diff options
author | Daniil Baturin <daniil@vyos.io> | 2024-05-16 10:12:01 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-05-16 10:12:01 +0200 |
commit | bfec382819adb46a9b7092fa70eaa545e8478eb0 (patch) | |
tree | 3206da1cfb68c37a67d068e3da619721c65bf770 | |
parent | d9f1c7c17a850388bbe2a3e430ee206e4d149c29 (diff) | |
parent | 2d5bb0230757ff683be4400caffdf7127bc61fad (diff) | |
download | vyos-1x-bfec382819adb46a9b7092fa70eaa545e8478eb0.tar.gz vyos-1x-bfec382819adb46a9b7092fa70eaa545e8478eb0.zip |
Merge pull request #3460 from vyos/mergify/bp/sagitta/pr-3450
T5756: L2TP RADIUS backup and weight settings (backport #3450)
-rw-r--r-- | data/templates/accel-ppp/config_chap_secrets_radius.j2 | 15 | ||||
-rw-r--r-- | interface-definitions/include/accel-ppp/radius-additions.xml.i | 7 | ||||
-rw-r--r-- | interface-definitions/include/radius-priority.xml.i | 14 | ||||
-rw-r--r-- | interface-definitions/system_login.xml.in | 11 | ||||
-rw-r--r-- | smoketest/scripts/cli/base_accel_ppp_test.py | 23 | ||||
-rwxr-xr-x | smoketest/scripts/cli/test_vpn_l2tp.py | 23 |
6 files changed, 82 insertions, 11 deletions
diff --git a/data/templates/accel-ppp/config_chap_secrets_radius.j2 b/data/templates/accel-ppp/config_chap_secrets_radius.j2 index 595e3a565..e343ce461 100644 --- a/data/templates/accel-ppp/config_chap_secrets_radius.j2 +++ b/data/templates/accel-ppp/config_chap_secrets_radius.j2 @@ -5,7 +5,20 @@ chap-secrets={{ chap_secrets_file }} [radius] verbose=1 {% for server, options in authentication.radius.server.items() if not options.disable is vyos_defined %} -server={{ server }},{{ options.key }},auth-port={{ options.port }},acct-port={{ options.acct_port }},req-limit=0,fail-time={{ options.fail_time }} +{% set _server_cfg = "server=" %} +{% set _server_cfg = _server_cfg + server %} +{% set _server_cfg = _server_cfg + "," + options.key %} +{% set _server_cfg = _server_cfg + ",auth-port=" + options.port %} +{% set _server_cfg = _server_cfg + ",acct-port=" + options.acct_port %} +{% set _server_cfg = _server_cfg + ",req-limit=0" %} +{% set _server_cfg = _server_cfg + ",fail-time=" + options.fail_time %} +{% if options.priority is vyos_defined %} +{% set _server_cfg = _server_cfg + ",weight=" + options.priority %} +{% endif %} +{% if options.backup is vyos_defined %} +{% set _server_cfg = _server_cfg + ",backup" %} +{% endif %} +{{ _server_cfg }} {% endfor %} {% if authentication.radius.accounting_interim_interval is vyos_defined %} acct-interim-interval={{ authentication.radius.accounting_interim_interval }} diff --git a/interface-definitions/include/accel-ppp/radius-additions.xml.i b/interface-definitions/include/accel-ppp/radius-additions.xml.i index 3c2eb09eb..5222ba864 100644 --- a/interface-definitions/include/accel-ppp/radius-additions.xml.i +++ b/interface-definitions/include/accel-ppp/radius-additions.xml.i @@ -57,6 +57,13 @@ </properties> <defaultValue>0</defaultValue> </leafNode> + #include <include/radius-priority.xml.i> + <leafNode name="backup"> + <properties> + <help>Use backup server if other servers are not available</help> + <valueless/> + </properties> + </leafNode> </children> </tagNode> <leafNode name="timeout"> diff --git a/interface-definitions/include/radius-priority.xml.i b/interface-definitions/include/radius-priority.xml.i new file mode 100644 index 000000000..f77f5016e --- /dev/null +++ b/interface-definitions/include/radius-priority.xml.i @@ -0,0 +1,14 @@ +<!