summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-04-15 22:22:00 +0200
committerGitHub <noreply@github.com>2020-04-15 22:22:00 +0200
commitf50877bff8afed409f02d2978da6a70c383ccea1 (patch)
tree1cf1d2af7819e1415be39f33a3933011d9fb8629 /src
parent2bdd37a165c0e85dee371cff64e995d83d8cb118 (diff)
parent44dab795acaa39d8481d86022b691626989e52e8 (diff)
downloadvyos-1x-f50877bff8afed409f02d2978da6a70c383ccea1.tar.gz
vyos-1x-f50877bff8afed409f02d2978da6a70c383ccea1.zip
Merge pull request #349 from jjakob/openvpn-pool
openvpn: T2335: allow disabling client-ip-pool
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/interfaces-openvpn.py30
1 files changed, 19 insertions, 11 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index 6733623c6..435e8a8f0 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -72,7 +72,7 @@ default_config_data = {
'server_domain': '',
'server_max_conn': '',
'server_dns_nameserver': [],
- 'server_pool': False,
+ 'server_pool': True,
'server_pool_start': '',
'server_pool_stop': '',
'server_pool_netmask': '',
@@ -195,6 +195,10 @@ def get_config():
if intf == openvpn['intf']:
openvpn['bridge_member'].append(intf)
+ # bridged server should not have a pool by default (but can be specified manually)
+ if openvpn['bridge_member']:
+ openvpn['server_pool'] = False
+
# set configuration level
conf.set_level('interfaces openvpn ' + openvpn['intf'])
@@ -386,16 +390,22 @@ def get_config():
# Server client IP pool
if conf.exists('server client-ip-pool'):
- openvpn['server_pool'] = True
+ conf.set_level('interfaces openvpn ' + openvpn['intf'] + ' server client-ip-pool')
+
+ # enable or disable server_pool where necessary
+ # default is enabled, or disabled in bridge mode
+ openvpn['server_pool'] = not conf.exists('disable')
+
+ if conf.exists('start'):
+ openvpn['server_pool_start'] = conf.return_value('start')
- if conf.exists('server client-ip-pool start'):
- openvpn['server_pool_start'] = conf.return_value('server client-ip-pool start')
+ if conf.exists('stop'):
+ openvpn['server_pool_stop'] = conf.return_value('stop')
- if conf.exists('server client-ip-pool stop'):
- openvpn['server_pool_stop'] = conf.return_value('server client-ip-pool stop')
+ if conf.exists('netmask'):
+ openvpn['server_pool_netmask'] = conf.return_value('netmask')
- if conf.exists('server client-ip-pool netmask'):
- openvpn['server_pool_netmask'] = conf.return_value('server client-ip-pool netmask')
+ conf.set_level('interfaces openvpn ' + openvpn['intf'])
# DNS suffix to be pushed to all clients
if conf.exists('server domain-name'):
@@ -486,8 +496,7 @@ def get_config():
default_server = getDefaultServer(server_network, openvpn['server_topology'], openvpn['type'])
if default_server:
# server-bridge doesn't require a pool so don't set defaults for it
- if not openvpn['bridge_member']:
- openvpn['server_pool'] = True
+ if openvpn['server_pool'] and not openvpn['bridge_member']:
if not openvpn['server_pool_start']:
openvpn['server_pool_start'] = default_server['pool_start']
@@ -610,7 +619,6 @@ def verify(openvpn):
if not openvpn['bridge_member']:
raise ConfigError('Must specify "server subnet" or "bridge member interface" in server mode')
-
if openvpn['server_pool']:
if not (openvpn['server_pool_start'] and openvpn['server_pool_stop']):
raise ConfigError('Server client-ip-pool requires both start and stop addresses in bridged mode')