diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-05-31 18:17:00 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-05-31 17:15:29 +0000 |
commit | 72372b7631ccea0b809fa7eac7a906910867096d (patch) | |
tree | dc0a89c958ba0d551e974ea36f889baaa7215472 /src/conf_mode | |
parent | 196a4350e76e9e9cd8f214e5cc130017caf99ed6 (diff) | |
download | vyos-1x-72372b7631ccea0b809fa7eac7a906910867096d.tar.gz vyos-1x-72372b7631ccea0b809fa7eac7a906910867096d.zip |
openvpn: T2532: add VRF support
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-x | src/conf_mode/interfaces-openvpn.py | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index bd8a0b6b0..5afcbe7da 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -112,6 +112,7 @@ default_config_data = { 'type': 'tun', 'uid': user, 'gid': group, + 'vrf': '' } @@ -633,6 +634,10 @@ def get_config(): if openvpn['redirect_gateway']: openvpn['redirect_gateway'] += ' ipv6' + # retrieve VRF instance + if conf.exists('vrf'): + openvpn['vrf'] = conf.return_value('vrf') + return openvpn def verify(openvpn): @@ -944,6 +949,16 @@ def verify(openvpn): if not openvpn['auth_pass']: raise ConfigError('Password for authentication is missing') + if openvpn['vrf']: + if openvpn['vrf'] not in interfaces(): + raise ConfigError(f'VRF "{openvpn["vrf"]}" does not exist') + + if openvpn['is_bridge_member']: + raise ConfigError(( + f'Interface "{openvpn["intf"]}" cannot be member of VRF ' + f'"{openvpn["vrf"]}" and bridge "{openvpn["is_bridge_member"]}" ' + f'at the same time!')) + return None def generate(openvpn): @@ -1073,6 +1088,11 @@ def apply(openvpn): for addr in openvpn['ipv6_eui64_prefix']: o.add_ipv6_eui64_address(addr) + # assign/remove VRF (ONLY when not a member of a bridge, + # otherwise 'nomaster' removes it from it) + if not openvpn['is_bridge_member']: + o.set_vrf(openvpn['vrf']) + except: pass |