diff options
author | Daniil Baturin <daniil@baturin.org> | 2018-11-19 17:57:41 +0100 |
---|---|---|
committer | Daniil Baturin <daniil@baturin.org> | 2018-11-19 17:57:41 +0100 |
commit | 39bd2ea05e48171dcf81e448e733dd5aa7cc3447 (patch) | |
tree | c4965479a62b2fdf2739c6c1db3cd182b2ccb371 | |
parent | c123e92921410e0ec100ed1bd834b421e66c99ad (diff) | |
parent | dcb207265472c2fed5fe13c1ba7091e5eea334a7 (diff) | |
download | vyos-1x-39bd2ea05e48171dcf81e448e733dd5aa7cc3447.tar.gz vyos-1x-39bd2ea05e48171dcf81e448e733dd5aa7cc3447.zip |
Merge branch 'current' into crux
-rw-r--r-- | interface-definitions/pppoe-server.xml | 376 | ||||
-rwxr-xr-x | src/conf_mode/accel_pppoe.py | 300 |
2 files changed, 601 insertions, 75 deletions
diff --git a/interface-definitions/pppoe-server.xml b/interface-definitions/pppoe-server.xml index 543ff1663..2fac4ec5a 100644 --- a/interface-definitions/pppoe-server.xml +++ b/interface-definitions/pppoe-server.xml @@ -8,6 +8,19 @@ <priority>900</priority> </properties> <children> + <node name="snmp"> + <properties> + <help>Enable SNMP</help> + </properties> + <children> + <leafNode name="master-agent"> + <properties> + <help>enable SNMP master agent mode</help> + <valueless /> + </properties> + </leafNode> + </children> + </node> <leafNode name="access-concentrator"> <properties> <help>Access concentrator name</help> @@ -51,22 +64,25 @@ </tagNode> </children> </node> - <leafNode name="mode"> + <node name="mode"> <properties> <help>Authentication mode for PPPoE Server</help> - <valueHelp> - <format>local</format> - <description>Use local username/password configuration</description> - </valueHelp> - <valueHelp> - <format>radius</format> - <description>Use Radius server to autenticate users</description> - </valueHelp> - <constraint> - <regex>^(local|radius)</regex> - </constraint> </properties> - </leafNode> + <children> + <leafNode name="local"> + <properties> + <help>Use local username/password configuration</help> + <valueless /> + </properties> + </leafNode> + <leafNode name="radius"> + <properties> + <help>Use Radius server to autenticate users</help> + <valueless /> + </properties> + </leafNode> + </children> + </node> <tagNode name="radius-server"> <properties> <help>IP address of radius server</help> @@ -76,13 +92,77 @@ </valueHelp> </properties> <children> - <leafNode name="key"> + <leafNode name="secret"> <properties> <help>Key for accessing the specified server</help> </properties> </leafNode> + <leafNode name="req-limit"> + <properties> + <help>maximum number of simultaneous requests to server (default: unlimited)</help> + </properties> + </leafNode> + <leafNode name="fail-time"> + <properties> + <help>if server doesn't responds mark it as unavailable for this amount of time in seconds</help> + </properties> + </leafNode> </children> </tagNode> + <node name="radius-settings"> + <properties> + <help>radius settings</help> + </properties> + <children> + <leafNode name="timeout"> + <properties> + <help>timeout to wait response from server (sec)</help> + </properties> + </leafNode> + <leafNode name="acct-timeout"> + <properties> + <help>timeout to wait reply for Interim-Update packets. (default 3 sec)</help> + </properties> + </leafNode> + <leafNode name="max-try"> + <properties> + <help>maximum number of tries to send Access-Request/Accounting-Request queries</help> + </properties> + </leafNode> + <leafNode name="nas-identifier"> + <properties> + <help>value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests.</help> + </properties> + </leafNode> + <leafNode name="nas-ip-address"> + <properties> + <help>value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address.