diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-04-15 22:22:00 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-04-15 22:22:00 +0200 |
commit | f50877bff8afed409f02d2978da6a70c383ccea1 (patch) | |
tree | 1cf1d2af7819e1415be39f33a3933011d9fb8629 | |
parent | 2bdd37a165c0e85dee371cff64e995d83d8cb118 (diff) | |
parent | 44dab795acaa39d8481d86022b691626989e52e8 (diff) | |
download | vyos-1x-f50877bff8afed409f02d2978da6a70c383ccea1.tar.gz vyos-1x-f50877bff8afed409f02d2978da6a70c383ccea1.zip |
Merge pull request #349 from jjakob/openvpn-pool
openvpn: T2335: allow disabling client-ip-pool
-rw-r--r-- | data/templates/openvpn/server.conf.tmpl | 4 | ||||
-rw-r--r-- | interface-definitions/interfaces-openvpn.xml.in | 6 | ||||
-rwxr-xr-x | src/conf_mode/interfaces-openvpn.py | 30 |
3 files changed, 27 insertions, 13 deletions
diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl index a9dacd36e..e2f9062a1 100644 --- a/data/templates/openvpn/server.conf.tmpl +++ b/data/templates/openvpn/server.conf.tmpl @@ -78,10 +78,10 @@ topology {% if server_topology == 'point-to-point' %}p2p{% else %}{{ server_topo mode server tls-server {%- else %} -server {{ server_subnet }}{% if server_pool_start %} nopool{% endif %} +server {{ server_subnet }} nopool {%- endif %} -{%- if server_pool_start %} +{%- if server_pool %} ifconfig-pool {{ server_pool_start }} {{ server_pool_stop }}{% if server_pool_netmask %} {{ server_pool_netmask }}{% endif %} {%- endif %} diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in index d926876f7..574a3a58c 100644 --- a/interface-definitions/interfaces-openvpn.xml.in +++ b/interface-definitions/interfaces-openvpn.xml.in @@ -449,6 +449,12 @@ <help>Pool of client IP addresses</help> </properties> <children> + <leafNode name="disable"> + <properties> + <help>Disable client IP pool</help> + <valueless/> + </properties> + </leafNode> <leafNode name="start"> <properties> <help>First IP address in the pool</help> diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index 6733623c6..435e8a8f0 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -72,7 +72,7 @@ default_config_data = { 'server_domain': '', 'server_max_conn': '', 'server_dns_nameserver': [], - 'server_pool': False, + 'server_pool': True, 'server_pool_start': '', 'server_pool_stop': '', 'server_pool_netmask': '', @@ -195,6 +195,10 @@ def get_config(): if intf == openvpn['intf']: openvpn['bridge_member'].append(intf) + # bridged server should not have a pool by default (but can be specified manually) + if openvpn['bridge_member']: + openvpn['server_pool'] = False + # set configuration level conf.set_level('interfaces openvpn ' + openvpn['intf']) @@ -386,16 +390,22 @@ def get_config(): # Server client IP pool if conf.exists('server client-ip-pool'): - openvpn['server_pool'] = True + conf.set_level('interfaces openvpn ' + openvpn['intf'] + ' server client-ip-pool') + + # enable or disable server_pool where necessary + # default is enabled, or disabled in bridge mode + openvpn['server_pool'] = not conf.exists('disable') + + if conf.exists('start'): + openvpn['server_pool_start'] = conf.return_value('start') - if conf.exists('server client-ip-pool start'): - openvpn['server_pool_start'] = conf.return_value('server client-ip-pool start') + if conf.exists('stop'): + openvpn['server_pool_stop'] = conf.return_value('stop') - if conf.exists('server client-ip-pool stop'): - openvpn['server_pool_stop'] = conf.return_value('server client-ip-pool stop') + if conf.exists('netmask'): + openvpn['server_pool_netmask'] = conf.return_value('netmask') - if conf.exists('server client-ip-pool netmask'): - openvpn['server_pool_netmask'] = conf.return_value('server client-ip-pool netmask') + conf.set_level('interfaces openvpn ' + openvpn['intf']) # DNS suffix to be pushed to all clients if conf.exists('server domain-name'): @@ -486,8 +496,7 @@ def get_config(): default_server = getDefaultServer(server_network, openvpn['server_topology'], openvpn['type']) if default_server: # server-bridge doesn't require a pool so don't set defaults for it - if not openvpn['bridge_member']: - openvpn['server_pool'] = True + if openvpn['server_pool'] and not openvpn['bridge_member']: if not openvpn['server_pool_start']: openvpn['server_pool_start'] = default_server['pool_start'] @@ -610,7 +619,6 @@ def verify(openvpn): if not openvpn['bridge_member']: raise ConfigError('Must specify "server subnet" or "bridge member interface" in server mode') - if openvpn['server_pool']: if not (openvpn['server_pool_start'] and openvpn['server_pool_stop']): raise ConfigError('Server client-ip-pool requires both start and stop addresses in bridged mode') |