diff options
| -rw-r--r-- | data/templates/ocserv/ocserv_config.j2 | 4 | ||||
| -rw-r--r-- | interface-definitions/include/firewall/dscp.xml.i | 2 | ||||
| -rw-r--r-- | interface-definitions/include/firewall/packet-length.xml.i | 2 | ||||
| -rw-r--r-- | interface-definitions/include/firewall/tcp-flags.xml.i | 1 | ||||
| -rw-r--r-- | interface-definitions/service-pppoe-server.xml.in | 2 | ||||
| -rw-r--r-- | interface-definitions/vpn-openconnect.xml.in | 4 | ||||
| -rwxr-xr-x | src/conf_mode/vpn_openconnect.py | 3 | ||||
| -rwxr-xr-x | src/validators/range | 56 |
8 files changed, 11 insertions, 63 deletions
diff --git a/data/templates/ocserv/ocserv_config.j2 b/data/templates/ocserv/ocserv_config.j2 index 1d105113d..3194354e6 100644 --- a/data/templates/ocserv/ocserv_config.j2 +++ b/data/templates/ocserv/ocserv_config.j2 @@ -1,5 +1,9 @@ ### generated by vpn_openconnect.py ### +{% if listen_address is vyos_defined %} +listen-host = {{ listen_address }} +{% endif %} + tcp-port = {{ listen_ports.tcp }} udp-port = {{ listen_ports.udp }} diff --git a/interface-definitions/include/firewall/dscp.xml.i b/interface-definitions/include/firewall/dscp.xml.i index 642212d7e..796bab548 100644 --- a/interface-definitions/include/firewall/dscp.xml.i +++ b/interface-definitions/include/firewall/dscp.xml.i @@ -12,7 +12,6 @@ </valueHelp> <constraint> <validator name="numeric" argument="--range 0-63"/> - <validator name="range" argument="--min=0 --max=63"/> </constraint> <multi/> </properties> @@ -30,7 +29,6 @@ </valueHelp> <constraint> <validator name="numeric" argument="--range 0-63"/> - <validator name="range" argument="--min=0 --max=63"/> </constraint> <multi/> </properties> diff --git a/interface-definitions/include/firewall/packet-length.xml.i b/interface-definitions/include/firewall/packet-length.xml.i index 043f56d16..91f08314a 100644 --- a/interface-definitions/include/firewall/packet-length.xml.i +++ b/interface-definitions/include/firewall/packet-length.xml.i @@ -12,7 +12,6 @@ </valueHelp> <constraint> <validator name="numeric" argument="--range 1-65535"/> - <validator name="range" argument="--min=1 --max=65535"/> </constraint> <multi/> </properties> @@ -30,7 +29,6 @@ </valueHelp> <constraint> <validator name="numeric" argument="--range 1-65535"/> - <validator name="range" argument="--min=1 --max=65535"/> </constraint> <multi/> </properties> diff --git a/interface-definitions/include/firewall/tcp-flags.xml.i b/interface-definitions/include/firewall/tcp-flags.xml.i index 5a7b5a8d3..fc0da3135 100644 --- a/interface-definitions/include/firewall/tcp-flags.xml.i +++ b/interface-definitions/include/firewall/tcp-flags.xml.i @@ -127,7 +127,6 @@ </valueHelp> <constraint> <validator name="numeric" argument="--range 1-16384"/> - <validator name="range" argument="--min=1 --max=16384"/> </constraint> </properties> </leafNode> diff --git a/interface-definitions/service-pppoe-server.xml.in b/interface-definitions/service-pppoe-server.xml.in index 50f42849b..c88f9e950 100644 --- a/interface-definitions/service-pppoe-server.xml.in +++ b/interface-definitions/service-pppoe-server.xml.in @@ -90,7 +90,7 @@ <description>VLAN monitor range for the automatic creation of vlans (e.g. 1-4094)</description> </valueHelp> <constraint> - <validator name="range" argument="--min=1 --max=4094"/> + <validator name="numeric" argument="--range 1-4094"/> </constraint> <multi/> </properties> diff --git a/interface-definitions/vpn-openconnect.xml.in b/interface-definitions/vpn-openconnect.xml.in index 522465611..bc7f78e79 100644 --- a/interface-definitions/vpn-openconnect.xml.in +++ b/interface-definitions/vpn-openconnect.xml.in @@ -163,6 +163,10 @@ </node> </children> </node> + #include <include/listen-address-ipv4.xml.i> + <leafNode name="listen-address"> + <defaultValue>0.0.0.0</defaultValue> + </leafNode> <node name="listen-ports"> <properties> <help>Specify custom ports to use for client connections</help> diff --git a/src/conf_mode/vpn_openconnect.py b/src/conf_mode/vpn_openconnect.py index 23b1baf4d..c050b796b 100755 --- a/src/conf_mode/vpn_openconnect.py +++ b/src/conf_mode/vpn_openconnect.py @@ -81,9 +81,10 @@ def verify(ocserv): # Check if listen-ports not binded other services # It can be only listen by 'ocserv-main' for proto, port in ocserv.get('listen_ports').items(): - if check_port_availability('0.0.0.0', int(port), proto) is not True and \ + if check_port_availability(ocserv['listen_address'], int(port), proto) is not True and \ not is_listen_port_bind_service(int(port), 'ocserv-main'): raise ConfigError(f'"{proto}" port "{port}" is used by another service') + # Check authentication if "authentication" in ocserv: if "mode" in ocserv["authentication"]: diff --git a/src/validators/range b/src/validators/range deleted file mode 100755 index d4c25f3c4..000000000 --- a/src/validators/range +++ /dev/null @@ -1,56 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright (C) 2021 VyOS maintainers and contributors -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 or later as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. - -import re -import sys -import argparse - -class MalformedRange(Exception): - pass - -def validate_range(value, min=None, max=None): - try: - lower, upper = re.match(r'^(\d+)-(\d+)$', value).groups() - - lower, upper = int(lower), int(upper) - - if int(lower) > int(upper): - raise MalformedRange("the lower bound exceeds the upper bound".format(value)) - - if min is not None: - if lower < min: - raise MalformedRange("the lower bound must not be less than {}".format(min)) - - if max is not None: - if upper > max: - raise MalformedRange("the upper bound must not be greater than {}".format(max)) - - except (AttributeError, ValueError): - raise MalformedRange("range syntax error") - -parser = argparse.ArgumentParser(description='Range validator.') -parser.add_argument('--min', type=int, action='store') -parser.add_argument('--max', type=int, action='store') -parser.add_argument('value', action='store') - -if __name__ == '__main__': - args = parser.parse_args() - - try: - validate_range(args.value, min=args.min, max=args.max) - except MalformedRange as e: - print("Incorrect range '{}': {}".format(args.value, e)) - sys.exit(1) |