diff options
author | Viacheslav <v.gletenko@vyos.io> | 2021-11-02 13:48:36 +0000 |
---|---|---|
committer | Viacheslav <v.gletenko@vyos.io> | 2021-11-02 13:48:42 +0000 |
commit | dd036c62d1370f655a8d2075577597f24ffff7dc (patch) | |
tree | f3d946c89b0bbaaf8dacf823072304ecab7923e0 | |
parent | 0c2384114e8abbd9c883a57729564c70c0a86eec (diff) | |
download | vyos-1x-dd036c62d1370f655a8d2075577597f24ffff7dc.tar.gz vyos-1x-dd036c62d1370f655a8d2075577597f24ffff7dc.zip |
sstp: T2566: Fix to allow IPv6 only pools
To allow IPv6 only for vpn sstp sessions we have to add
'ppp-options' which can disable IPv4 allocation explicity.
Additional IPv6 ppp-options and fix template for it.
5 files changed, 60 insertions, 4 deletions
diff --git a/data/templates/accel-ppp/config_ipv6_pool.j2 b/data/templates/accel-ppp/config_ipv6_pool.j2 index f45bf9442..093887f7e 100644 --- a/data/templates/accel-ppp/config_ipv6_pool.j2 +++ b/data/templates/accel-ppp/config_ipv6_pool.j2 @@ -5,7 +5,7 @@ AdvAutonomousFlag=1 {% if client_ipv6_pool.prefix is defined and client_ipv6_pool.prefix is not none %} [ipv6-pool] {% for prefix, options in client_ipv6_pool.prefix.items() %} -{{ prefix }},{{ options.mask }} +{{ prefix }},{{ '64 ' if options.mask is not defined else options.mask }} {% endfor %} {% if client_ipv6_pool.delegate is defined and client_ipv6_pool.delegate is not none %} {% for prefix, options in client_ipv6_pool.delegate.items() %} diff --git a/data/templates/accel-ppp/sstp.config.tmpl b/data/templates/accel-ppp/sstp.config.tmpl index d48e9ab0d..7a40a96aa 100644 --- a/data/templates/accel-ppp/sstp.config.tmpl +++ b/data/templates/accel-ppp/sstp.config.tmpl @@ -52,9 +52,9 @@ verbose=1 check-ip=1 {# MTU #} mtu={{ mtu }} -{% if client_ipv6_pool is defined %} -ipv6=allow -{% endif %} +ipv6={{ 'allow' if ppp_options.ipv6 == "deny" and client_ipv6_pool is defined else ppp_options.ipv6 }} +ipv4={{ ppp_options.ipv4 }} + mppe={{ ppp_options.mppe }} lcp-echo-interval={{ ppp_options.lcp_echo_interval }} lcp-echo-timeout={{ ppp_options.lcp_echo_timeout }} diff --git a/interface-definitions/include/accel-ppp/ppp-options-ipv4.xml.i b/interface-definitions/include/accel-ppp/ppp-options-ipv4.xml.i new file mode 100644 index 000000000..3e065329d --- /dev/null +++ b/interface-definitions/include/accel-ppp/ppp-options-ipv4.xml.i @@ -0,0 +1,23 @@ +<!-- include start from accel-ppp/ppp-options-ipv4.xml.i --> +<leafNode name="ipv4"> + <properties> + <help>IPv4 negotiation algorithm</help> + <constraint> + <regex>^(deny|allow)$</regex> + </constraint> + <constraintErrorMessage>invalid value</constraintErrorMessage> + <valueHelp> + <format>deny</format> + <description>Do not negotiate IPv4</description> + </valueHelp> + <valueHelp> + <format>allow</format> + <description>Negotiate IPv4 only if client requests</description> + </valueHelp> + <completionHelp> + <list>deny allow</list> + </completionHelp> + </properties> + <defaultValue>allow</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/accel-ppp/ppp-options-ipv6.xml.i b/interface-definitions/include/accel-ppp/ppp-options-ipv6.xml.i new file mode 100644 index 000000000..b9fbac5c6 --- /dev/null +++ b/interface-definitions/include/accel-ppp/ppp-options-ipv6.xml.i @@ -0,0 +1,31 @@ +<!-- include start from accel-ppp/ppp-options-ipv6.xml.i --> +<leafNode name="ipv6"> + <properties> + <help>IPv6 (IPCP6) negotiation algorithm</help> + <constraint> + <regex>^(deny|allow|prefer|require)$</regex> + </constraint> + <constraintErrorMessage>invalid value</constraintErrorMessage> + <valueHelp> + <format>deny</format> + <description>Do not negotiate IPv6</description> + </valueHelp> + <valueHelp> + <format>allow</format> + <description>Negotiate IPv6 only if client requests</description> + </valueHelp> + <valueHelp> + <format>prefer</format> + <description>Ask client for IPv6 negotiation, do not fail if it rejects</description> + </valueHelp> + <valueHelp> + <format>require</format> + <description>Require IPv6 negotiation</description> + </valueHelp> + <completionHelp> + <list>deny allow prefer require</list> + </completionHelp> + </properties> + <defaultValue>deny</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/vpn_sstp.xml.in b/interface-definitions/vpn_sstp.xml.in index 5406ede41..ad905a1f0 100644 --- a/interface-definitions/vpn_sstp.xml.in +++ b/interface-definitions/vpn_sstp.xml.in @@ -43,6 +43,8 @@ </properties> <children> #include <include/accel-ppp/ppp-mppe.xml.i> + #include <include/accel-ppp/ppp-options-ipv4.xml.i> + #include <include/accel-ppp/ppp-options-ipv6.xml.i> #include <include/accel-ppp/lcp-echo-interval-failure.xml.i> #include <include/accel-ppp/lcp-echo-timeout.xml.i> </children> |