Skip to content

Commit 5a26879

Browse files
authored
[change] Updated default values for parameters OpenVpn.auto_client #240
The client configuration generated by OpenVpn.autoclient will have "script_security" set to "2" and "log" set to "/var/log/<ifname>.log". Closes #240
1 parent bdbf4d9 commit 5a26879

File tree

2 files changed

+12
-2
lines changed

2 files changed

+12
-2
lines changed

netjsonconfig/backends/openvpn/openvpn.py

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -105,10 +105,8 @@ def auto_client(
105105
'persist_tun',
106106
'mute',
107107
'persist_key',
108-
'script_security',
109108
'user',
110109
'group',
111-
'log',
112110
'mute_replay_warnings',
113111
'secret',
114112
'reneg_sec',
@@ -122,6 +120,14 @@ def auto_client(
122120
for key in copy_keys:
123121
if key in server:
124122
client[key] = server[key]
123+
if 'script_security' in server:
124+
# From OpenWrt 21 onwards, "script_security" of "2"
125+
# is required for functioning of OpenVPN tunnels.
126+
client['script_security'] = 2
127+
if 'log' in server:
128+
# The "/var/log/openvpn" directory is not present
129+
# on OpenWrt, hence the location of the log is changed.
130+
client['log'] = server['log'].replace('/var/log/openvpn/', '/var/log/')
125131
files = cls._auto_client_files(
126132
client,
127133
ca_path,

tests/openvpn/test_backend.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -595,6 +595,8 @@ def test_auto_client_complex(self):
595595
"engine": "dynamic",
596596
"ns_cert_type": "client",
597597
"server_bridge": "",
598+
"script_security": 1,
599+
"log": "/var/log/openvpn/tap0.log",
598600
}
599601
client_config = OpenVpn.auto_client(
600602
'vpn1.test.com',
@@ -617,13 +619,15 @@ def test_auto_client_complex(self):
617619
dev tap0
618620
dev-type tap
619621
key {{key_path_1}}
622+
log /var/log/tap0.log
620623
mode p2p
621624
nobind
622625
ns-cert-type server
623626
proto tcp-client
624627
pull
625628
remote vpn1.test.com 1195
626629
resolv-retry infinite
630+
script-security 2
627631
tls-client
628632
629633
# ---------- files ---------- #

0 commit comments

Comments
 (0)