summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorzsdc <taras@vyos.io>2021-10-04 10:40:31 +0300
committerzsdc <taras@vyos.io>2021-10-04 10:40:31 +0300
commit3fd2ff423b6c6e992b2ed531c7ba99fb9e1a2123 (patch)
treef9e45d80111b80732b977cecd99289ac4fdc9c2e /src
parent044e9dc8bc7e3d946b0ba1f1edfe06b5323aeadd (diff)
downloadvyos-1x-3fd2ff423b6c6e992b2ed531c7ba99fb9e1a2123.tar.gz
vyos-1x-3fd2ff423b6c6e992b2ed531c7ba99fb9e1a2123.zip
OpenVPN: T3350: Changed custom options for OpenVPN processing
Custom OpenVPN options moved back to the command line from a configuration file. This should keep full compatibility with the `crux` branch, and allows to avoid mistakes with parsing options that contain `--` in the middle. The only smart part of this - handling a `push` option. Because of internal changes in OpenVPN, previously it did not require an argument in the double-quotes, but after version update in `equuleus` and `sagitta` old syntax became invalid. So, all the `push` options are processed to add quotes. The solution is still not complete, because if a single config line contains `push` with other options, it will not work, but it is better than nothing.
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/interfaces-openvpn.py12
-rw-r--r--src/etc/systemd/system/openvpn@.service.d/10-override.conf (renamed from src/etc/systemd/system/openvpn@.service.d/override.conf)0
2 files changed, 12 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index ce62a8b82..1b4fc95c9 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -60,6 +60,7 @@ group = 'openvpn'
cfg_dir = '/run/openvpn'
cfg_file = '/run/openvpn/{ifname}.conf'
+service_file = '/run/systemd/system/openvpn@{ifname}.service.d/20-override.conf'
def get_config(config=None):
"""
@@ -536,6 +537,11 @@ def generate(openvpn):
if os.path.isdir(ccd_dir):
rmtree(ccd_dir, ignore_errors=True)
+ # Remove systemd directories with overrides
+ service_dir = os.path.dirname(service_file.format(**openvpn))
+ if os.path.isdir(service_dir):
+ rmtree(service_dir, ignore_errors=True)
+
if 'deleted' in openvpn or 'disable' in openvpn:
return None
@@ -571,6 +577,12 @@ def generate(openvpn):
render(cfg_file.format(**openvpn), 'openvpn/server.conf.tmpl', openvpn,
formater=lambda _: _.replace("&quot;", '"'), user=user, group=group)
+ # Render 20-override.conf for OpenVPN service
+ render(service_file.format(**openvpn), 'openvpn/service-override.conf.tmpl', openvpn,
+ formater=lambda _: _.replace("&quot;", '"'), user=user, group=group)
+ # Reload systemd services config to apply an override
+ call(f'systemctl daemon-reload')
+
return None
def apply(openvpn):
diff --git a/src/etc/systemd/system/openvpn@.service.d/override.conf b/src/etc/systemd/system/openvpn@.service.d/10-override.conf
index 03fe6b587..03fe6b587 100644
--- a/src/etc/systemd/system/openvpn@.service.d/override.conf
+++ b/src/etc/systemd/system/openvpn@.service.d/10-override.conf