summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-08-15 20:16:02 +0200
committerChristian Poessinger <christian@poessinger.com>2022-08-15 20:44:21 +0200
commit66af9a9daa245b9478d7103861935ee5b8c2526a (patch)
treed89cb29d6e4335e01ee025dfd129459e5b04aa76
parent923728b19a790728685027ef8fadabffee20e5bc (diff)
downloadvyos-1x-66af9a9daa245b9478d7103861935ee5b8c2526a.tar.gz
vyos-1x-66af9a9daa245b9478d7103861935ee5b8c2526a.zip
ocserv: openconnect: T4614: add support for split-dns
set vpn openconnect network-settings split-dns <domain> (cherry picked from commit e41685a2f56cca0a53b4f8c084f61a85cf561c80)
Diffstat
-rw-r--r--data/templates/ocserv/ocserv_config.tmpl6
-rw-r--r--interface-definitions/vpn_openconnect.xml.in13
-rwxr-xr-xsmoketest/scripts/cli/test_vpn_openconnect.py5
3 files changed, 23 insertions, 1 deletions
diff --git a/data/templates/ocserv/ocserv_config.tmpl b/data/templates/ocserv/ocserv_config.tmpl
index 328af0c0d..8a394f0ac 100644
--- a/data/templates/ocserv/ocserv_config.tmpl
+++ b/data/templates/ocserv/ocserv_config.tmpl
@@ -70,6 +70,11 @@ ipv6-network = {{ network_settings.client_ipv6_pool.prefix }}
ipv6-subnet-prefix = {{ network_settings.client_ipv6_pool.mask }}
{% endif %}
{% endif %}
+{% if network_settings.split_dns is defined %}
+{% for tmp in network_settings.split_dns %}
+split-dns = {{ tmp }}
+{% endfor %}
+{% endif %}
{% endif %}
{% if network_settings.push_route is string %}
@@ -79,4 +84,3 @@ route = {{ network_settings.push_route }}
route = {{ route }}
{% endfor %}
{% endif %}
-
diff --git a/interface-definitions/vpn_openconnect.xml.in b/interface-definitions/vpn_openconnect.xml.in
index f35b1ebbd..888f32b99 100644
--- a/interface-definitions/vpn_openconnect.xml.in
+++ b/interface-definitions/vpn_openconnect.xml.in
@@ -191,6 +191,19 @@
</children>
</node>
#include <include/name-server-ipv4-ipv6.xml.i>
+ <leafNode name="split-dns">
+ <properties>
+ <help>Domains over which the provided DNS should be used</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>Client prefix length</description>
+ </valueHelp>
+ <constraint>
+ <validator name="fqdn"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
</children>
</node>
</children>
diff --git a/smoketest/scripts/cli/test_vpn_openconnect.py b/smoketest/scripts/cli/test_vpn_openconnect.py
index 999d7267d..6db49abab 100755
--- a/smoketest/scripts/cli/test_vpn_openconnect.py
+++ b/smoketest/scripts/cli/test_vpn_openconnect.py
@@ -63,6 +63,7 @@ class TestVPNOpenConnect(VyOSUnitTestSHIM.TestCase):
v6_prefix = '2001:db8:1000::/64'
v6_len = '126'
name_server = ['1.2.3.4', '1.2.3.5', '2001:db8::1']
+ split_dns = ['vyos.net', 'vyos.io']
self.cli_set(base_path + ['authentication', 'local-users', 'username', user, 'password', password])
self.cli_set(base_path + ['authentication', 'mode', "local"])
@@ -73,6 +74,8 @@ class TestVPNOpenConnect(VyOSUnitTestSHIM.TestCase):
for ns in name_server:
self.cli_set(base_path + ['network-settings', 'name-server', ns])
+ for domain in split_dns:
+ self.cli_set(base_path + ['network-settings', 'split-dns', domain])
self.cli_commit()
@@ -87,6 +90,8 @@ class TestVPNOpenConnect(VyOSUnitTestSHIM.TestCase):
for ns in name_server:
self.assertIn(f'dns = {ns}', daemon_config)
+ for domain in split_dns:
+ self.assertIn(f'split-dns = {domain}', daemon_config)
auth_config = read_file(auth_file)
self.assertIn(f'{user}:*:$', auth_config)
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-22 01:33:14 +0000