diff options
author | Christian Breunig <christian@breunig.cc> | 2023-07-26 23:14:19 +0200 |
---|---|---|
committer | Christian Breunig <christian@breunig.cc> | 2023-07-26 23:14:19 +0200 |
commit | fa07179ae7f1dc07e6ccc1b20d2b81384b6efe07 (patch) | |
tree | 3dcfa310f073d902133412bfb177ce88a5bdf1b7 /src/conf_mode | |
parent | 9e0a9b7df3d7187173feaf922fedbac8f0f0b674 (diff) | |
download | vyos-1x-fa07179ae7f1dc07e6ccc1b20d2b81384b6efe07.tar.gz vyos-1x-fa07179ae7f1dc07e6ccc1b20d2b81384b6efe07.zip |
openvpn: T4974: dynamically load/unload kernel module
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-x | src/conf_mode/interfaces-openvpn.py | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index 607a19385..2e4bea377 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -56,6 +56,8 @@ from vyos.utils.list import is_list_equal from vyos.utils.file import makedir from vyos.utils.file import read_file from vyos.utils.file import write_file +from vyos.utils.kernel import check_kmod +from vyos.utils.kernel import unload_kmod from vyos.utils.process import call from vyos.utils.permission import chown from vyos.utils.process import cmd @@ -95,6 +97,8 @@ def get_config(config=None): openvpn['pki'] = tmp_pki if is_node_changed(conf, base + [ifname, 'openvpn-option']): openvpn.update({'restart_required': {}}) + if is_node_changed(conf, base + [ifname, 'enable-dco']): + openvpn.update({'restart_required': {}}) # We have to get the dict using 'get_config_dict' instead of 'get_interface_dict' # as 'get_interface_dict' merges the defaults in, so we can not check for defaults in there. @@ -679,6 +683,13 @@ def apply(openvpn): if not is_addr_assigned(openvpn['local_host']): cmd('sysctl -w net.ipv4.ip_nonlocal_bind=1') + # dynamically load/unload DCO Kernel extension if requested + dco_module = 'ovpn_dco_v2' + if 'enable_dco' in openvpn: + check_kmod(dco_module) + else: + unload_kmod(dco_module) + # No matching OpenVPN process running - maybe it got killed or none # existed - nevertheless, spawn new OpenVPN process action = 'reload-or-restart' |