diff options
| author | Christian Poessinger <christian@poessinger.com> | 2021-08-17 08:46:41 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-08-17 08:46:41 +0200 |
| commit | 6707322f754750431355424518dfa2ac739a1a3a (patch) | |
| tree | 0c7f0b749e82d013694b401d23191c79fa0e4af6 | |
| parent | d95723547949d759e9260fdc220162fd09b2df2b (diff) | |
| parent | 94ed90e7a09b1c8fb4bfc8ad5df9ec0e1b4a15bb (diff) | |
| download | vyos-1x-6707322f754750431355424518dfa2ac739a1a3a.tar.gz vyos-1x-6707322f754750431355424518dfa2ac739a1a3a.zip | |
Merge pull request #974 from sever-sever/T690
openvpn: T690: Add metric for pushed routes
| -rw-r--r-- | data/templates/openvpn/server.conf.tmpl | 19 | ||||
| -rw-r--r-- | interface-definitions/interfaces-openvpn.xml.in | 20 |
2 files changed, 27 insertions, 12 deletions
diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl index d9f01310e..9b07a9ba2 100644 --- a/data/templates/openvpn/server.conf.tmpl +++ b/data/templates/openvpn/server.conf.tmpl @@ -74,6 +74,16 @@ topology {{ server.topology }} {% for subnet in server.subnet %} {% if subnet | is_ipv4 %} server {{ subnet | address_from_cidr }} {{ subnet | netmask_from_cidr }} nopool +{# First ip address is used as gateway. It's allows to use metrics #} +{% if server.push_route is defined and server.push_route is not none %} +{% for route, route_config in server.push_route.items() %} +{% if route | is_ipv4 %} +push "route {{ route | address_from_cidr }} {{ route | netmask_from_cidr }} {{ subnet | first_host_address }} {{ route_config.metric if route_config.metric is defined else "0" }}" +{% elif route | is_ipv6 %} +push "route-ipv6 {{ route }}" +{% endif %} +{% endfor %} +{% endif %} {# OpenVPN assigns the first IP address to its local interface so the pool used #} {# in net30 topology - where each client receives a /30 must start from the second subnet #} {% if server.topology is defined and server.topology == 'net30' %} @@ -106,15 +116,6 @@ management /run/openvpn/openvpn-mgmt-intf unix ccd-exclusive {% endif %} -{% if server.push_route is defined and server.push_route is not none %} -{% for route in server.push_route %} -{% if route | is_ipv4 %} -push "route {{ route | address_from_cidr }} {{ route | netmask_from_cidr }}" -{% elif route | is_ipv6 %} -push "route-ipv6 {{ route }}" -{% endif %} -{% endfor %} -{% endif %} {% if server.name_server is defined and server.name_server is not none %} {% for nameserver in server.name_server %} {% if nameserver | is_ipv4 %} diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in index 7ff08ac86..286b10f9a 100644 --- a/interface-definitions/interfaces-openvpn.xml.in +++ b/interface-definitions/interfaces-openvpn.xml.in @@ -571,7 +571,7 @@ <multi/> </properties> </leafNode> - <leafNode name="push-route"> + <tagNode name="push-route"> <properties> <help>Route to be pushed to all clients</help> <valueHelp> @@ -585,9 +585,23 @@ <constraint> <validator name="ip-prefix"/> </constraint> - <multi/> </properties> - </leafNode> + <children> + <leafNode name="metric"> + <properties> + <help>Set metric for this route</help> + <valueHelp> + <format>0-4294967295</format> + <description>Metric for this route</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + <defaultValue>0</defaultValue> + </leafNode> + </children> + </tagNode> <leafNode name="reject-unconfigured-clients"> <properties> <help>Reject connections from clients that are not explicitly configured</help> |