1 files changed, 33 insertions, 22 deletions
diff --git a/src/conf_mode/interfaces-l2tpv3.py b/src/conf_mode/interfaces-l2tpv3.py
index 11ba9acdd..33cf62f70 100755
--- a/src/conf_mode/interfaces-l2tpv3.py
+++ b/src/conf_mode/interfaces-l2tpv3.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2019 VyOS maintainers and contributors
+# Copyright (C) 2019-2020 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -18,13 +18,13 @@ import os
 
 from sys import exit
 from copy import deepcopy
+from netifaces import interfaces
 
 from vyos.config import Config
 from vyos.ifconfig import L2TPv3If, Interface
 from vyos import ConfigError
 from vyos.util import call
-from vyos.util import is_bridge_member
-from netifaces import interfaces
+from vyos.validate import is_bridge_member, is_addr_assigned
 
 default_config_data = {
     'address': [],
@@ -36,9 +36,10 @@ default_config_data = {
     'local_port': 5000,
     'intf': '',
     'ipv6_autoconf': 0,
-    'ipv6_eui64_prefix': '',
+    'ipv6_eui64_prefix': [],
     'ipv6_forwarding': 1,
     'ipv6_dup_addr_detect': 1,
+    'is_bridge_member': False,
     'mtu': 1488,
     'peer_session_id': '',
     'peer_tunnel_id': '',
@@ -68,15 +69,16 @@ def get_config():
     # Check if interface has been removed
     if not conf.exists('interfaces l2tpv3 ' + l2tpv3['intf']):
         l2tpv3['deleted'] = True
-        # to delete the l2tpv3 interface we need to current
-        # tunnel_id and session_id
-        if conf.exists_effective('interfaces l2tpv3 {} tunnel-id'.format(l2tpv3['intf'])):
-            l2tpv3['tunnel_id'] = conf.return_effective_value(
-                'interfaces l2tpv3 {} tunnel-id'.format(l2tpv3['intf']))
+        interface = l2tpv3['intf']
+        # check if interface is member if a bridge
+        l2tpv3['is_bridge_member'] = is_bridge_member(conf, interface)
 
-        if conf.exists_effective('interfaces l2tpv3 {} session-id'.format(l2tpv3['intf'])):
-            l2tpv3['session_id'] = conf.return_effective_value(
-                'interfaces l2tpv3 {} session-id'.format(l2tpv3['intf']))
+        # to delete the l2tpv3 interface we need the current tunnel_id and session_id
+        if conf.exists_effective(f'interfaces l2tpv3 {interface} tunnel-id'):
+            l2tpv3['tunnel_id'] = conf.return_effective_value(f'interfaces l2tpv3 {interface} tunnel-id')
+
+        if conf.exists_effective(f'interfaces l2tpv3 {interface} session-id'):
+            l2tpv3['session_id'] = conf.return_effective_value(f'interfaces l2tpv3 {interface} session-id')
 
         return l2tpv3
 
@@ -111,9 +113,14 @@ def get_config():
     if conf.exists('ipv6 address autoconf'):
         l2tpv3['ipv6_autoconf'] = 1
 
-    # Get prefix for IPv6 addressing based on MAC address (EUI-64)
+    # Get prefixes for IPv6 addressing based on MAC address (EUI-64)
     if conf.exists('ipv6 address eui64'):
-        l2tpv3['ipv6_eui64_prefix'] = conf.return_value('ipv6 address eui64')
+        l2tpv3['ipv6_eui64_prefix'] = conf.return_values('ipv6 address eui64')
+
+    # Remove the default link-local address if set.
+    if not conf.exists('ipv6 address no-default-link-local'):
+        # add the link-local by default to make IPv6 work
+        l2tpv3['ipv6_eui64_prefix'].append('fe80::/64')
 
     # Disable IPv6 forwarding on this interface
     if conf.exists('ipv6 disable-forwarding'):
@@ -158,17 +165,19 @@ def verify(l2tpv3):
     interface = l2tpv3['intf']
 
     if l2tpv3['deleted']:
-        is_member, bridge = is_bridge_member(interface)
-        if is_member:
-            # can not use a f'' formatted-string here as bridge would not get
-            # expanded in the print statement
-            raise ConfigError('Can not delete interface "{0}" as it ' \
-                              'is a member of bridge "{1}"!'.format(interface, bridge))
+        if l2tpv3['is_bridge_member']:
+            interface = l2tpv3['intf']
+            bridge = l2tpv3['is_bridge_member']
+            raise ConfigError(f'Interface "{interface}" can not be deleted as it belongs to bridge "{bridge}"!')
+
         return None
 
     if not l2tpv3['local_address']:
         raise ConfigError(f'Must configure the l2tpv3 local-ip for {interface}')
 
+    if not is_addr_assigned(l2tpv3['local_address']):
+        raise ConfigError(f'Must use a configured IP on l2tpv3 local-ip for {interface}')
+
     if not l2tpv3['remote_address']:
         raise ConfigError(f'Must configure the l2tpv3 remote-ip for {interface}')
 
@@ -224,8 +233,6 @@ def apply(l2tpv3):
         l.set_mtu(l2tpv3['mtu'])
         # IPv6 address autoconfiguration
         l.set_ipv6_autoconf(l2tpv3['ipv6_autoconf'])
-        # IPv6 EUI-based address
-        l.set_ipv6_eui64_address(l2tpv3['ipv6_eui64_prefix'])
         # IPv6 forwarding
         l.set_ipv6_forwarding(l2tpv3['ipv6_forwarding'])
         # IPv6 Duplicate Address Detection (DAD) tries
@@ -237,6 +244,10 @@ def apply(l2tpv3):
         for addr in l2tpv3['address']:
             l.add_addr(addr)
 
+        # IPv6 EUI-based addresses
+        for addr in l2tpv3['ipv6_eui64_prefix']:
+            l.add_ipv6_eui64_address(addr)
+
         # As the interface is always disabled first when changing parameters
         # we will only re-enable the interface if it is not  administratively
         # disabled