From f64b7cb6e6c9e80912daed095a90a4fd2581c79f Mon Sep 17 00:00:00 2001
From: Daniil Baturin <daniil@vyos.io>
Date: Sun, 1 May 2022 08:00:52 -0400
Subject: T4402: fix ifconfig-pool generation logic

---
 data/templates/openvpn/server.conf.tmpl | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'data')

diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl
index 75aae2981..627068b3e 100644
--- a/data/templates/openvpn/server.conf.tmpl
+++ b/data/templates/openvpn/server.conf.tmpl
@@ -82,15 +82,18 @@ push "route-ipv6 {{ route }}"
 {%         endif %}
 {%       endfor %}
 {%     endif %}
+
+{%     if server.client_ip_pool is not defined %}
 {# OpenVPN assigns the first IP address to its local interface so the pool used #}
 {# in net30 topology - where each client receives a /30 must start from the second subnet #}
 {%           if server.topology is defined and server.topology == 'net30' %}
-ifconfig-pool {{ subnet | inc_ip('4') }} {{ subnet | last_host_address | dec_ip('1') }} {{ subnet | netmask_from_cidr if device_type == 'tap' else '' }}
+ifconfig-pool {{ subnet | inc_ip('4') }} {{ subnet | last_host_address | dec_ip('1') }} {% if device_type == 'tap' %} {{ subnet | netmask_from_cidr }} {% endif %}
 {%           else %}
 {# OpenVPN assigns the first IP address to its local interface so the pool must #}
 {# start from the second address and end on the last address #}
-ifconfig-pool {{ subnet | first_host_address | inc_ip('1') }} {{ subnet | last_host_address | dec_ip('1') }} {{ subnet | netmask_from_cidr if device_type == 'tun' else '' }}
+ifconfig-pool {{ subnet | first_host_address | inc_ip('1') }} {{ subnet | last_host_address | dec_ip('1') }} {% if device_type == 'tap' %} {{ subnet | netmask_from_cidr }} {% endif %}
 {%           endif %}
+{%         endif %}
 {%         elif subnet | is_ipv6 %}
 server-ipv6 {{ subnet }}
 {%         endif %}
@@ -98,7 +101,7 @@ server-ipv6 {{ subnet }}
 {%     endif %}
 
 {%     if server.client_ip_pool is defined and server.client_ip_pool is not none and server.client_ip_pool.disable is not defined %}
-ifconfig-pool {{ server.client_ip_pool.start }} {{ server.client_ip_pool.stop }}{{ server.client_ip_pool.subnet_mask if server.client_ip_pool.subnet_mask is defined and server.client_ip_pool.subnet_mask is not none }}
+ifconfig-pool {{ server.client_ip_pool.start }} {{ server.client_ip_pool.stop }} {{ server.client_ip_pool.subnet_mask if server.client_ip_pool.subnet_mask is defined and server.client_ip_pool.subnet_mask is not none and device_type == 'tap' }}
 {%     endif %}
 {%     if server.max_connections is defined and server.max_connections is not none %}
 max-clients {{ server.max_connections }}
-- 
cgit v1.2.3