diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-11-13 12:00:45 +0100 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-11-13 12:00:45 +0100 |
commit | 943a4a5016cfc75a352bb3711b5c4c8bfe32b740 (patch) | |
tree | a91dd19baefe5128851929760079ba2a54d09454 | |
parent | 62320efc3866fa582852258846c15bfa09a92720 (diff) | |
download | vyos-1x-943a4a5016cfc75a352bb3711b5c4c8bfe32b740.tar.gz vyos-1x-943a4a5016cfc75a352bb3711b5c4c8bfe32b740.zip |
openvpn: T3051: fix creation of ifconfig-pool for client communication
-rw-r--r-- | data/templates/openvpn/server.conf.tmpl | 14 | ||||
-rw-r--r-- | python/vyos/template.py | 24 |
2 files changed, 25 insertions, 13 deletions
diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl index 66da9c794..e8f7c3ab8 100644 --- a/data/templates/openvpn/server.conf.tmpl +++ b/data/templates/openvpn/server.conf.tmpl @@ -60,24 +60,24 @@ mode server tls-server {% if server is defined and server is not none %} {% if server.subnet is defined and server.subnet is not none %} +{% if server.topology is defined and server.topology == 'point-to-point' %} +topology p2p +{% elif server.topology is defined and server.topology is not none %} +topology {{ server.topology }} +{% endif %} {% for subnet in server.subnet if subnet | ipv4 %} server {{ subnet | address_from_cidr }} {{ subnet | netmask_from_cidr }} nopool {# OpenVPN assigns the first IP address to its local interface so the pool used #} {# in net30 topology - where each client receives a /30 must start from the second subnet #} {% if server.topology is defined and server.topology == 'net30' %} -ifconfig-pool {{ subnet | inc_ip('4') }} {{ subnet | last_host_address }} {{ subnet | netmask_from_cidr if device_type == 'tap' else '' }} +ifconfig-pool {{ subnet | inc_ip('4') }} {{ subnet | last_host_address | dec_ip('1') }} {{ subnet | netmask_from_cidr if device_type == 'tap' else '' }} {% else %} {# OpenVPN assigns the first IP address to its local interface so the pool must #} {# start from the second address and end on the last address #} -ifconfig-pool {{ subnet | first_host_address | inc_ip('1') }} {{ subnet | last_host_address }} {{ subnet | netmask_from_cidr if device_type == 'tap' else '' }} +ifconfig-pool {{ subnet | first_host_address | inc_ip('1') }} {{ subnet | last_host_address | dec_ip('1') }} {{ subnet | netmask_from_cidr if device_type == 'tun' else '' }} {% endif %} {% endfor %} {% endif %} -{% if server.topology is defined and server.topology == 'point-to-point' %} -topology p2p -{% elif server.topology is defined and server.topology is not none %} -topology {{ server.topology }} -{% endif %} {% if server.client_ip_pool is defined and server.client_ip_pool is not none and server.client_ip_pool.disable is not defined %} ifconfig-pool {{ server.client_ip_pool.start }} {{ server.client_ip_pool.stop }}{{ server.client_ip_pool.subnet_mask if server.client_ip_pool.subnet_mask is defined and server.client_ip_pool.subnet_mask is not none }} {% endif %} diff --git a/python/vyos/template.py b/python/vyos/template.py index 389f6927f..53e1dc1b5 100644 --- a/python/vyos/template.py +++ b/python/vyos/template.py @@ -190,11 +190,23 @@ def vyos_last_host_address(text): return str(IPv6Network(addr).broadcast_address) @register_filter('inc_ip') -def vyos_inc_ip(text, increment): - """ Return first usable IP address from given prefix. - Example: - - 10.0.0.0/24 -> 10.0.0.1 - - 2001:db8::/64 -> 2001:db8::1 +def vyos_inc_ip(address, increment): + """ Increment given IP address by 'increment' + + Example (inc by 2): + - 10.0.0.0/24 -> 10.0.0.2 + - 2001:db8::/64 -> 2001:db8::2 + """ + from ipaddress import ip_interface + return str(ip_interface(address).ip + int(increment)) + +@register_filter('dec_ip') +def vyos_dec_ip(address, decrement): + """ Decrement given IP address by 'decrement' + + Example (inc by 2): + - 10.0.0.0/24 -> 10.0.0.2 + - 2001:db8::/64 -> 2001:db8::2 """ from ipaddress import ip_interface - return str(ip_interface(text).ip + int(increment)) + return str(ip_interface(address).ip - int(decrement)) |