summaryrefslogtreecommitdiff
path: root/src/conf_mode/interfaces-openvpn.py
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-04-10 20:12:08 +0200
committerGitHub <noreply@github.com>2020-04-10 20:12:08 +0200
commit881a9b679316b2a2e6d035a8bcb0936cb3415b71 (patch)
tree69201c5a818f86ac9849b084b27f699372ebfbe4 /src/conf_mode/interfaces-openvpn.py
parent5ecfd5c973a5ccd9528c6dd2034972ae55b86f04 (diff)
parent1f9a4c51cd0b7f9939d569dfeaf4ad3d2547b93b (diff)
downloadvyos-1x-881a9b679316b2a2e6d035a8bcb0936cb3415b71.tar.gz
vyos-1x-881a9b679316b2a2e6d035a8bcb0936cb3415b71.zip
Merge pull request #323 from jjakob/openvpn-verify-bridge-fix
openvpn: T2266: fix verify for client-server bridged mode
Diffstat (limited to 'src/conf_mode/interfaces-openvpn.py')
-rwxr-xr-xsrc/conf_mode/interfaces-openvpn.py17
1 files changed, 8 insertions, 9 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index f34e4f7fe..8a615ec62 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -490,7 +490,11 @@ def verify(openvpn):
# OpenVPN site-to-site - VERIFY
#
if openvpn['mode'] == 'site-to-site':
- if not (openvpn['local_address'] or openvpn['bridge_member']):
+ if openvpn['ncp_ciphers']:
+ raise ConfigError('encryption ncp-ciphers cannot be specified in site-to-site mode, only server or client')
+
+ if openvpn['mode'] == 'site-to-site' and not openvpn['bridge_member']:
+ if not openvpn['local_address']:
raise ConfigError('Must specify "local-address" or "bridge member interface"')
for host in openvpn['remote_host']:
@@ -507,15 +511,10 @@ def verify(openvpn):
if openvpn['local_address'] == openvpn['local_host']:
raise ConfigError('"local-address" cannot be the same as "local-host"')
- if openvpn['ncp_ciphers']:
- raise ConfigError('encryption ncp-ciphers cannot be specified in site-to-site mode, only server or client')
-
else:
+ # checks for client-server or site-to-site bridged
if openvpn['local_address'] or openvpn['remote_address']:
- raise ConfigError('Cannot specify "local-address" or "remote-address" in client-server mode')
-
- elif openvpn['bridge_member']:
- raise ConfigError('Cannot specify "local-address" or "remote-address" in bridge mode')
+ raise ConfigError('Cannot specify "local-address" or "remote-address" in client-server or bridge mode')
#
# OpenVPN server mode - VERIFY
@@ -538,7 +537,7 @@ def verify(openvpn):
if not openvpn['server_subnet']:
if not openvpn['bridge_member']:
- raise ConfigError('Must specify "server subnet" option in server mode')
+ raise ConfigError('Must specify "server subnet" or "bridge member interface" in server mode')
else:
# checks for both client and site-to-site go here