summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-08-17 08:46:41 +0200
committerGitHub <noreply@github.com>2021-08-17 08:46:41 +0200
commit6707322f754750431355424518dfa2ac739a1a3a (patch)
tree0c7f0b749e82d013694b401d23191c79fa0e4af6
parentd95723547949d759e9260fdc220162fd09b2df2b (diff)
parent94ed90e7a09b1c8fb4bfc8ad5df9ec0e1b4a15bb (diff)
downloadvyos-1x-6707322f754750431355424518dfa2ac739a1a3a.tar.gz
vyos-1x-6707322f754750431355424518dfa2ac739a1a3a.zip
Merge pull request #974 from sever-sever/T690
openvpn: T690: Add metric for pushed routes
-rw-r--r--data/templates/openvpn/server.conf.tmpl19
-rw-r--r--interface-definitions/interfaces-openvpn.xml.in20
2 files changed, 27 insertions, 12 deletions
diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl
index d9f01310e..9b07a9ba2 100644
--- a/data/templates/openvpn/server.conf.tmpl
+++ b/data/templates/openvpn/server.conf.tmpl
@@ -74,6 +74,16 @@ topology {{ server.topology }}
{% for subnet in server.subnet %}
{% if subnet | is_ipv4 %}
server {{ subnet | address_from_cidr }} {{ subnet | netmask_from_cidr }} nopool
+{# First ip address is used as gateway. It's allows to use metrics #}
+{% if server.push_route is defined and server.push_route is not none %}
+{% for route, route_config in server.push_route.items() %}
+{% if route | is_ipv4 %}
+push "route {{ route | address_from_cidr }} {{ route | netmask_from_cidr }} {{ subnet | first_host_address }} {{ route_config.metric if route_config.metric is defined else "0" }}"
+{% elif route | is_ipv6 %}
+push "route-ipv6 {{ route }}"
+{% endif %}
+{% endfor %}
+{% endif %}
{# OpenVPN assigns the first IP address to its local interface so the pool used #}
{# in net30 topology - where each client receives a /30 must start from the second subnet #}
{% if server.topology is defined and server.topology == 'net30' %}
@@ -106,15 +116,6 @@ management /run/openvpn/openvpn-mgmt-intf unix
ccd-exclusive
{% endif %}
-{% if server.push_route is defined and server.push_route is not none %}
-{% for route in server.push_route %}
-{% if route | is_ipv4 %}
-push "route {{ route | address_from_cidr }} {{ route | netmask_from_cidr }}"
-{% elif route | is_ipv6 %}
-push "route-ipv6 {{ route }}"
-{% endif %}
-{% endfor %}
-{% endif %}
{% if server.name_server is defined and server.name_server is not none %}
{% for nameserver in server.name_server %}
{% if nameserver | is_ipv4 %}
diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in
index 7ff08ac86..286b10f9a 100644
--- a/interface-definitions/interfaces-openvpn.xml.in
+++ b/interface-definitions/interfaces-openvpn.xml.in
@@ -571,7 +571,7 @@
<multi/>
</properties>
</leafNode>
- <leafNode name="push-route">
+ <tagNode name="push-route">
<properties>
<help>Route to be pushed to all clients</help>
<valueHelp>
@@ -585,9 +585,23 @@
<constraint>
<validator name="ip-prefix"/>
</constraint>
- <multi/>
</properties>
- </leafNode>
+ <children>
+ <leafNode name="metric">
+ <properties>
+ <help>Set metric for this route</help>
+ <valueHelp>
+ <format>0-4294967295</format>
+ <description>Metric for this route</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-4294967295"/>
+ </constraint>
+ </properties>
+ <defaultValue>0</defaultValue>
+ </leafNode>
+ </children>
+ </tagNode>
<leafNode name="reject-unconfigured-clients">
<properties>
<help>Reject connections from clients that are not explicitly configured</help>