summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniil Baturin <daniil@vyos.io>2024-05-16 10:12:01 +0200
committerGitHub <noreply@github.com>2024-05-16 10:12:01 +0200
commitbfec382819adb46a9b7092fa70eaa545e8478eb0 (patch)
tree3206da1cfb68c37a67d068e3da619721c65bf770
parentd9f1c7c17a850388bbe2a3e430ee206e4d149c29 (diff)
parent2d5bb0230757ff683be4400caffdf7127bc61fad (diff)
downloadvyos-1x-bfec382819adb46a9b7092fa70eaa545e8478eb0.tar.gz
vyos-1x-bfec382819adb46a9b7092fa70eaa545e8478eb0.zip
Merge pull request #3460 from vyos/mergify/bp/sagitta/pr-3450
T5756: L2TP RADIUS backup and weight settings (backport #3450)
-rw-r--r--data/templates/accel-ppp/config_chap_secrets_radius.j215
-rw-r--r--interface-definitions/include/accel-ppp/radius-additions.xml.i7
-rw-r--r--interface-definitions/include/radius-priority.xml.i14
-rw-r--r--interface-definitions/system_login.xml.in11
-rw-r--r--smoketest/scripts/cli/base_accel_ppp_test.py23
-rwxr-xr-xsmoketest/scripts/cli/test_vpn_l2tp.py23
6 files changed, 82 insertions, 11 deletions
diff --git a/data/templates/accel-ppp/config_chap_secrets_radius.j2 b/data/templates/accel-ppp/config_chap_secrets_radius.j2
index 595e3a565..e343ce461 100644
--- a/data/templates/accel-ppp/config_chap_secrets_radius.j2
+++ b/data/templates/accel-ppp/config_chap_secrets_radius.j2
@@ -5,7 +5,20 @@ chap-secrets={{ chap_secrets_file }}
[radius]
verbose=1
{% for server, options in authentication.radius.server.items() if not options.disable is vyos_defined %}
-server={{ server }},{{ options.key }},auth-port={{ options.port }},acct-port={{ options.acct_port }},req-limit=0,fail-time={{ options.fail_time }}
+{% set _server_cfg = "server=" %}
+{% set _server_cfg = _server_cfg + server %}
+{% set _server_cfg = _server_cfg + "," + options.key %}
+{% set _server_cfg = _server_cfg + ",auth-port=" + options.port %}
+{% set _server_cfg = _server_cfg + ",acct-port=" + options.acct_port %}
+{% set _server_cfg = _server_cfg + ",req-limit=0" %}
+{% set _server_cfg = _server_cfg + ",fail-time=" + options.fail_time %}
+{% if options.priority is vyos_defined %}
+{% set _server_cfg = _server_cfg + ",weight=" + options.priority %}
+{% endif %}
+{% if options.backup is vyos_defined %}
+{% set _server_cfg = _server_cfg + ",backup" %}
+{% endif %}
+{{ _server_cfg }}
{% endfor %}
{% if authentication.radius.accounting_interim_interval is vyos_defined %}
acct-interim-interval={{ authentication.radius.accounting_interim_interval }}
diff --git a/interface-definitions/include/accel-ppp/radius-additions.xml.i b/interface-definitions/include/accel-ppp/radius-additions.xml.i
index 3c2eb09eb..5222ba864 100644
--- a/interface-definitions/include/accel-ppp/radius-additions.xml.i
+++ b/interface-definitions/include/accel-ppp/radius-additions.xml.i
@@ -57,6 +57,13 @@
</properties>
<defaultValue>0</defaultValue>
</leafNode>
+ #include <include/radius-priority.xml.i>
+ <leafNode name="backup">
+ <properties>
+ <help>Use backup server if other servers are not available</help>
+ <valueless/>
+ </properties>
+ </leafNode>
</children>
</tagNode>
<leafNode name="timeout">
diff --git a/interface-definitions/include/radius-priority.xml.i b/interface-definitions/include/radius-priority.xml.i
new file mode 100644
