summaryrefslogtreecommitdiff
path: root/data/templates/openvpn
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-11-23 11:33:15 +0100
committerChristian Poessinger <christian@poessinger.com>2020-11-23 11:45:12 +0100
commit3237fec72140f8cadb6ed8cfbfadbb4bb14d4554 (patch)
tree6f74650a970224062141b2dee42f4e94843a9fc5 /data/templates/openvpn
parent4cba45c00c7d31bf71a6fb4b3cf9fabea4bb285a (diff)
downloadvyos-1x-3237fec72140f8cadb6ed8cfbfadbb4bb14d4554.tar.gz
vyos-1x-3237fec72140f8cadb6ed8cfbfadbb4bb14d4554.zip
openvpn: T3074: fix site-2-site operation mode
When rendering the configs "ifconfig" statement wrong IP addresses have been used for the "tun" operating mode. This has been corrected.
Diffstat (limited to 'data/templates/openvpn')
-rw-r--r--data/templates/openvpn/server.conf.tmpl29
1 files changed, 18 insertions, 11 deletions
diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl
index ef1f235b0..a1daaa078 100644
--- a/data/templates/openvpn/server.conf.tmpl
+++ b/data/templates/openvpn/server.conf.tmpl
@@ -52,13 +52,14 @@ push "redirect-gateway def1"
compress lzo
{% endif %}
-{% if 'client' in mode %}
+{% if mode == 'client' %}
#
# OpenVPN Client mode
#
client
nobind
-{% elif 'server' in mode %}
+
+{% elif mode == 'server' %}
#
# OpenVPN Server mode
#
@@ -129,6 +130,7 @@ push "route-ipv6 {{ route6 }}"
push "dhcp-option DNS6 {{ ns6 }}"
{% endfor %}
{% endif %}
+
{% else %}
#
# OpenVPN site-2-site mode
@@ -136,19 +138,24 @@ push "dhcp-option DNS6 {{ ns6 }}"
ping {{ keep_alive.interval }}
ping-restart {{ keep_alive.failure_count }}
-{% for laddr, laddr_conf in local_address.items() if laddr | is_ipv4 %}
-{% if laddr_conf is defined and laddr_conf.subnet_mask is defined and laddr_conf.subnet_mask is not none %}
+{% if device_type == 'tap' %}
+{% for laddr, laddr_conf in local_address.items() if laddr | is_ipv4 %}
+{% if laddr_conf is defined and laddr_conf.subnet_mask is defined and laddr_conf.subnet_mask is not none %}
ifconfig {{ laddr }} {{ laddr_conf.subnet_mask }}
-{% else %}
-{% for raddr in remote_address %}
-{% if raddr | is_ipv4 %}
+{% endif %}
+{% endfor %}
+{% else %}
+{% for laddr in local_address if laddr | is_ipv4 %}
+{% for raddr in remote_address if raddr | is_ipv4 %}
ifconfig {{ laddr }} {{ raddr }}
-{% else %}
+{% endfor %}
+{% endfor %}
+{% for laddr in local_address if laddr | is_ipv6 %}
+{% for raddr in remote_address if raddr | is_ipv6 %}
ifconfig-ipv6 {{ laddr }} {{ raddr }}
-{% endif %}
{% endfor %}
-{% endif %}
-{% endfor %}
+{% endfor %}
+{% endif %}
{% endif %}
{% if tls is defined and tls is not none %}