From 215ddbe0bc51417b7ba66298764810754b204082 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 31 Dec 2020 11:01:43 +0100 Subject: openvpn: T2994: fix ipv6 server mode --- data/templates/openvpn/server.conf.tmpl | 44 ++++++++++++++++----------------- 1 file changed, 21 insertions(+), 23 deletions(-) (limited to 'data') diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl index 462d73c02..b3b0c936a 100644 --- a/data/templates/openvpn/server.conf.tmpl +++ b/data/templates/openvpn/server.conf.tmpl @@ -67,24 +67,29 @@ mode server tls-server {% if server is defined and server is not none %} {% if server.subnet is defined and server.subnet is not none %} -{% if server.topology is defined and server.topology == 'point-to-point' %} +{% if server.topology is defined and server.topology == 'point-to-point' %} topology p2p -{% elif server.topology is defined and server.topology is not none %} +{% elif server.topology is defined and server.topology is not none %} topology {{ server.topology }} -{% endif %} -{% for subnet in server.subnet if subnet | is_ipv4 %} +{% endif %} +{% for subnet in server.subnet %} +{% if subnet | is_ipv4 %} server {{ subnet | address_from_cidr }} {{ subnet | netmask_from_cidr }} nopool {# OpenVPN assigns the first IP address to its local interface so the pool used #} {# in net30 topology - where each client receives a /30 must start from the second subnet #} -{% if server.topology is defined and server.topology == 'net30' %} +{% if server.topology is defined and server.topology == 'net30' %} ifconfig-pool {{ subnet | inc_ip('4') }} {{ subnet | last_host_address | dec_ip('1') }} {{ subnet | netmask_from_cidr if device_type == 'tap' else '' }} -{% else %} +{% else %} {# OpenVPN assigns the first IP address to its local interface so the pool must #} {# start from the second address and end on the last address #} ifconfig-pool {{ subnet | first_host_address | inc_ip('1') }} {{ subnet | last_host_address | dec_ip('1') }} {{ subnet | netmask_from_cidr if device_type == 'tun' else '' }} -{% endif %} +{% endif %} +{% elif subnet | is_ipv6 %} +server-ipv6 {{ subnet }} +{% endif %} {% endfor %} {% endif %} + {% if server.client_ip_pool is defined and server.client_ip_pool is not none and server.client_ip_pool.disable is not defined %} ifconfig-pool {{ server.client_ip_pool.start }} {{ server.client_ip_pool.stop }}{{ server.client_ip_pool.subnet_mask if server.client_ip_pool.subnet_mask is defined and server.client_ip_pool.subnet_mask is not none }} {% endif %} @@ -101,36 +106,29 @@ management /run/openvpn/openvpn-mgmt-intf unix {% if server.reject_unconfigured_clients is defined %} ccd-exclusive {% endif %} + {% if server.push_route is defined and server.push_route is not none %} {% for route in server.push_route %} +{% if route | is_ipv4 %} push "route {{ route | address_from_cidr }} {{ route | netmask_from_cidr }}" +{% elif route | is_ipv6 %} +push "route-ipv6 {{ route }}" +{% endif %} {% endfor %} {% endif %} {% if server.name_server is defined and server.name_server is not none %} {% for nameserver in server.name_server %} +{% if nameserver | is_ipv4 %} push "dhcp-option DNS {{ nameserver }}" +{% elif nameserver | is_ipv6 %} +push "dhcp-option DNS6 {{ nameserver }}" +{% endif %} {% endfor %} {% endif %} {% if server.domain_name is defined and server.domain_name is not none %} push "dhcp-option DOMAIN {{ server.domain_name }}" {% endif %} {% endif %} - -{% if subnet_v6 is defined and subnet_v6 is not none %} -# IPv6 -push "tun-ipv6" -ifconfig-ipv6 {{ server_ipv6_local }}/{{ server_ipv6_prefixlen }} {{ server_ipv6_remote }} -{% if server_ipv6_pool %} -ifconfig-ipv6-pool {{ server_ipv6_pool_base }}/{{ server_ipv6_pool_prefixlen }} -{% endif %} -{% for route6 in server_ipv6_push_route %} -push "route-ipv6 {{ route6 }}" -{% endfor %} -{% for ns6 in server_ipv6_dns_nameserver %} -push "dhcp-option DNS6 {{ ns6 }}" -{% endfor %} -{% endif %} - {% else %} # # OpenVPN site-2-site mode -- cgit v1.2.3