diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-04-10 20:12:08 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-04-10 20:12:08 +0200 |
commit | 881a9b679316b2a2e6d035a8bcb0936cb3415b71 (patch) | |
tree | 69201c5a818f86ac9849b084b27f699372ebfbe4 /src/conf_mode/interfaces-openvpn.py | |
parent | 5ecfd5c973a5ccd9528c6dd2034972ae55b86f04 (diff) | |
parent | 1f9a4c51cd0b7f9939d569dfeaf4ad3d2547b93b (diff) | |
download | vyos-1x-881a9b679316b2a2e6d035a8bcb0936cb3415b71.tar.gz vyos-1x-881a9b679316b2a2e6d035a8bcb0936cb3415b71.zip |
Merge pull request #323 from jjakob/openvpn-verify-bridge-fix
openvpn: T2266: fix verify for client-server bridged mode
Diffstat (limited to 'src/conf_mode/interfaces-openvpn.py')
-rwxr-xr-x | src/conf_mode/interfaces-openvpn.py | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index f34e4f7fe..8a615ec62 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -490,7 +490,11 @@ def verify(openvpn): # OpenVPN site-to-site - VERIFY # if openvpn['mode'] == 'site-to-site': - if not (openvpn['local_address'] or openvpn['bridge_member']): + if openvpn['ncp_ciphers']: + raise ConfigError('encryption ncp-ciphers cannot be specified in site-to-site mode, only server or client') + + if openvpn['mode'] == 'site-to-site' and not openvpn['bridge_member']: + if not openvpn['local_address']: raise ConfigError('Must specify "local-address" or "bridge member interface"') for host in openvpn['remote_host']: @@ -507,15 +511,10 @@ def verify(openvpn): if openvpn['local_address'] == openvpn['local_host']: raise ConfigError('"local-address" cannot be the same as "local-host"') - if openvpn['ncp_ciphers']: - raise ConfigError('encryption ncp-ciphers cannot be specified in site-to-site mode, only server or client') - else: + # checks for client-server or site-to-site bridged if openvpn['local_address'] or openvpn['remote_address']: - raise ConfigError('Cannot specify "local-address" or "remote-address" in client-server mode') - - elif openvpn['bridge_member']: - raise ConfigError('Cannot specify "local-address" or "remote-address" in bridge mode') + raise ConfigError('Cannot specify "local-address" or "remote-address" in client-server or bridge mode') # # OpenVPN server mode - VERIFY @@ -538,7 +537,7 @@ def verify(openvpn): if not openvpn['server_subnet']: if not openvpn['bridge_member']: - raise ConfigError('Must specify "server subnet" option in server mode') + raise ConfigError('Must specify "server subnet" or "bridge member interface" in server mode') else: # checks for both client and site-to-site go here |