</help> + </properties> + </leafNode> + <node name="dae-server"> + <properties> + <help>IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA)</help> + </properties> + <children> + <leafNode name="ip-address"> + <properties> + <help>IP address for Dynamic Authorization Extension server (DM/CoA)</help> + </properties> + </leafNode> + <leafNode name="port"> + <properties> + <help>port for Dynamic Authorization Extension server (DM/CoA)</help> + </properties> + </leafNode> + <leafNode name="secret"> + <properties> + <help>secret for Dynamic Authorization Extension server (DM/CoA)</help> + </properties> + </leafNode> + </children> + </node> + </children> + </node> </children> </node> <node name="client-ip-pool"> @@ -108,14 +188,38 @@ </leafNode> </children> </node> + + <node name="client-ipv6-pool"> + <properties> + <help>pool of client IP space</help> + </properties> + <children> + <leafNode name="prefix"> + <properties> + <help>format: ipv6prefix/mask,prefix_len (e.g.: fc00:0:1::/48,64 - divides prefix into /64 subnets for clients)</help> + <multi /> + </properties> + </leafNode> + <leafNode name="delegate-prefix"> + <properties> + <help>format: ipv6prefix/mask,prefix_len (delegate to clients through DHCPv6 prefix delegation - rfc3633)</help> + <multi /> + </properties> + </leafNode> + </children> + </node> <node name="dns-servers"> <properties> - <help>Domain Name Service (DNS) server</help> + <help>IPv4 Domain Name Service (DNS) server</help> </properties> <children> <leafNode name="server-1"> <properties> <help>Primary DNS server</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address</description> + </valueHelp> <constraint> <validator name="ipv4-address"/> </constraint> @@ -124,6 +228,10 @@ <leafNode name="server-2"> <properties> <help>Secondary DNS server</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address</description> + </valueHelp> <constraint> <validator name="ipv4-address"/> </constraint> @@ -131,6 +239,49 @@ </leafNode> </children> </node> + <node name="dnsv6-servers"> + <properties> + <help>IPv6 Domain Name Service (DNS) server</help> + </properties> + <children> + <leafNode name="server-1"> + <properties> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address</description> + </valueHelp> + <help>Primary DNS server</help> + <constraint> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="server-2"> + <properties> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address</description> + </valueHelp> + <help>Secondary DNS server</help> + <constraint> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="server-3"> + <properties> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address</description> + </valueHelp> + <help>Tertiary DNS server</help> + <constraint> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + </children> + </node> <leafNode name="interface"> <properties> <help>interface(s) to listen on</help> @@ -150,12 +301,38 @@ </leafNode> <leafNode name="mtu"> <properties> - <help>Maximum Transmission Unit (MTU) - default 1440</help> + <help>Maximum Transmission Unit (MTU) - default 1492</help> <constraint> <validator name="numeric" argument="--range 128-16384"/> </constraint> </properties> </leafNode> + <node name="limits"> + <properties> + <help>limits the connection rate from a single source</help> + </properties> + <children> + <leafNode name="connection-limit"> + <properties> + <help>acceptable rate of connections (e.g. 1/min, 60/sec)</help> + <constraint> + <regex>^[0-9]+\/(min|sec)$</regex> + </constraint> + <constraintErrorMessage>illegal value</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="burst"> + <properties> + <help>burst count</help> + </properties> + </leafNode> + <leafNode