diff options
| author | Christian Breunig <christian@breunig.cc> | 2024-08-06 06:57:02 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-06 06:57:02 +0200 |
| commit | 260f6d9365b4e40084fa28ba43dd5e35c4288640 (patch) | |
| tree | efc84054daa4a7a4170e6a935d65c62385e9df18 /src/conf_mode | |
| parent | f51657532b546cc1e20df1a18b1111c46db045be (diff) | |
| parent | 01da8d9cd91b9c35dcbbc9160f6377655d5c8983 (diff) | |
| download | vyos-1x-260f6d9365b4e40084fa28ba43dd5e35c4288640.tar.gz vyos-1x-260f6d9365b4e40084fa28ba43dd5e35c4288640.zip | |
Merge pull request #3943 from vyos/mergify/bp/circinus/pr-3920
OPENVPN: T6555: add server-bridge options in mode server (backport #3920)
Diffstat (limited to 'src/conf_mode')
| -rwxr-xr-x | src/conf_mode/interfaces_openvpn.py | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces_openvpn.py b/src/conf_mode/interfaces_openvpn.py index 320ab7b7b..d2665d9e5 100755 --- a/src/conf_mode/interfaces_openvpn.py +++ b/src/conf_mode/interfaces_openvpn.py @@ -378,6 +378,22 @@ def verify(openvpn): if (client_v.get('ip') and len(client_v['ip']) > 1) or (client_v.get('ipv6_ip') and len(client_v['ipv6_ip']) > 1): raise ConfigError(f'Server client "{client_k}": cannot specify more than 1 IPv4 and 1 IPv6 IP') + if dict_search('server.bridge', openvpn): + # check if server bridge is a tap interfaces + if not openvpn['device_type'] == 'tap' and dict_search('server.bridge', openvpn): + raise ConfigError('Must specify "device-type tap" with server bridge mode') + elif not (dict_search('server.bridge.start', openvpn) and dict_search('server.bridge.stop', openvpn)): + raise ConfigError('Server bridge requires both start and stop addresses') + else: + v4PoolStart = IPv4Address(dict_search('server.bridge.start', openvpn)) + v4PoolStop = IPv4Address(dict_search('server.bridge.stop', openvpn)) + if v4PoolStart > v4PoolStop: + raise ConfigError(f'Server bridge start address {v4PoolStart} is larger than stop address {v4PoolStop}') + + v4PoolSize = int(v4PoolStop) - int(v4PoolStart) + if v4PoolSize >= 65536: + raise ConfigError(f'Server bridge is too large [{v4PoolStart} -> {v4PoolStop} = {v4PoolSize}], maximum is 65536 addresses.') + if dict_search('server.client_ip_pool', openvpn): if not (dict_search('server.client_ip_pool.start', openvpn) and dict_search('server.client_ip_pool.stop', openvpn)): raise ConfigError('Server client-ip-pool requires both start and stop addresses') |