summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-02-17 20:57:09 +0100
committerGitHub <noreply@github.com>2022-02-17 20:57:09 +0100
commit1d141f9927f60d9faa5037ee3fd1ee9fd56d2ed6 (patch)
tree27ae8c0f5f8cae0cc3bcc36d90079851a338cd57
parente66879f71da3383a84ebfe6235795e718c32bdb9 (diff)
parent4ecfd5d87c33aea770878a012f3b4956deafd762 (diff)
downloadvyos-1x-1d141f9927f60d9faa5037ee3fd1ee9fd56d2ed6.tar.gz
vyos-1x-1d141f9927f60d9faa5037ee3fd1ee9fd56d2ed6.zip
Merge pull request #1211 from sever-sever/T4230-cur
openvpn: T4230: Delete checks if local-host address assigned
-rwxr-xr-xsrc/conf_mode/interfaces-openvpn.py12
1 files changed, 10 insertions, 2 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index 242fae9fb..329399274 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -47,6 +47,7 @@ from vyos.template import is_ipv4
from vyos.template import is_ipv6
from vyos.util import call
from vyos.util import chown
+from vyos.util import cmd
from vyos.util import dict_search
from vyos.util import dict_search_args
from vyos.util import makedir
@@ -424,8 +425,8 @@ def verify(openvpn):
# verify specified IP address is present on any interface on this system
if 'local_host' in openvpn:
if not is_addr_assigned(openvpn['local_host']):
- raise ConfigError('local-host IP address "{local_host}" not assigned' \
- ' to any interface'.format(**openvpn))
+ print('local-host IP address "{local_host}" not assigned' \
+ ' to any interface'.format(**openvpn))
# TCP active
if openvpn['protocol'] == 'tcp-active':
@@ -648,6 +649,13 @@ def apply(openvpn):
return None
+ # verify specified IP address is present on any interface on this system
+ # Allow to bind service to nonlocal address, if it virtaual-vrrp address
+ # or if address will be assign later
+ if 'local_host' in openvpn:
+ if not is_addr_assigned(openvpn['local_host']):
+ cmd('sysctl -w net.ipv4.ip_nonlocal_bind=1')
+
# No matching OpenVPN process running - maybe it got killed or none
# existed - nevertheless, spawn new OpenVPN process
call(f'systemctl reload-or-restart openvpn@{interface}.service')