name="timeout"> + <properties> + <help>timeout in seconds</help> + </properties> + </leafNode> + </children> + </node> <node name="radius"> <properties> <help>RADIUS settings</help> @@ -207,6 +384,173 @@ </leafNode> </children> </node> + <node name="ppp-options"> + <children> + <leafNode name="min-mtu"> + <properties> + <help>minimum acceptable MTU (68-65535)</help> + <constraint> + <validator name="numeric" argument="--range 68-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="mru"> + <properties> + <help>preferred MRU (68-65535)</help> + <constraint> + <validator name="numeric" argument="--range 68-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="ccp"> + <properties> + <help>ccp negotiation (default disabled)</help> + <valueless /> + </properties> + </leafNode> + <node name="mppe"> + <properties> + <help>specifies mppe negotiation preference. (default prefer mppe)</help> + </properties> + <children> + <leafNode name="require"> + <properties> + <help>ask client for mppe, if it rejects drop connection</help> + <valueless /> + </properties> + </leafNode> + <leafNode name="prefer"> + <properties> + <help>ask client for mppe, if it rejects don't fail</help> + <valueless /> + </properties> + </leafNode> + <leafNode name="deny"> + <properties> + <help>deny mppe</help> + <valueless /> + </properties> + </leafNode> + </children> + </node> + <leafNode name="lcp-echo-interval"> + <properties> + <help>lcp echo-requests/sec</help> + <constraint> + <validator name="numeric" argument="--positive"/> + </constraint> + </properties> + </leafNode> + <leafNode name="lcp-echo-failure"> + <properties> + <help>maximum number of Echo-Requests may be sent without valid reply</help> + <constraint> + <validator name="numeric" argument="--positive"/> + </constraint> + </properties> + </leafNode> + <leafNode name="lcp-echo-timeout"> + <properties> + <help>timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and "lcp-echo-failure" is not used.</help> + <constraint> + <validator name="numeric" argument="--positive"/> + </constraint> + </properties> + </leafNode> + <leafNode name="ipv4"> + <properties> + <help>specify IPv4 (IPCP) negotiation algorithm</help> + <constraint> + <regex>^(deny|allow|prefer|require)</regex> + </constraint> + <constraintErrorMessage>invalid value</constraintErrorMessage> + <valueHelp> + <format>deny</format> + <description>don't negotiate IPv4</description> + </valueHelp> + <valueHelp> + <format>allow</format> + <description>negotiate IPv4 only if client requests</description> + </valueHelp> + <valueHelp> + <format>prefer</format> + <description>ask client for IPv4 negotiation, don't fail if he rejects</description> + </valueHelp> + <valueHelp> + <format>require</format> + <description>require IPv4 negotiation</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="ipv6"> + <properties> + <help>specify IPv6 (IPCP6) negotiation algorithm</help> + <constraint> + <regex>^(deny|allow|prefer|require)</regex> + </constraint> + <constraintErrorMessage>invalid value</constraintErrorMessage> + <valueHelp> + <format>deny</format> + <description>don't negotiate IPv6</description> + </valueHelp> + <valueHelp> + <format>allow</format> + <description>negotiate IPv6 only if client requests</description> + </valueHelp> + <valueHelp> + <format>prefer</format> + <description>ask client for IPv6 negotiation, don't fail if he rejects</description> + </valueHelp> + <valueHelp> + <format>require</format> + <description>require IPv6 negotiation</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="ipv6-intf-id"> + <properties> + <help>Specify fixed or random interface identifier for IPv6</help> + <valueHelp> + <format>random</format> + <description>specify