diff options
| author | Christian Poessinger <christian@poessinger.com> | 2020-06-05 16:00:56 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-06-05 16:00:56 +0200 |
| commit | 35c2d21a1df1070699a4359d996d50aefa01b381 (patch) | |
| tree | 9825dbc359017b073ff758d4b0603163a3edb721 | |
| parent | d692b330838f4ee87cda2a52dcb3f32129a293d8 (diff) | |
| parent | 08bd4ed10b3772c61f24cd9564c1639334d7feba (diff) | |
| download | vyos-1x-35c2d21a1df1070699a4359d996d50aefa01b381.tar.gz vyos-1x-35c2d21a1df1070699a4359d996d50aefa01b381.zip | |
Merge pull request #443 from mrozentsvayg/openvpn-T2550-ipv4-remote-host
openvpn: T2550: fix for IPv4 remote-host addresses
| -rw-r--r-- | interface-definitions/interfaces-openvpn.xml.in | 2 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces-openvpn.py | 9 |
2 files changed, 6 insertions, 5 deletions
diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in index bdf5aeddb..905c76507 100644 --- a/interface-definitions/interfaces-openvpn.xml.in +++ b/interface-definitions/interfaces-openvpn.xml.in @@ -323,7 +323,7 @@ </completionHelp> <valueHelp> <format>udp</format> - <description>Site-to-site mode</description> + <description>UDP</description> </valueHelp> <valueHelp> <format>tcp-passive</format> diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index 5afcbe7da..1420b4116 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -578,10 +578,9 @@ def get_config(): # Convert protocol to real protocol used by openvpn. # To make openvpn listen on both IPv4 and IPv6 we must use *6 protocols - # (https://community.openvpn.net/openvpn/ticket/360), unless local is IPv4 + # (https://community.openvpn.net/openvpn/ticket/360), unless the local-host + # or each of the remote-host in client mode is IPv4 # in which case it must use the standard protocols. - # Note: this will break openvpn if IPv6 is disabled on the system. - # This currently isn't supported, a check can be added in the future. if openvpn['protocol'] == 'tcp-active': openvpn['protocol_real'] = 'tcp6-client' elif openvpn['protocol'] == 'tcp-passive': @@ -589,7 +588,9 @@ def get_config(): else: openvpn['protocol_real'] = 'udp6' - if is_ipv4(openvpn['local_host']): + if ( is_ipv4(openvpn['local_host']) or + # in client mode test all the remotes instead + (openvpn['mode'] == 'client' and all([is_ipv4(h) for h in openvpn['remote_host']])) ): # takes out the '6' openvpn['protocol_real'] = openvpn['protocol_real'][:3] + openvpn['protocol_real'][4:] |