1 files changed, 21 insertions, 7 deletions

diff --git a/src/conf_mode/interfaces-l2tpv3.py b/src/conf_mode/interfaces-l2tpv3.py
index 33cf62f70..26bb537e5 100755
--- a/src/conf_mode/interfaces-l2tpv3.py
+++ b/src/conf_mode/interfaces-l2tpv3.py
@@ -24,7 +24,7 @@ from vyos.config import Config
 from vyos.ifconfig import L2TPv3If, Interface
 from vyos import ConfigError
 from vyos.util import call
-from vyos.validate import is_bridge_member, is_addr_assigned
+from vyos.validate import is_member, is_addr_assigned
 
 default_config_data = {
     'address': [],
@@ -66,12 +66,13 @@ def get_config():
 
     l2tpv3['intf'] = os.environ['VYOS_TAGNODE_VALUE']
 
+    # check if interface is member of a bridge
+    l2tpv3['is_bridge_member'] = is_member(conf, l2tpv3['intf'], 'bridge')
+
     # Check if interface has been removed
     if not conf.exists('interfaces l2tpv3 ' + l2tpv3['intf']):
         l2tpv3['deleted'] = True
         interface = l2tpv3['intf']
-        # check if interface is member if a bridge
-        l2tpv3['is_bridge_member'] = is_bridge_member(conf, interface)
 
         # to delete the l2tpv3 interface we need the current tunnel_id and session_id
         if conf.exists_effective(f'interfaces l2tpv3 {interface} tunnel-id'):
@@ -118,7 +119,8 @@ def get_config():
         l2tpv3['ipv6_eui64_prefix'] = conf.return_values('ipv6 address eui64')
 
     # Remove the default link-local address if set.
-    if not conf.exists('ipv6 address no-default-link-local'):
+    if not ( conf.exists('ipv6 address no-default-link-local') or
+            l2tpv3['is_bridge_member'] ):
         # add the link-local by default to make IPv6 work
         l2tpv3['ipv6_eui64_prefix'].append('fe80::/64')
 
@@ -166,9 +168,9 @@ def verify(l2tpv3):
 
     if l2tpv3['deleted']:
         if l2tpv3['is_bridge_member']:
-            interface = l2tpv3['intf']
-            bridge = l2tpv3['is_bridge_member']
-            raise ConfigError(f'Interface "{interface}" can not be deleted as it belongs to bridge "{bridge}"!')
+            raise ConfigError((
+                f'Interface "{l2tpv3["intf"]}" cannot be deleted as it is a '
+                f'member of bridge "{l2tpv3["is_bridge_member"]}"!'))
 
         return None
 
@@ -193,6 +195,14 @@ def verify(l2tpv3):
     if not l2tpv3['peer_session_id']:
         raise ConfigError(f'Must configure the l2tpv3 peer-session-id for {interface}')
 
+    if ( l2tpv3['is_bridge_member']
+            and ( l2tpv3['address']
+                or l2tpv3['ipv6_eui64_prefix']
+                or l2tpv3['ipv6_autoconf'] ) ):
+        raise ConfigError((
+            f'Cannot assign address to interface "{l2tpv3["intf"]}" '
+            f'as it is a member of bridge "{l2tpv3["is_bridge_member"]}"!'))
+
     return None
 
 
@@ -254,6 +264,10 @@ def apply(l2tpv3):
         if not l2tpv3['disable']:
             l.set_admin_state('up')
 
+        # re-add ourselves to any bridge we might have fallen out of
+        if l2tpv3['is_bridge_member']:
+            l.add_to_bridge(l2tpv3['is_bridge_member'])
+
     return None
 
 if __name__ == '__main__':