summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/interface-openvpn.py9
-rwxr-xr-xsrc/conf_mode/interface-vxlan.py16
2 files changed, 12 insertions, 13 deletions
diff --git a/src/conf_mode/interface-openvpn.py b/src/conf_mode/interface-openvpn.py
index 7b3e57d7d..35e7928c2 100755
--- a/src/conf_mode/interface-openvpn.py
+++ b/src/conf_mode/interface-openvpn.py
@@ -167,6 +167,10 @@ key {{ tls_key }}
crl-verify {{ tls_crl }}
{% endif %}
+{%- if tls_version_min %}
+tls-version-min {{tls_version_min}}
+{% endif %}
+
{%- if tls_dh %}
dh {{ tls_dh }}
{% endif %}
@@ -288,6 +292,7 @@ default_config_data = {
'tls_dh': '',
'tls_key': '',
'tls_role': '',
+ 'tls_version_min': '',
'type': 'tun',
'uid': user,
'gid': group,
@@ -572,6 +577,10 @@ def get_config():
openvpn['tls_role'] = conf.return_value('tls role')
openvpn['tls'] = True
+ # Minimum required TLS version
+ if conf.exists('tls tls-version-min'):
+ openvpn['tls_version_min'] = conf.return_value('tls tls-version-min')
+
if conf.exists('shared-secret-key-file'):
openvpn['shared_secret_file'] = conf.return_value('shared-secret-key-file')
diff --git a/src/conf_mode/interface-vxlan.py b/src/conf_mode/interface-vxlan.py
index 59022238e..e97b4bf99 100755
--- a/src/conf_mode/interface-vxlan.py
+++ b/src/conf_mode/interface-vxlan.py
@@ -28,7 +28,6 @@ from netifaces import interfaces
default_config_data = {
'address': [],
- 'address_remove': [],
'deleted': False,
'description': '',
'disable': False,
@@ -43,7 +42,6 @@ default_config_data = {
# the IANA's selection of a standard destination port
}
-
def get_config():
vxlan = deepcopy(default_config_data)
conf = Config()
@@ -66,12 +64,6 @@ def get_config():
if conf.exists('address'):
vxlan['address'] = conf.return_values('address')
- # Determine interface addresses (currently effective) - to determine which
- # address is no longer valid and needs to be removed from the interface
- eff_addr = conf.return_effective_values('address')
- act_addr = conf.return_values('address')
- vxlan['address_remove'] = list_diff(eff_addr, act_addr)
-
# retrieve interface description
if conf.exists('description'):
vxlan['description'] = conf.return_value('description')
@@ -180,11 +172,9 @@ def apply(vxlan):
# Enable proxy-arp on this interface
v.proxy_arp = vxlan['ip_proxy_arp']
- # Configure interface address(es)
- # - not longer required addresses get removed first
- # - newly addresses will be added second
- for addr in vxlan['address_remove']:
- v.del_addr(addr)
+ # Configure interface address(es) - no need to implicitly delete the
+ # old addresses as they have already been removed by deleting the
+ # interface above
for addr in vxlan['address']:
v.add_addr(addr)
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-28 03:18:53 +0000