summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-11-13 12:00:45 +0100
committerChristian Poessinger <christian@poessinger.com>2020-11-13 12:00:45 +0100
commit943a4a5016cfc75a352bb3711b5c4c8bfe32b740 (patch)
treea91dd19baefe5128851929760079ba2a54d09454
parent62320efc3866fa582852258846c15bfa09a92720 (diff)
downloadvyos-1x-943a4a5016cfc75a352bb3711b5c4c8bfe32b740.tar.gz
vyos-1x-943a4a5016cfc75a352bb3711b5c4c8bfe32b740.zip
openvpn: T3051: fix creation of ifconfig-pool for client communication
-rw-r--r--data/templates/openvpn/server.conf.tmpl14
-rw-r--r--python/vyos/template.py24
2 files changed, 25 insertions, 13 deletions
diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl
index 66da9c794..e8f7c3ab8 100644
--- a/data/templates/openvpn/server.conf.tmpl
+++ b/data/templates/openvpn/server.conf.tmpl
@@ -60,24 +60,24 @@ mode server
tls-server
{% if server is defined and server is not none %}
{% if server.subnet is defined and server.subnet is not none %}
+{% if server.topology is defined and server.topology == 'point-to-point' %}
+topology p2p
+{% elif server.topology is defined and server.topology is not none %}
+topology {{ server.topology }}
+{% endif %}
{% for subnet in server.subnet if subnet | ipv4 %}
server {{ subnet | address_from_cidr }} {{ subnet | netmask_from_cidr }} nopool
{# OpenVPN assigns the first IP address to its local interface so the pool used #}
{# in net30 topology - where each client receives a /30 must start from the second subnet #}
{% if server.topology is defined and server.topology == 'net30' %}
-ifconfig-pool {{ subnet | inc_ip('4') }} {{ subnet | last_host_address }} {{ subnet | netmask_from_cidr if device_type == 'tap' else '' }}
+ifconfig-pool {{ subnet | inc_ip('4') }} {{ subnet | last_host_address | dec_ip('1') }} {{ subnet | netmask_from_cidr if device_type == 'tap' else '' }}
{% else %}
{# OpenVPN assigns the first IP address to its local interface so the pool must #}
{# start from the second address and end on the last address #}
-ifconfig-pool {{ subnet | first_host_address | inc_ip('1') }} {{ subnet | last_host_address }} {{ subnet | netmask_from_cidr if device_type == 'tap' else '' }}
+ifconfig-pool {{ subnet | first_host_address | inc_ip('1') }} {{ subnet | last_host_address | dec_ip('1') }} {{ subnet | netmask_from_cidr if device_type == 'tun' else '' }}
{% endif %}
{% endfor %}
{% endif %}
-{% if server.topology is defined and server.topology == 'point-to-point' %}
-topology p2p
-{% elif server.topology is defined and server.topology is not none %}
-topology {{ server.topology }}
-{% endif %}
{% if server.client_ip_pool is defined and server.client_ip_pool is not none and server.client_ip_pool.disable is not defined %}
ifconfig-pool {{ server.client_ip_pool.start }} {{ server.client_ip_pool.stop }}{{ server.client_ip_pool.subnet_mask if server.client_ip_pool.subnet_mask is defined and server.client_ip_pool.subnet_mask is not none }}
{% endif %}
diff --git a/python/vyos/template.py b/python/vyos/template.py
index 389f6927f..53e1dc1b5 100644
--- a/python/vyos/template.py
+++ b/python/vyos/template.py
@@ -190,11 +190,23 @@ def vyos_last_host_address(text):
return str(IPv6Network(addr).broadcast_address)
@register_filter('inc_ip')
-def vyos_inc_ip(text, increment):
- """ Return first usable IP address from given prefix.
- Example:
- - 10.0.0.0/24 -> 10.0.0.1
- - 2001:db8::/64 -> 2001:db8::1
+def vyos_inc_ip(address, increment):
+ """ Increment given IP address by 'increment'
+
+ Example (inc by 2):
+ - 10.0.0.0/24 -> 10.0.0.2
+ - 2001:db8::/64 -> 2001:db8::2
+ """
+ from ipaddress import ip_interface
+ return str(ip_interface(address).ip + int(increment))
+
+@register_filter('dec_ip')
+def vyos_dec_ip(address, decrement):
+ """ Decrement given IP address by 'decrement'
+
+ Example (inc by 2):
+ - 10.0.0.0/24 -> 10.0.0.2
+ - 2001:db8::/64 -> 2001:db8::2
"""
from ipaddress import ip_interface
- return str(ip_interface(text).ip + int(increment))
+ return str(ip_interface(address).ip - int(decrement))