diff options
| author | Daniil Baturin <daniil@vyos.io> | 2024-07-18 19:33:24 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-07-18 21:33:24 +0300 |
| commit | e2b05343b30d2f989968532106e792cbaf75ecf6 (patch) | |
| tree | 4dca6b2d7f28862066c313d7990ac8936fca8264 /src/migration-scripts/openvpn | |
| parent | 4d088e615adf5f9cb51b7d83c43f6476a6f1550b (diff) | |
| download | vyos-1x-e2b05343b30d2f989968532106e792cbaf75ecf6.tar.gz vyos-1x-e2b05343b30d2f989968532106e792cbaf75ecf6.zip | |
openvpn: T6591: deprecate OpenVPN server net30 topology (#3825)
Diffstat (limited to 'src/migration-scripts/openvpn')
| -rw-r--r-- | src/migration-scripts/openvpn/2-to-3 | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/src/migration-scripts/openvpn/2-to-3 b/src/migration-scripts/openvpn/2-to-3 new file mode 100644 index 000000000..0b9073ae6 --- /dev/null +++ b/src/migration-scripts/openvpn/2-to-3 @@ -0,0 +1,43 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2024 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# +# Adds an explicit old default for 'server topology' +# to keep old configs working as before even though the default has changed. + +from vyos.configtree import ConfigTree + +def migrate(config: ConfigTree) -> None: + if not config.exists(['interfaces', 'openvpn']): + # Nothing to do + return + + ovpn_intfs = config.list_nodes(['interfaces', 'openvpn']) + for i in ovpn_intfs: + mode = config.return_value(['interfaces', 'openvpn', i, 'mode']) + if mode != 'server': + # If it's a client or a site-to-site OpenVPN interface, + # the topology setting is not applicable + # and will cause commit errors on load, + # so we must not change such interfaces. + continue + else: + # The default OpenVPN server topology was changed from net30 to subnet + # because net30 is deprecated and causes problems with Windows clients. + # We add 'net30' to old configs if topology is not set there + # to ensure that if anyone relies on net30, their configs work as before. + topology_path = ['interfaces', 'openvpn', i, 'server', 'topology'] + if not config.exists(topology_path): + config.set(topology_path, value='net30', replace=False) |