summaryrefslogtreecommitdiff
path: root/src/conf_mode/interfaces-openvpn.py
diff options
context:
space:
mode:
authorDaniil Baturin <daniil@vyos.io>2022-03-28 10:46:30 +0300
committerDaniil Baturin <daniil@vyos.io>2022-03-28 10:46:30 +0300
commit60f093464692f08c1c32c9e31513a6ae98636617 (patch)
treee949cad3812dd6cec274b62db893657a822f3a5d /src/conf_mode/interfaces-openvpn.py
parent5ad305087e4a3c710d35be04b14dd30ddd051eaf (diff)
downloadvyos-1x-60f093464692f08c1c32c9e31513a6ae98636617.tar.gz
vyos-1x-60f093464692f08c1c32c9e31513a6ae98636617.zip
Revert "openvpn: T4230: globally enable ip_nonlocal_bind"
This reverts commit 1cbcbf40b7721849f9696c05fac65db010a66b7c.
Diffstat (limited to 'src/conf_mode/interfaces-openvpn.py')
-rwxr-xr-xsrc/conf_mode/interfaces-openvpn.py7
1 files changed, 7 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index c30c0bdd0..8f9c0b3f1 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -653,6 +653,13 @@ def apply(openvpn):
return None
+ # verify specified IP address is present on any interface on this system
+ # Allow to bind service to nonlocal address, if it virtaual-vrrp address
+ # or if address will be assign later
+ if 'local_host' in openvpn:
+ if not is_addr_assigned(openvpn['local_host']):
+ cmd('sysctl -w net.ipv4.ip_nonlocal_bind=1')
+
# No matching OpenVPN process running - maybe it got killed or none
# existed - nevertheless, spawn new OpenVPN process
action = 'reload-or-restart'