From 215ddbe0bc51417b7ba66298764810754b204082 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Thu, 31 Dec 2020 11:01:43 +0100
Subject: openvpn: T2994: fix ipv6 server mode
---
data/templates/openvpn/server.conf.tmpl | 44 ++++++++++++++++-----------------
1 file changed, 21 insertions(+), 23 deletions(-)
(limited to 'data')
diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl
index 462d73c02..b3b0c936a 100644
--- a/data/templates/openvpn/server.conf.tmpl
+++ b/data/templates/openvpn/server.conf.tmpl
@@ -67,24 +67,29 @@ mode server
tls-server
{% if server is defined and server is not none %}
{% if server.subnet is defined and server.subnet is not none %}
-{% if server.topology is defined and server.topology == 'point-to-point' %}
+{% if server.topology is defined and server.topology == 'point-to-point' %}
topology p2p
-{% elif server.topology is defined and server.topology is not none %}
+{% elif server.topology is defined and server.topology is not none %}
topology {{ server.topology }}
-{% endif %}
-{% for subnet in server.subnet if subnet | is_ipv4 %}
+{% endif %}
+{% for subnet in server.subnet %}
+{% if subnet | is_ipv4 %}
server {{ subnet | address_from_cidr }} {{ subnet | netmask_from_cidr }} nopool
{# OpenVPN assigns the first IP address to its local interface so the pool used #}
{# in net30 topology - where each client receives a /30 must start from the second subnet #}
-{% if server.topology is defined and server.topology == 'net30' %}
+{% if server.topology is defined and server.topology == 'net30' %}
ifconfig-pool {{ subnet | inc_ip('4') }} {{ subnet | last_host_address | dec_ip('1') }} {{ subnet | netmask_from_cidr if device_type == 'tap' else '' }}
-{% else %}
+{% else %}
{# OpenVPN assigns the first IP address to its local interface so the pool must #}
{# start from the second address and end on the last address #}
ifconfig-pool {{ subnet | first_host_address | inc_ip('1') }} {{ subnet | last_host_address | dec_ip('1') }} {{ subnet | netmask_from_cidr if device_type == 'tun' else '' }}
-{% endif %}
+{% endif %}
+{% elif subnet | is_ipv6 %}
+server-ipv6 {{ subnet }}
+{% endif %}
{% endfor %}
{% endif %}
+
{% if server.client_ip_pool is defined and server.client_ip_pool is not none and server.client_ip_pool.disable is not defined %}
ifconfig-pool {{ server.client_ip_pool.start }} {{ server.client_ip_pool.stop }}{{ server.client_ip_pool.subnet_mask if server.client_ip_pool.subnet_mask is defined and server.client_ip_pool.subnet_mask is not none }}
{% endif %}
@@ -101,36 +106,29 @@ management /run/openvpn/openvpn-mgmt-intf unix
{% if server.reject_unconfigured_clients is defined %}
ccd-exclusive
{% endif %}
+
{% if server.push_route is defined and server.push_route is not none %}
{% for route in server.push_route %}
+{% if route | is_ipv4 %}
push "route {{ route | address_from_cidr }} {{ route | netmask_from_cidr }}"
+{% elif route | is_ipv6 %}
+push "route-ipv6 {{ route }}"
+{% endif %}
{% endfor %}
{% endif %}
{% if server.name_server is defined and server.name_server is not none %}
{% for nameserver in server.name_server %}
+{% if nameserver | is_ipv4 %}
push "dhcp-option DNS {{ nameserver }}"
+{% elif nameserver | is_ipv6 %}
+push "dhcp-option DNS6 {{ nameserver }}"
+{% endif %}
{% endfor %}
{% endif %}
{% if server.domain_name is defined and server.domain_name is not none %}
push "dhcp-option DOMAIN {{ server.domain_name }}"
{% endif %}
{% endif %}
-
-{% if subnet_v6 is defined and subnet_v6 is not none %}
-# IPv6
-push "tun-ipv6"
-ifconfig-ipv6 {{ server_ipv6_local }}/{{ server_ipv6_prefixlen }} {{ server_ipv6_remote }}
-{% if server_ipv6_pool %}
-ifconfig-ipv6-pool {{ server_ipv6_pool_base }}/{{ server_ipv6_pool_prefixlen }}
-{% endif %}
-{% for route6 in server_ipv6_push_route %}
-push "route-ipv6 {{ route6 }}"
-{% endfor %}
-{% for ns6 in server_ipv6_dns_nameserver %}
-push "dhcp-option DNS6 {{ ns6 }}"
-{% endfor %}
-{% endif %}
-
{% else %}
#
# OpenVPN site-2-site mode
--
cgit v1.2.3