From 3237fec72140f8cadb6ed8cfbfadbb4bb14d4554 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Mon, 23 Nov 2020 11:33:15 +0100
Subject: openvpn: T3074: fix site-2-site operation mode

When rendering the configs "ifconfig" statement wrong IP addresses have been
used for the "tun" operating mode. This has been corrected.
---
 src/conf_mode/interfaces-openvpn.py | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

(limited to 'src/conf_mode/interfaces-openvpn.py')

diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index a4524a59e..0e661c84b 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -120,7 +120,7 @@ def verify(openvpn):
     # OpenVPN site-to-site - VERIFY
     #
     elif openvpn['mode'] == 'site-to-site':
-        if not 'local_address' in openvpn:
+        if 'local_address' not in openvpn and 'is_bridge_member' not in openvpn:
             raise ConfigError('Must specify "local-address" or add interface to bridge')
 
         if len([addr for addr in openvpn['local_address'] if is_ipv4(addr)]) > 1:
@@ -166,15 +166,16 @@ def verify(openvpn):
             if dict_search('remote_host', openvpn) in dict_search('remote_address', openvpn):
                 raise ConfigError('"remote-address" and "remote-host" can not be the same')
 
-
-        if 'local_address' in openvpn:
+        if openvpn['device_type'] == 'tap':
             # we can only have one local_address, this is ensured above
             v4addr = None
             for laddr in openvpn['local_address']:
-                if is_ipv4(laddr): v4addr = laddr
+                if is_ipv4(laddr):
+                    v4addr = laddr
+                    break
 
-            if 'remote_address' not in openvpn and (v4addr not in openvpn['local_address'] or 'subnet_mask' not in openvpn['local_address'][v4addr]):
-                raise ConfigError('IPv4 "local-address" requires IPv4 "remote-address" or IPv4 "local-address subnet"')
+            if v4addr in openvpn['local_address'] and 'subnet_mask' not in openvpn['local_address'][v4addr]:
+                raise ConfigError('Must specify IPv4 "subnet-mask" for local-address')
 
         if dict_search('encryption.ncp_ciphers', openvpn):
             raise ConfigError('NCP ciphers can only be used in client or server mode')
-- 
cgit v1.2.3