From 60f093464692f08c1c32c9e31513a6ae98636617 Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Mon, 28 Mar 2022 10:46:30 +0300 Subject: Revert "openvpn: T4230: globally enable ip_nonlocal_bind" This reverts commit 1cbcbf40b7721849f9696c05fac65db010a66b7c. --- src/conf_mode/interfaces-openvpn.py | 7 +++++++ src/etc/sysctl.d/33-vyos-nonlocal-bind.conf | 8 -------- 2 files changed, 7 insertions(+), 8 deletions(-) delete mode 100644 src/etc/sysctl.d/33-vyos-nonlocal-bind.conf (limited to 'src') diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index c30c0bdd0..8f9c0b3f1 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -653,6 +653,13 @@ def apply(openvpn): return None + # verify specified IP address is present on any interface on this system + # Allow to bind service to nonlocal address, if it virtaual-vrrp address + # or if address will be assign later + if 'local_host' in openvpn: + if not is_addr_assigned(openvpn['local_host']): + cmd('sysctl -w net.ipv4.ip_nonlocal_bind=1') + # No matching OpenVPN process running - maybe it got killed or none # existed - nevertheless, spawn new OpenVPN process action = 'reload-or-restart' diff --git a/src/etc/sysctl.d/33-vyos-nonlocal-bind.conf b/src/etc/sysctl.d/33-vyos-nonlocal-bind.conf deleted file mode 100644 index aa81b5336..000000000 --- a/src/etc/sysctl.d/33-vyos-nonlocal-bind.conf +++ /dev/null @@ -1,8 +0,0 @@ -### Added by vyos-1x ### -# -# ip_nonlocal_bind - BOOLEAN -# If set, allows processes to bind() to non-local IP addresses, -# which can be quite useful - but may break some applications. -# Default: 0 -net.ipv4.ip_nonlocal_bind = 1 -net.ipv6.ip_nonlocal_bind = 1 -- cgit v1.2.3