diff options
| author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2025-06-05 16:16:00 +0200 |
|---|---|---|
| committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2025-06-05 17:00:59 +0200 |
| commit | 906ad30fd30f78f5e4c0dac575d4b3f7c64e30b0 (patch) | |
| tree | adec1d2012d5637ff87bec806cde8b603c4a4c6f /src | |
| parent | 5b4a665a81a0ac16c7f546d907e567cacf52338f (diff) | |
| download | vyos-1x-906ad30fd30f78f5e4c0dac575d4b3f7c64e30b0.tar.gz vyos-1x-906ad30fd30f78f5e4c0dac575d4b3f7c64e30b0.zip | |
openvpn: T7056: Raise error if non-TAP device is bridged
Diffstat (limited to 'src')
| -rwxr-xr-x | src/conf_mode/interfaces_bridge.py | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces_bridge.py b/src/conf_mode/interfaces_bridge.py index c14e6a599..fce07ae0a 100755 --- a/src/conf_mode/interfaces_bridge.py +++ b/src/conf_mode/interfaces_bridge.py @@ -111,6 +111,11 @@ def get_config(config=None): elif interface.startswith('wlan') and interface_exists(interface): set_dependents('wlan', conf, interface) + if interface.startswith('vtun'): + _, tmp_config = get_interface_dict(conf, ['interfaces', 'openvpn'], interface) + tmp = tmp_config.get('device_type') == 'tap' + bridge['member']['interface'][interface].update({'valid_ovpn' : tmp}) + # delete empty dictionary keys - no need to run code paths if nothing is there to do if 'member' in bridge: if 'interface' in bridge['member'] and len(bridge['member']['interface']) == 0: @@ -178,6 +183,9 @@ def verify(bridge): if option in interface_config: raise ConfigError('Can not use VLAN options on non VLAN aware bridge') + if interface.startswith('vtun') and not interface_config['valid_ovpn']: + raise ConfigError(error_msg + 'OpenVPN device-type must be set to "tap"') + if 'enable_vlan' in bridge: if dict_search('vif.1', bridge): raise ConfigError(f'VLAN 1 sub interface cannot be set for VLAN aware bridge {ifname}, and VLAN 1 is always the parent interface') |