summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-04-15 22:22:00 +0200
committerGitHub <noreply@github.com>2020-04-15 22:22:00 +0200
commitf50877bff8afed409f02d2978da6a70c383ccea1 (patch)
tree1cf1d2af7819e1415be39f33a3933011d9fb8629
parent2bdd37a165c0e85dee371cff64e995d83d8cb118 (diff)
parent44dab795acaa39d8481d86022b691626989e52e8 (diff)
downloadvyos-1x-f50877bff8afed409f02d2978da6a70c383ccea1.tar.gz
vyos-1x-f50877bff8afed409f02d2978da6a70c383ccea1.zip
Merge pull request #349 from jjakob/openvpn-pool
openvpn: T2335: allow disabling client-ip-pool
-rw-r--r--data/templates/openvpn/server.conf.tmpl4
-rw-r--r--interface-definitions/interfaces-openvpn.xml.in6
-rwxr-xr-xsrc/conf_mode/interfaces-openvpn.py30
3 files changed, 27 insertions, 13 deletions
diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl
index a9dacd36e..e2f9062a1 100644
--- a/data/templates/openvpn/server.conf.tmpl
+++ b/data/templates/openvpn/server.conf.tmpl
@@ -78,10 +78,10 @@ topology {% if server_topology == 'point-to-point' %}p2p{% else %}{{ server_topo
mode server
tls-server
{%- else %}
-server {{ server_subnet }}{% if server_pool_start %} nopool{% endif %}
+server {{ server_subnet }} nopool
{%- endif %}
-{%- if server_pool_start %}
+{%- if server_pool %}
ifconfig-pool {{ server_pool_start }} {{ server_pool_stop }}{% if server_pool_netmask %} {{ server_pool_netmask }}{% endif %}
{%- endif %}
diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in
index d926876f7..574a3a58c 100644
--- a/interface-definitions/interfaces-openvpn.xml.in
+++ b/interface-definitions/interfaces-openvpn.xml.in
@@ -449,6 +449,12 @@
<help>Pool of client IP addresses</help>
</properties>
<children>
+ <leafNode name="disable">
+ <properties>
+ <help>Disable client IP pool</help>
+ <valueless/>
+ </properties>
+ </leafNode>
<leafNode name="start">
<properties>
<help>First IP address in the pool</help>
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index 6733623c6..435e8a8f0 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -72,7 +72,7 @@ default_config_data = {
'server_domain': '',
'server_max_conn': '',
'server_dns_nameserver': [],
- 'server_pool': False,
+ 'server_pool': True,
'server_pool_start': '',
'server_pool_stop': '',
'server_pool_netmask': '',
@@ -195,6 +195,10 @@ def get_config():
if intf == openvpn['intf']:
openvpn['bridge_member'].append(intf)
+ # bridged server should not have a pool by default (but can be specified manually)
+ if openvpn['bridge_member']:
+ openvpn['server_pool'] = False
+
# set configuration level
conf.set_level('interfaces openvpn ' + openvpn['intf'])
@@ -386,16 +390,22 @@ def get_config():
# Server client IP pool
if conf.exists('server client-ip-pool'):
- openvpn['server_pool'] = True
+ conf.set_level('interfaces openvpn ' + openvpn['intf'] + ' server client-ip-pool')
+
+ # enable or disable server_pool where necessary
+ # default is enabled, or disabled in bridge mode
+ openvpn['server_pool'] = not conf.exists('disable')
+
+ if conf.exists('start'):
+ openvpn['server_pool_start'] = conf.return_value('start')
- if conf.exists('server client-ip-pool start'):
- openvpn['server_pool_start'] = conf.return_value('server client-ip-pool start')
+ if conf.exists('stop'):
+ openvpn['server_pool_stop'] = conf.return_value('stop')
- if conf.exists('server client-ip-pool stop'):
- openvpn['server_pool_stop'] = conf.return_value('server client-ip-pool stop')
+ if conf.exists('netmask'):
+ openvpn['server_pool_netmask'] = conf.return_value('netmask')
- if conf.exists('server client-ip-pool netmask'):
- openvpn['server_pool_netmask'] = conf.return_value('server client-ip-pool netmask')
+ conf.set_level('interfaces openvpn ' + openvpn['intf'])
# DNS suffix to be pushed to all clients
if conf.exists('server domain-name'):
@@ -486,8 +496,7 @@ def get_config():
default_server = getDefaultServer(server_network, openvpn['server_topology'], openvpn['type'])
if default_server:
# server-bridge doesn't require a pool so don't set defaults for it
- if not openvpn['bridge_member']:
- openvpn['server_pool'] = True
+ if openvpn['server_pool'] and not openvpn['bridge_member']:
if not openvpn['server_pool_start']:
openvpn['server_pool_start'] = default_server['pool_start']
@@ -610,7 +619,6 @@ def verify(openvpn):
if not openvpn['bridge_member']:
raise ConfigError('Must specify "server subnet" or "bridge member interface" in server mode')
-
if openvpn['server_pool']:
if not (openvpn['server_pool_start'] and openvpn['server_pool_stop']):
raise ConfigError('Server client-ip-pool requires both start and stop addresses in bridged mode')