diff options
| author | Antonio Quartulli <antonio@mandelbit.com> | 2022-11-01 22:52:49 +0100 |
|---|---|---|
| committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2024-01-06 20:00:48 +0000 |
| commit | 49efd22c36ab1a14d87d8d91ef50edf23c2c7b4a (patch) | |
| tree | 3c786c487ce1b7e2989903de15f09011b24957b5 /data | |
| parent | 72fefd8269a55e1626fd00bad8cda908604f9325 (diff) | |
| download | vyos-1x-49efd22c36ab1a14d87d8d91ef50edf23c2c7b4a.tar.gz vyos-1x-49efd22c36ab1a14d87d8d91ef50edf23c2c7b4a.zip | |
openvpn: T3214: specify nopool on --server line only if needed
The --server directive will already create a pool automatically.
For this reason noppol should be used only when an explicit
client-ip-pool was configured by the user.
If that's not the case, then the nopool flag should not be
specified and no manual pool should be configured.
Signed-off-by: Antonio Quartulli <antonio@mandelbit.com>
(cherry picked from commit 0ccbbca01b22232b5cba63d64ab00eb54af7b068)
Diffstat (limited to 'data')
| -rw-r--r-- | data/templates/openvpn/server.conf.j2 | 11 |
1 files changed, 1 insertions, 10 deletions
diff --git a/data/templates/openvpn/server.conf.j2 b/data/templates/openvpn/server.conf.j2 index b9dfe23ad..64c8e8086 100644 --- a/data/templates/openvpn/server.conf.j2 +++ b/data/templates/openvpn/server.conf.j2 @@ -74,7 +74,7 @@ topology {{ server.topology }} {% endif %} {% for subnet in server.subnet %} {% if subnet | is_ipv4 %} -server {{ subnet | address_from_cidr }} {{ subnet | netmask_from_cidr }} nopool +server {{ subnet | address_from_cidr }} {{ subnet | netmask_from_cidr }} {{ 'nopool' if server.client_ip_pool is vyos_defined and server.client_ip_pool.disable is not vyos_defined else '' }} {# First ip address is used as gateway. It's allows to use metrics #} {% if server.push_route is vyos_defined %} {% for route, route_config in server.push_route.items() %} @@ -85,15 +85,6 @@ push "route-ipv6 {{ route }}" {% endif %} {% endfor %} {% endif %} -{# OpenVPN assigns the first IP address to its local interface so the pool used #} -{# in net30 topology - where each client receives a /30 must start from the second subnet #} -{% if server.topology is vyos_defined('net30') %} -ifconfig-pool {{ subnet | inc_ip('4') }} {{ subnet | last_host_address | dec_ip('1') }} {{ subnet | netmask_from_cidr if device_type == 'tap' else '' }} -{% else %} -{# OpenVPN assigns the first IP address to its local interface so the pool must #} -{# start from the second address and end on the last address #} -ifconfig-pool {{ subnet | first_host_address | inc_ip('1') }} {{ subnet | last_host_address | dec_ip('1') }} {{ subnet | netmask_from_cidr if device_type == 'tun' else '' }} -{% endif %} {% elif subnet | is_ipv6 %} server-ipv6 {{ subnet }} {% endif %} |