diff options
| author | Jernej Jakob <jernej.jakob@gmail.com> | 2020-04-14 17:15:58 +0200 |
|---|---|---|
| committer | Jernej Jakob <jernej.jakob@gmail.com> | 2020-04-16 12:48:59 +0200 |
| commit | bb9f99853c723c5100c3fffbc592ba79f3abebfe (patch) | |
| tree | 77b5e7da7b6b20bdec5b282108148a54df8c3300 /data/templates/openvpn/server.conf.tmpl | |
| parent | f50877bff8afed409f02d2978da6a70c383ccea1 (diff) | |
| download | vyos-1x-bb9f99853c723c5100c3fffbc592ba79f3abebfe.tar.gz vyos-1x-bb9f99853c723c5100c3fffbc592ba79f3abebfe.zip | |
openvpn: T149: IPv6 support
- allow configuring IPv6 server addresses and push options
- add IPv6 server client IP pool
- add IPv6 push dhcp-option DNS6
- allow configuring IPv6 server client addresses
- allow configuring IPv6 site-to-site addresses
- validate all IPv6 options and addresses
- use protos that explicitely open an IPv6 listening socket
(tcp6-server, tcp6-client, udp6) as the default on Linux listens on
IPv4 only (https://community.openvpn.net/openvpn/ticket/360)
- add validator for any IPv6 address, host or network (used by pool)
Diffstat (limited to 'data/templates/openvpn/server.conf.tmpl')
| -rw-r--r-- | data/templates/openvpn/server.conf.tmpl | 33 |
1 files changed, 28 insertions, 5 deletions
diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl index e2f9062a1..0f563dc2b 100644 --- a/data/templates/openvpn/server.conf.tmpl +++ b/data/templates/openvpn/server.conf.tmpl @@ -18,7 +18,7 @@ dev {{ intf }} persist-key iproute /usr/libexec/vyos/system/unpriv-ip -proto {% if 'tcp-active' in protocol -%}tcp-client{% elif 'tcp-passive' in protocol -%}tcp-server{% else %}udp{% endif %} +proto {% if 'tcp-active' in protocol -%}tcp6-client{% elif 'tcp-passive' in protocol -%}tcp6-server{% else %}udp6{% endif %} {%- if local_host %} local {{ local_host }} @@ -78,7 +78,7 @@ topology {% if server_topology == 'point-to-point' %}p2p{% else %}{{ server_topo mode server tls-server {%- else %} -server {{ server_subnet }} nopool +server {{ server_subnet[0] }} nopool {%- endif %} {%- if server_pool %} @@ -110,7 +110,26 @@ push "dhcp-option DNS {{ ns }}" {%- if server_domain -%} push "dhcp-option DOMAIN {{ server_domain }}" -{% endif %} +{% endif -%} + +{%- if server_ipv6_local %} +# IPv6 +push "tun-ipv6" +ifconfig-ipv6 {{ server_ipv6_local }}/{{ server_ipv6_prefixlen }} {{ server_ipv6_remote }} + +{%- if server_ipv6_pool %} +ifconfig-ipv6-pool {{ server_ipv6_pool_base }}/{{ server_ipv6_pool_prefixlen }} +{%- endif %} + +{%- for route6 in server_ipv6_push_route %} +push "route-ipv6 {{ route6 }}" +{%- endfor %} + +{%- for ns6 in server_ipv6_dns_nameserver %} +push "dhcp-option DNS6 {{ ns6 }}" +{%- endfor %} + +{%- endif %} {% else -%} # @@ -120,9 +139,13 @@ ping {{ ping_interval }} ping-restart {{ ping_restart }} {% if local_address_subnet -%} -ifconfig {{ local_address }} {{ local_address_subnet }} +ifconfig {{ local_address[0] }} {{ local_address_subnet }} {%- elif remote_address -%} -ifconfig {{ local_address }} {{ remote_address }} +ifconfig {{ local_address[0] }} {{ remote_address[0] }} +{%- endif %} + +{% if ipv6_local_address -%} +ifconfig-ipv6 {{ ipv6_local_address[0] }} {{ ipv6_remote_address[0] }} {%- endif %} {% endif -%} |