ocserv: openconnect: T4656: add listen-address CLI option

This will set the listen-host ocserv configuration option.

3 files changed, 7 insertions, 1 deletions

diff --git a/data/templates/ocserv/ocserv_config.j2 b/data/templates/ocserv/ocserv_config.j2
index 1d105113d..3194354e6 100644
--- a/data/templates/ocserv/ocserv_config.j2
+++ b/data/templates/ocserv/ocserv_config.j2
@@ -1,5 +1,9 @@
 ### generated by vpn_openconnect.py ###
 
+{% if listen_address is vyos_defined %}
+listen-host = {{ listen_address }}
+{% endif %}
+
 tcp-port = {{ listen_ports.tcp }}
 udp-port = {{ listen_ports.udp }}
 
diff --git a/interface-definitions/vpn-openconnect.xml.in b/interface-definitions/vpn-openconnect.xml.in
index 522465611..fe9484bf1 100644
--- a/interface-definitions/vpn-openconnect.xml.in
+++ b/interface-definitions/vpn-openconnect.xml.in
@@ -163,6 +163,7 @@
               </node>
             </children>
           </node>
+          #include <include/listen-address.xml.i>
           <node name="listen-ports">
             <properties>
               <help>Specify custom ports to use for client connections</help>
diff --git a/src/conf_mode/vpn_openconnect.py b/src/conf_mode/vpn_openconnect.py
index 23b1baf4d..e32d83b9e 100755
--- a/src/conf_mode/vpn_openconnect.py
+++ b/src/conf_mode/vpn_openconnect.py
@@ -80,8 +80,9 @@ def verify(ocserv):
         return None
     # Check if listen-ports not binded other services
     # It can be only listen by 'ocserv-main'
+    listen_address = ocserv["listen_address"] if "listen_address" in ocserv else '0.0.0.0'
     for proto, port in ocserv.get('listen_ports').items():
-        if check_port_availability('0.0.0.0', int(port), proto) is not True and \
+        if check_port_availability(listen_address, int(port), proto) is not True and \
                 not is_listen_port_bind_service(int(port), 'ocserv-main'):
             raise ConfigError(f'"{proto}" port "{port}" is used by another service')
     # Check authentication