-- include start from radius-priority.xml.i --> +<leafNode name="priority"> + <properties> + <help>Server priority</help> + <valueHelp> + <format>u32:1-255</format> + <description>Server priority</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/system_login.xml.in b/interface-definitions/system_login.xml.in index a59f54005..dd26b00ef 100644 --- a/interface-definitions/system_login.xml.in +++ b/interface-definitions/system_login.xml.in @@ -202,17 +202,8 @@ <tagNode name="server"> <children> #include <include/radius-timeout.xml.i> + #include <include/radius-priority.xml.i> <leafNode name="priority"> - <properties> - <help>Server priority</help> - <valueHelp> - <format>u32:1-255</format> - <description>Server priority</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-255"/> - </constraint> - </properties> <defaultValue>255</defaultValue> </leafNode> </children> diff --git a/smoketest/scripts/cli/base_accel_ppp_test.py b/smoketest/scripts/cli/base_accel_ppp_test.py index 383adc445..ab723e707 100644 --- a/smoketest/scripts/cli/base_accel_ppp_test.py +++ b/smoketest/scripts/cli/base_accel_ppp_test.py @@ -367,6 +367,27 @@ class BasicAccelPPPTest: ] ) + self.set( + [ + "authentication", + "radius", + "server", + radius_server, + "backup", + ] + ) + + self.set( + [ + "authentication", + "radius", + "server", + radius_server, + "priority", + "10", + ] + ) + # commit changes self.cli_commit() @@ -379,6 +400,8 @@ class BasicAccelPPPTest: self.assertEqual(f"acct-port=0", server[3]) self.assertEqual(f"req-limit=0", server[4]) self.assertEqual(f"fail-time=0", server[5]) + self.assertIn('weight=10', server) + self.assertIn('backup', server) def test_accel_ipv4_pool(self): self.basic_config(is_gateway=False, is_client_pool=False) diff --git a/smoketest/scripts/cli/test_vpn_l2tp.py b/smoketest/scripts/cli/test_vpn_l2tp.py index 8c4e53895..07a7e2906 100755 --- a/smoketest/scripts/cli/test_vpn_l2tp.py +++ b/smoketest/scripts/cli/test_vpn_l2tp.py @@ -95,6 +95,29 @@ class TestVPNL2TPServer(BasicAccelPPPTest.TestCase): self.cli_set(base_path + ['authentication', 'protocols', 'chap']) self.cli_commit() + def test_l2tp_radius_server(self): + base_path = ['vpn', 'l2tp', 'remote-access'] + radius_server = "192.0.2.22" + radius_key = "secretVyOS" + + self.cli_set(base_path + ['authentication', 'mode', 'radius']) + self.cli_set(base_path + ['gateway-address', '192.0.2.1']) + self.cli_set(base_path + ['client-ip-pool', 'SIMPLE-POOL', 'range', '192.0.2.0/24']) + self.cli_set(base_path + ['default-pool', 'SIMPLE-POOL']) + self.cli_set(base_path + ['authentication', 'radius', 'server', radius_server, 'key', radius_key]) + self.cli_set(base_path + ['authentication', 'radius', 'server', radius_server, 'priority', '10']) + self.cli_set(base_path + ['authentication', 'radius', 'server', radius_server, 'backup']) + + # commit changes + self.cli_commit() + + # Validate configuration values + conf = ConfigParser(allow_no_value=True) + conf.read(self._config_file) + server = conf["radius"]["server"].split(",") + self.assertIn('weight=10', server) + self.assertIn('backup', server) + if __name__ == '__main__': unittest.main(verbosity=2) |