diff options
| -rwxr-xr-x | src/conf_mode/pki.py | 8 | ||||
| -rwxr-xr-x | src/conf_mode/vrf.py | 14 | ||||
| -rwxr-xr-x | src/op_mode/openvpn.py | 7 |
3 files changed, 25 insertions, 4 deletions
diff --git a/src/conf_mode/pki.py b/src/conf_mode/pki.py index 6228ff0d2..8deec0e85 100755 --- a/src/conf_mode/pki.py +++ b/src/conf_mode/pki.py @@ -25,6 +25,7 @@ from vyos.configdep import set_dependents from vyos.configdep import call_dependents from vyos.configdict import node_changed from vyos.configdiff import Diff +from vyos.configdiff import get_config_diff from vyos.defaults import directories from vyos.pki import is_ca_certificate from vyos.pki import load_certificate @@ -199,6 +200,7 @@ def get_config(config=None): pki['system'] = conf.get_config_dict([], key_mangling=('-', '_'), get_first_key=True, no_tag_node_value_mangle=True) + D = get_config_diff(conf) for search in sync_search: for key in search['keys']: @@ -230,9 +232,11 @@ def get_config(config=None): if path[0] == 'interfaces': ifname = found_path[0] - set_dependents(path[1], conf, ifname) + if not D.node_changed_presence(path + [ifname]): + set_dependents(path[1], conf, ifname) else: - set_dependents(path[1], conf) + if not D.node_changed_presence(path): + set_dependents(path[1], conf) return pki diff --git a/src/conf_mode/vrf.py b/src/conf_mode/vrf.py index 1fc813189..587309005 100755 --- a/src/conf_mode/vrf.py +++ b/src/conf_mode/vrf.py @@ -315,6 +315,20 @@ def apply(vrf): for chain, rule in nftables_rules.items(): cmd(f'nft flush chain inet vrf_zones {chain}') + # Return default ip rule values + if 'name' not in vrf: + for afi in ['-4', '-6']: + # move lookup local to pref 0 (from 32765) + if not has_rule(afi, 0, 'local'): + call(f'ip {afi} rule add pref 0 from all lookup local') + if has_rule(afi, 32765, 'local'): + call(f'ip {afi} rule del pref 32765 table local') + + if has_rule(afi, 1000, 'l3mdev'): + call(f'ip {afi} rule del pref 1000 l3mdev protocol kernel') + if has_rule(afi, 2000, 'l3mdev'): + call(f'ip {afi} rule del pref 2000 l3mdev unreachable') + # Apply FRR filters zebra_daemon = 'zebra' # Save original configuration prior to starting any commit actions diff --git a/src/op_mode/openvpn.py b/src/op_mode/openvpn.py index d54a67199..092873909 100755 --- a/src/op_mode/openvpn.py +++ b/src/op_mode/openvpn.py @@ -48,9 +48,12 @@ def _get_tunnel_address(peer_host, peer_port, status_file): # 10.10.2.0/25,client1,... lst = [l for l in lst[1:] if '/' not in l.split(',')[0]] - tunnel_ip = lst[0].split(',')[0] + if lst: + tunnel_ip = lst[0].split(',')[0] - return tunnel_ip + return tunnel_ip + + return 'n/a' def _get_interface_status(mode: str, interface: str) -> dict: status_file = f'/run/openvpn/{interface}.status' |