random interface identifier for IPv6</description> + </valueHelp> + <valueHelp> + <format>x:x:x:x</format> + <description>specify interface identifier for IPv6</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="ipv6-peer-intf-id"> + <properties> + <help>specify peer interface identifier for IPv6</help> + <valueHelp> + <format>x:x:x:x</format> + <description>specify interface identifier for IPv6</description> + </valueHelp> + <valueHelp> + <format>random</format> + <description>specify a random interface identifier for IPv6</description> + </valueHelp> + <valueHelp> + <format>ipv4</format> + <description>calculate interface identifier from IPv4 address, for example 192:168:0:1</description> + </valueHelp> + <valueHelp> + <format>calling-sid</format> + <description>calculate interface identifier from calling-station-Id</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="ipv6-accept-peer-intf-id"> + <properties> + <help>accept peer's interface identifier</help> + <valueless /> + </properties> + </leafNode> + + + </children> + </node> </children> </node> </children> diff --git a/src/conf_mode/accel_pppoe.py b/src/conf_mode/accel_pppoe.py index 4aea84c44..0ef22110f 100755 --- a/src/conf_mode/accel_pppoe.py +++ b/src/conf_mode/accel_pppoe.py @@ -45,15 +45,22 @@ pppoe_config = ''' log_syslog pppoe ippool +{% if client_ipv6_pool %} +ipv6pool +{% endif %} chap-secrets auth_pap auth_chap_md5 auth_mschap_v1 auth_mschap_v2 -pppd_compat -shaper +#pppd_compat +#shaper +{% if snmp == 'enable' or snmp == 'enable-ma' %} net-snmp +{% endif %} +{% if limits %} connlimit +{% endif %} {% if authentication['mode'] == 'radius' %} radius {% endif %} @@ -66,8 +73,10 @@ syslog=accel-pppoe,daemon copy=1 level=5 +{% if snmp == 'enable-ma' %} [snmp] master=1 +{% endif %} [client-ip-range] disable @@ -78,6 +87,16 @@ disable {% endif %} gw-ip-address={{ppp_gw}} +{% if client_ipv6_pool %} +[ipv6-pool] +{% for prfx in client_ipv6_pool['prefix']: %} +{{prfx}} +{% endfor %} +{% for prfx in client_ipv6_pool['delegate-prefix']: %} +delegate={{prfx}} +{% endfor %} +{% endif %} + {% if dns %} [dns] {% if dns[0] %} @@ -88,6 +107,13 @@ dns2={{dns[1]}} {% endif %} {% endif %} +{% if dnsv6 %} +[dnsv6] +{% for srv in dnsv6: %} +dns={{srv}} +{% endfor %} +{% endif %} + {% if wins %} [wins] {% if wins[0] %} @@ -106,27 +132,83 @@ chap-secrets=/etc/accel-ppp/pppoe/chap-secrets {% if authentication['mode'] == 'radius' %} [radius] {% for rsrv in authentication['radiussrv']: %} -server={{rsrv}},{{authentication['radiussrv'][rsrv]}} +server={{rsrv}},{{authentication['radiussrv'][rsrv]['secret']}},\ +req-limit={{authentication['radiussrv'][rsrv]['req-limit']}},\ +fail-time={{authentication['radiussrv'][rsrv]['fail-time']}} {% endfor %} -timeout=10 -acct-timeout=3 +{% if authentication['radiusopt']['timeout'] %} +timeout={{authentication['radiusopt']['timeout']}} +{% endif %} +{% if authentication['radiusopt']['acct-timeout'] %} +acct-timeout={{authentication['radiusopt']['acct-timeout']}} +{% endif %} +{% if authentication['radiusopt']['max-try'] %} +max-try={{authentication['radiusopt']['max-try']}} +{% endif %} +{% if authentication['radiusopt']['nas-id'] %} +nas-identifier={{authentication['radiusopt']['nas-id']}} +{% endif %} +{% if authentication['radiusopt']['nas-ip'] %} +nas-ip-address={{authentication['radiusopt']['nas-ip']}} +{% endif %} +{% if authentication['radiusopt']['dae-srv'] %} +dae-server={{authentication['radiusopt']['dae-srv']['ip-addr']}}:\ +{{authentication['radiusopt']['dae-srv']['port']}},\ +{{authentication['radiusopt']['dae-srv']['secret']}} +{% endif %} gw-ip-address={{ppp_gw}} verbose=1 {% endif %} [ppp] verbose=1 -min-mtu={{mtu}} -mtu={{mtu}} -mru=1400 -check-ip=1 -mppe=prefer -ipv4=require check-ip=1 single-session=replace +{% if ppp_options['ccp'] %} +ccp=1 +{% endif %} +{% if ppp_options['min-mtu'] %} +min-mtu={{ppp_options['min-mtu']}} +{% else %} +min-mtu={{mtu}} +{% endif %} +{% if ppp_options['mru'] %} +mru={{ppp_options['mru']}} +{% endif %} +{% if ppp_options['mppe'] %} +mppe={{ppp_options['mppe']}} +{% else %} mppe=prefer +{% endif %} +{% if ppp_options['lcp-echo-interval'] %} +lcp-echo-interval={{ppp_options['lcp-echo-interval']}} +{% else %} lcp-echo-interval=30 +{% endif %} +{% if ppp_options['lcp-echo-timeout'] %} +lcp-echo-timeout={{ppp_options['lcp-echo-timeout']}} +{% endif %} +{% if ppp_options['lcp-echo-failure'] %} +lcp-echo-failure={{ppp_options['lcp-echo-failure']}} +{% else %} lcp-echo-failure=3 +{% endif %} +{% if ppp_options['ipv4'] %} +ipv4={{ppp_options['ipv4']}} +{% endif %} +{% if ppp_options['ipv6'] %} +ipv6={{ppp_options['ipv6']}} +{% if ppp_options['ipv6-intf-id'] %} +ipv6-intf-id={{ppp_options['ipv6-intf-id']}} +{% endif %} +{% if ppp_options['ipv6-peer-intf-id'] %} +ipv6-peer-intf-id={{ppp_options['ipv6-peer-intf-id']}} +{% endif %} +{% if ppp_options['ipv6-accept-peer-intf-id'] %} +ipv6-accept-peer-intf-id={{ppp_options['ipv6-accept-peer-intf-id']}} +{% endif %} +{% endif %} +mtu={{mtu}} [pppoe] verbose=1 @@ -141,12 +223,15 @@ interface={{int}} {% if svc_name %} service-name={{svc_name}} {% endif %} +pado-delay=0 +# maybe: called-sid, tr101, padi-limit etc. - +{% if limits %} [connlimit] -limit=10/min -burst=3 -timeout=60 +limit={{limits['conn-limit']}} +burst={{limits['burst']}} +timeout={{limits['timeout']}} +{% endif %} [cli] tcp=127.0.0.1:2001 @@ -210,24 +295,30 @@ def get_config(): return None config_data = { - 'concentrator' : 'vyos-ac', - 'authentication' : { - 'local-users' : { + 'concentrator' : 'vyos-ac', + 'authentication' : { + 'local-users' : { }, - 'mode' : 'local', - 'radiussrv' : {} + 'mode' : 'local', + 'radiussrv' : {}, + 'radiusopt' : {} }, - 'client_ip_pool' : '', - 'interface' : [], - 'ppp_gw' : '', - 'svc_name' : '', - 'dns' : [], - 'wins' : [], - 'mtu' : '1492' + 'client_ip_pool' : '', + 'client_ipv6_pool' : {}, + 'interface' : [], + 'ppp_gw' : '', + 'svc_name' : '', + 'dns' : [], + 'dnsv6' : [], + 'wins' : [], + 'mtu' : '1492', + 'ppp_options' : {}, + 'limits' : {}, + 'snmp' : 'disable' } c.set_level('service pppoe-server') - + ### general options if c.exists('access-concentrator'): config_data['concentrator'] = c.return_value('access-concentrator') if c.exists('service-name'): @@ -241,6 +332,13 @@ def get_config(): config_data['dns'].append(c.return_value('dns-servers server-1')) if c.return_value('dns-servers server-2'): config_data['dns'].append(c.return_value('dns-servers server-2')) + if c.exists('dnsv6-servers'): + if c.return_value('dnsv6-servers server-1'): + config_data['dnsv6'].append(c.return_value('dnsv6-servers server-1')) + if c.return_value('dnsv6-servers server-2'): + config_data['dnsv6'].append(c.return_value('dnsv6-servers server-2')) + if c.return_value('dnsv6-servers server-3'): + config_data['dnsv6'].append(c.return_value('dnsv6-servers server-3')) if c.exists('wins-servers'): if c.return_value('wins-servers server-1'): config_data['wins'].append(c.return_value('wins-servers server-1')) @@ -253,42 +351,128 @@ def get_config(): config_data['client_ip_pool'] += '-' + re.search('[0-9]+$', c.return_value('client-ip-pool stop')).group(0) else: raise ConfigError('client ip pool stop required') + if c.exists('client-ipv6-pool prefix'): + config_data['client_ipv6_pool']['prefix'] = c.return_values('client-ipv6-pool prefix') + if c.exists('client-ipv6-pool