ce8df386c0ea2de84bce8fb6c81a0353ce.zip
openvpn: T3214: warn when setting nopool and server-ipv6 is being used
Currently OpenVPN does not allow having an IPv6 subnet if 'nopool' was specified on the --server directive. For this eason warn if this specific configuration is being hit. This is probably something that should be fixed upstream, but for now we can't allow this combination of parameters. Signed-off-by: Antonio Quartulli <antonio@mandelbit.com>
-rwxr-xr-xsrc/conf_mode/interfaces-openvpn.py4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index 548ba4449..a06154761 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -370,6 +370,10 @@ def verify(openvpn):
for v4PoolNet in v4PoolNets:
if IPv4Address(client['ip'][0]) in v4PoolNet:
print(f'Warning: Client "{client["name"]}" IP {client["ip"][0]} is in server IP pool, it is not reserved for this client.')
+ # configuring a client_ip_pool will set 'server ... nopool' which is currently incompatible with 'server-ipv6' (probably to be fixed upstream)
+ for subnet in (dict_search('server.subnet', openvpn) or []):
+ if is_ipv6(subnet):
+ raise ConfigError(f'Setting client-ip-pool is incompatible having an IPv6 server subnet.')
for subnet in (dict_search('server.subnet', openvpn) or []):
if is_ipv6(subnet):