diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-11-01 10:46:46 +0100 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-11-01 13:51:44 +0100 |
commit | bb76575715682594d4d6d73d8b9e87692bdc6841 (patch) | |
tree | 8c68a41f00708bcd1fdecdd967308e0edcbfe58c /data/templates/openvpn | |
parent | 68c97eed91204904b7b2314dd9b357069db4eda5 (diff) | |
download | vyos-1x-bb76575715682594d4d6d73d8b9e87692bdc6841.tar.gz vyos-1x-bb76575715682594d4d6d73d8b9e87692bdc6841.zip |
openvpn: T2994: remove workarounds for individual ipv4 and ipv6 keys
Remove workaround which split (local|remote)_address and also subnet keys into
individual keys for the assigned IP address family (4/6).
During template rendering check IP version by introducing new ipv4 and ipv6
Jinja2 filters {% if foo | ipv4 %} or {% if bar | ipv6 %} options.
Diffstat (limited to 'data/templates/openvpn')
-rw-r--r-- | data/templates/openvpn/server.conf.tmpl | 28 |
1 files changed, 18 insertions, 10 deletions
diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl index 92f5eb4c4..91542c71a 100644 --- a/data/templates/openvpn/server.conf.tmpl +++ b/data/templates/openvpn/server.conf.tmpl @@ -59,8 +59,10 @@ nobind mode server tls-server {% if server is defined and server is not none %} -{% if server.subnet_v4 is defined and server.subnet_v4 is not none %} -server {{ server.subnet_v4[0] | address_from_cidr }} {{ server.subnet_v4[0] | netmask_from_cidr }} +{% if server.subnet is defined and server.subnet is not none %} +{% for subnet in server.subnet if subnet | ipv4 %} +server {{ subnet | address_from_cidr }} {{ subnet | netmask_from_cidr }} +{% endfor %} {% endif %} {% if server.topology is defined and server.topology == 'point-to-point' %} topology p2p @@ -118,14 +120,20 @@ push "dhcp-option DNS6 {{ ns6 }}" # ping {{ keep_alive.interval }} ping-restart {{ keep_alive.failure_count }} -{% if local_address_v4_netmask is defined and local_address_v4_netmask is not none %} -ifconfig {{ local_address_v4[0] }} {{ local_address_v4_netmask[0] }} -{% elif remote_address_v4 is defined and remote_address_v4 is not none %} -ifconfig {{ local_address_v4[0] }} {{ remote_address_v4[0] }} -{% endif %} -{% if local_address_v6 is defined and remote_address_v6 is defined and local_address_v6 is not none and remote_address_v6 is not none %} -ifconfig-ipv6 {{ local_address_v6[0] }} {{ remote_address_v6[0] }} -{% endif %} + +{% for laddr, laddr_conf in local_address.items() if laddr | ipv4 %} +{% if laddr_conf is defined and laddr_conf.subnet_mask is defined and laddr_conf.subnet_mask is not none %} +ifconfig {{ laddr }} {{ laddr_conf.subnet_mask }} +{% else %} +{% for raddr in remote_address %} +{% if raddr | ipv4 %} +ifconfig {{ laddr }} {{ raddr }} +{% else %} +ifconfig-ipv6 {{ laddr }} {{ raddr }} +{% endif %} +{% endfor %} +{% endif %} +{% endfor %} {% endif %} {% if tls is defined and tls is not none %} |