summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAntonio Quartulli <antonio@mandelbit.com>2022-11-01 22:43:46 +0100
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2024-01-06 20:00:48 +0000
commit72fefd8269a55e1626fd00bad8cda908604f9325 (patch)
tree867a5891e78f414eed29b0f14d128477bd2c3b8b
parentceb1a8d6b6144d7c44a2e1f0b16b5afecc43f904 (diff)
downloadvyos-1x-72fefd8269a55e1626fd00bad8cda908604f9325.tar.gz
vyos-1x-72fefd8269a55e1626fd00bad8cda908604f9325.zip
openvpn: T3214: warn when setting nopool and server-ipv6 is being used
Currently OpenVPN does not allow having an IPv6 subnet if 'nopool' was specified on the --server directive. For this eason warn if this specific configuration is being hit. This is probably something that should be fixed upstream, but for now we can't allow this combination of parameters. Signed-off-by: Antonio Quartulli <antonio@mandelbit.com> (cherry picked from commit 7a0e40ce8df386c0ea2de84bce8fb6c81a0353ce)
-rwxr-xr-xsrc/conf_mode/interfaces_openvpn.py4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces_openvpn.py b/src/conf_mode/interfaces_openvpn.py
index 28f323691..45569dd21 100755
--- a/src/conf_mode/interfaces_openvpn.py
+++ b/src/conf_mode/interfaces_openvpn.py
@@ -388,6 +388,10 @@ def verify(openvpn):
for v4PoolNet in v4PoolNets:
if IPv4Address(client['ip'][0]) in v4PoolNet:
print(f'Warning: Client "{client["name"]}" IP {client["ip"][0]} is in server IP pool, it is not reserved for this client.')
+ # configuring a client_ip_pool will set 'server ... nopool' which is currently incompatible with 'server-ipv6' (probably to be fixed upstream)
+ for subnet in (dict_search('server.subnet', openvpn) or []):
+ if is_ipv6(subnet):
+ raise ConfigError(f'Setting client-ip-pool is incompatible having an IPv6 server subnet.')
for subnet in (dict_search('server.subnet', openvpn) or []):
if is_ipv6(subnet):