openvpn: T2994: fix ipv6 server mode

1 files changed, 21 insertions, 23 deletions

diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl
index 462d73c02..b3b0c936a 100644
--- a/data/templates/openvpn/server.conf.tmpl
+++ b/data/templates/openvpn/server.conf.tmpl
@@ -67,24 +67,29 @@ mode server
 tls-server
 {%   if server is defined and server is not none %}
 {%     if server.subnet is defined and server.subnet is not none %}
-{%     if server.topology is defined and server.topology == 'point-to-point' %}
+{%       if server.topology is defined and server.topology == 'point-to-point' %}
 topology p2p
-{%     elif server.topology is defined and server.topology is not none %}
+{%       elif server.topology is defined and server.topology is not none %}
 topology {{ server.topology }}
-{%     endif %}
-{%       for subnet in server.subnet if subnet | is_ipv4 %}
+{%       endif %}
+{%       for subnet in server.subnet %}
+{%         if subnet | is_ipv4 %}
 server {{ subnet | address_from_cidr }} {{ subnet | netmask_from_cidr }} nopool
 {# OpenVPN assigns the first IP address to its local interface so the pool used #}
 {# in net30 topology - where each client receives a /30 must start from the second subnet #}
-{%     if server.topology is defined and server.topology == 'net30' %}
+{%           if server.topology is defined and server.topology == 'net30' %}
 ifconfig-pool {{ subnet | inc_ip('4') }} {{ subnet | last_host_address | dec_ip('1') }} {{ subnet | netmask_from_cidr if device_type == 'tap' else '' }}
-{%     else %}
+{%           else %}
 {# OpenVPN assigns the first IP address to its local interface so the pool must #}
 {# start from the second address and end on the last address #}
 ifconfig-pool {{ subnet | first_host_address | inc_ip('1') }} {{ subnet | last_host_address | dec_ip('1') }} {{ subnet | netmask_from_cidr if device_type == 'tun' else '' }}
-{%     endif %}
+{%           endif %}
+{%         elif subnet | is_ipv6 %}
+server-ipv6 {{ subnet }}
+{%         endif %}
 {%       endfor %}
 {%     endif %}
+
 {%     if server.client_ip_pool is defined and server.client_ip_pool is not none and server.client_ip_pool.disable is not defined %}
 ifconfig-pool {{ server.client_ip_pool.start }} {{ server.client_ip_pool.stop }}{{ server.client_ip_pool.subnet_mask if server.client_ip_pool.subnet_mask is defined and server.client_ip_pool.subnet_mask is not none }}
 {%     endif %}
@@ -101,36 +106,29 @@ management /run/openvpn/openvpn-mgmt-intf unix
 {%     if server.reject_unconfigured_clients is defined %}
 ccd-exclusive
 {%     endif %}
+
 {%     if server.push_route is defined and server.push_route is not none %}
 {%       for route in server.push_route %}
+{%         if route | is_ipv4 %}
 push "route {{ route | address_from_cidr }} {{ route | netmask_from_cidr }}"
+{%         elif route | is_ipv6 %}
+push "route-ipv6 {{ route }}"
+{%         endif %}
 {%       endfor %}
 {%     endif %}
 {%     if server.name_server is defined and server.name_server is not none %}
 {%       for nameserver in server.name_server %}
+{%         if nameserver | is_ipv4 %}
 push "dhcp-option DNS {{ nameserver }}"
+{%         elif nameserver | is_ipv6 %}
+push "dhcp-option DNS6 {{ nameserver }}"
+{%         endif %}
 {%       endfor %}
 {%     endif %}
 {%     if server.domain_name is defined and server.domain_name is not none %}
 push "dhcp-option DOMAIN {{ server.domain_name }}"
 {%     endif %}
 {%   endif %}
-
-{%   if subnet_v6 is defined and subnet_v6 is not none %}
-# IPv6
-push "tun-ipv6"
-ifconfig-ipv6 {{ server_ipv6_local }}/{{ server_ipv6_prefixlen }} {{ server_ipv6_remote }}
-{%     if server_ipv6_pool %}
-ifconfig-ipv6-pool {{ server_ipv6_pool_base }}/{{ server_ipv6_pool_prefixlen }}
-{%     endif %}
-{%     for route6 in server_ipv6_push_route %}
-push "route-ipv6 {{ route6 }}"
-{%     endfor %}
-{%     for ns6 in server_ipv6_dns_nameserver %}
-push "dhcp-option DNS6 {{ ns6 }}"
-{%     endfor %}
-{%   endif %}
-
 {% else %}
 #
 # OpenVPN site-2-site mode