delegate-prefix'): + config_data['client_ipv6_pool']['delegate-prefix'] = c.return_values('client-ipv6-pool delegate-prefix') + if c.exists('limits'): + if c.exists('limits burst'): + config_data['limits']['burst'] = str(c.return_value('limits burst')) + if c.exists('limits timeout'): + config_data['limits']['timeout'] = str(c.return_value('limits timeout')) + if c.exists('limits connection-limit'): + config_data['limits']['conn-limit'] = str(c.return_value('limits connection-limit')) + if c.exists('snmp'): + config_data['snmp'] = 'enable' + if c.exists('snmp master-agent'): + config_data['snmp'] = 'enable-ma' #### authentication mode local - if c.exists('authentication'): - if c.return_value('authentication mode') == 'local': - if c.exists('authentication local-users username'): - for usr in c.list_nodes('authentication local-users username'): - config_data['authentication']['local-users'].update( + + if c.exists('authentication mode local'): + if c.exists('authentication local-users username'): + for usr in c.list_nodes('authentication local-users username'): + config_data['authentication']['local-users'].update( + { + usr : { + 'passwd' : '', + 'state' : 'enabled', + 'ip' : '*' + } + } + ) + if c.exists('authentication local-users username ' + usr + ' password'): + config_data['authentication']['local-users'][usr]['passwd'] = c.return_value('authentication local-users username ' + usr + ' password') + if c.exists('authentication local-users username ' + usr + ' disable'): + config_data['authentication']['local-users'][usr]['state'] = 'disable' + if c.exists('authentication local-users username ' + usr + ' static-ip'): + config_data['authentication']['local-users'][usr]['ip'] = c.return_value('authentication local-users username ' + usr + ' static-ip') + + ### authentication mode radius servers and settings + + if c.exists('authentication mode radius'): + config_data['authentication']['mode'] = 'radius' + rsrvs = c.list_nodes('authentication radius-server') + for rsrv in rsrvs: + if c.return_value('authentication radius-server ' + rsrv + ' fail-time') == None: + ftime = '0' + else: + ftime = str(c.return_value('authentication radius-server ' + rsrv + ' fail-time')) + if c.return_value('authentication radius-server ' + rsrv + ' req-limit') == None: + reql = '0' + else: + reql = str(c.return_value('authentication radius-server ' + rsrv + ' req-limit')) + config_data['authentication']['radiussrv'].update( + { + rsrv : { + 'secret' : c.return_value('authentication radius-server ' + rsrv + ' secret'), + 'fail-time' : ftime, + 'req-limit' : reql + } + } + ) + + #### advanced radius-setting + if c.exists('authentication radius-settings'): + if c.exists('authentication radius-settings acct-timeout'): + config_data['authentication']['radiusopt']['acct-timeout'] = c.return_value('authentication radius-settings acct-timeout') + if c.exists('authentication radius-settings max-try'): + config_data['authentication']['radiusopt']['max-try'] = c.return_value('authentication radius-settings max-try') + if c.exists('authentication radius-settings timeout'): + config_data['authentication']['radiusopt']['timeout'] = c.return_value('authentication radius-settings timeout') + if c.exists('authentication radius-settings nas-identifier'): + config_data['authentication']['radiusopt']['nas-id'] = c.return_value('authentication radius-settings nas-identifier') + if c.exists('authentication radius-settings nas-ip-address'): + config_data['authentication']['radiusopt']['nas-ip'] = c.return_value('authentication radius-settings nas-ip-address') + if c.exists('authentication radius-settings dae-server'): + config_data['authentication']['radiusopt'].update( { - usr : { - 'passwd' : '', - 'state' : 'enabled', - 'ip' : '*' + 'dae-srv' : { + 'ip-addr' : c.return_value('authentication radius-settings dae-server ip-address'), + 'port' : c.return_value('authentication radius-settings dae-server port'), + 'secret' : str(c.return_value('authentication radius-settings dae-server secret')) } } ) - if c.exists('authentication local-users username ' + usr + ' password'): - config_data['authentication']['local-users'][usr]['passwd'] = c.return_value('authentication local-users username ' + usr + ' password') - if c.exists('authentication local-users username ' + usr + ' disable'): - config_data['authentication']['local-users'][usr]['state'] = 'disable' - if c.exists('authentication local-users username ' + usr + ' static-ip'): - config_data['authentication']['local-users'][usr]['ip'] = c.return_value('authentication local-users username ' + usr + ' static-ip') - - ### authentication mode radius - if c.return_value('authentication mode') == 'radius': - config_data['authentication']['mode'] = 'radius' - rsrvs = c.list_nodes('authentication radius-server') - for rsrv in rsrvs: - config_data['authentication']['radiussrv'].update( - { - rsrv : str(c.return_value('authentication radius-server ' + rsrv + ' key')) - } - ) if c.exists('mtu'): config_data['mtu'] = c.return_value('mtu') + ### ppp_options + ppp_options = {} + if c.exists('ppp-options'): + if c.exists('ppp-options ccp'): + ppp_options['ccp'] = c.return_value('ppp-options ccp') + if c.exists('ppp-options min-mtu'): + ppp_options['min-mtu'] = c.return_value('ppp-options min-mtu') + if c.exists('ppp-options mru'): + ppp_options['mru'] = c.return_value('ppp-options mru') + if c.exists('ppp-options mppe deny'): + ppp_options['mppe'] = 'deny' + if c.exists('ppp-options mppe require'): + ppp_options['mppe'] = 'requre' + if c.exists('ppp-options mppe prefer'): + ppp_options['mppe'] = 'prefer' + if c.exists('ppp-options lcp-echo-failure'): + ppp_options['lcp-echo-failure'] = c.return_value('ppp-options lcp-echo-failure') + if c.exists('ppp-options lcp-echo-interval'): + ppp_options['lcp-echo-interval'] = c.return_value('ppp-options lcp-echo-interval') + if c.exists('ppp-options ipv4'): + ppp_options['ipv4'] = c.return_value('ppp-options ipv4') + if c.exists('ppp-options ipv6'): + ppp_options['ipv6'] = c.return_value('ppp-options ipv6') + if c.exists('ppp-options ipv6-accept-peer-intf-id'): + ppp_options['ipv6-accept-peer-intf-id']= 1 + if c.exists('ppp-options ipv6-intf-id'): + ppp_options['ipv6-intf-id'] = c.return_value('ppp-options ipv6-intf-id') + if c.exists('ppp-options ipv6-peer-intf-id'): + ppp_options['ipv6-peer-intf-id'] = c.return_value('ppp-options ipv6-peer-intf-id') + if c.exists('ppp-options lcp-echo-timeout'): + ppp_options['lcp-echo-timeout'] = c.return_value('ppp-options lcp-echo-timeout') + + if len(ppp_options) !=0: + config_data['ppp_options'] = ppp_options + return config_data def verify(c): @@ -305,6 +489,9 @@ def verify(c): if c['authentication']['mode'] == 'radius': if len(c['authentication']['radiussrv']) == 0: raise ConfigError('radius server required') + for rsrv in c['authentication']['radiussrv']: + if c['authentication']['radiussrv'][rsrv]['secret'] == None: + raise ConfigError('radius server ' + rsrv + ' needs a secret configured') def generate(c): if c == None: @@ -347,11 +534,6 @@ def apply(c): accel_cmd('restart') sl.syslog(sl.LOG_NOTICE, "reloading config via daemon restart") - #if c['state'] == 'update': - # accel_cmd('restart') - # sl.syslog(sl.LOG_NOTICE, "reloading config via daemon restart") - # ## check that config reload actually works - if __name__ == '__main__': try: c = get_config() |