index 000000000..f77f5016e
--- /dev/null
+++ b/interface-definitions/include/radius-priority.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from radius-priority.xml.i -->
+<leafNode name="priority">
+ <properties>
+ <help>Server priority</help>
+ <valueHelp>
+ <format>u32:1-255</format>
+ <description>Server priority</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-255"/>
+ </constraint>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/system_login.xml.in b/interface-definitions/system_login.xml.in
index a59f54005..dd26b00ef 100644
--- a/interface-definitions/system_login.xml.in
+++ b/interface-definitions/system_login.xml.in
@@ -202,17 +202,8 @@
<tagNode name="server">
<children>
#include <include/radius-timeout.xml.i>
+ #include <include/radius-priority.xml.i>
<leafNode name="priority">
- <properties>
- <help>Server priority</help>
- <valueHelp>
- <format>u32:1-255</format>
- <description>Server priority</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-255"/>
- </constraint>
- </properties>
<defaultValue>255</defaultValue>
</leafNode>
</children>
diff --git a/smoketest/scripts/cli/base_accel_ppp_test.py b/smoketest/scripts/cli/base_accel_ppp_test.py
index 383adc445..ab723e707 100644
--- a/smoketest/scripts/cli/base_accel_ppp_test.py
+++ b/smoketest/scripts/cli/base_accel_ppp_test.py
@@ -367,6 +367,27 @@ class BasicAccelPPPTest:
]
)
+ self.set(
+ [
+ "authentication",
+ "radius",
+ "server",
+ radius_server,
+ "backup",
+ ]
+ )
+
+ self.set(
+ [
+ "authentication",
+ "radius",
+ "server",
+ radius_server,
+ "priority",
+ "10",
+ ]
+ )
+
# commit changes
self.cli_commit()
@@ -379,6 +400,8 @@ class BasicAccelPPPTest:
self.assertEqual(f"acct-port=0", server[3])
self.assertEqual(f"req-limit=0", server[4])
self.assertEqual(f"fail-time=0", server[5])
+ self.assertIn('weight=10', server)
+ self.assertIn('backup', server)
def test_accel_ipv4_pool(self):
self.basic_config(is_gateway=False, is_client_pool=False)
diff --git a/smoketest/scripts/cli/test_vpn_l2tp.py b/smoketest/scripts/cli/test_vpn_l2tp.py
index 8c4e53895..07a7e2906 100755
--- a/smoketest/scripts/cli/test_vpn_l2tp.py
+++ b/smoketest/scripts/cli/test_vpn_l2tp.py
@@ -95,6 +95,29 @@ class TestVPNL2TPServer(BasicAccelPPPTest.TestCase):
self.cli_set(base_path + ['authentication', 'protocols', 'chap'])
self.cli_commit()
+ def test_l2tp_radius_server(self):
+ base_path = ['vpn', 'l2tp', 'remote-access']
+ radius_server = "192.0.2.22"
+ radius_key = "secretVyOS"
+
+ self.cli_set(base_path + ['authentication', 'mode', 'radius'])
+ self.cli_set(base_path + ['gateway-address', '192.0.2.1'])
+ self.cli_set(base_path + ['client-ip-pool', 'SIMPLE-POOL', 'range', '192.0.2.0/24'])
+ self.cli_set(base_path + ['default-pool', 'SIMPLE-POOL'])
+ self.cli_set(base_path + ['authentication', 'radius', 'server', radius_server, 'key', radius_key])
+ self.cli_set(base_path + ['authentication', 'radius', 'server', radius_server, 'priority', '10'])
+ self.cli_set(base_path + ['authentication', 'radius', 'server', radius_server, 'backup'])
+
+ # commit changes
+ self.cli_commit()
+
+ # Validate configuration values
+ conf = ConfigParser(allow_no_value=True)
+ conf.read(self._config_file)
+ server = conf["radius"]["server"].split(",")
+ self.assertIn('weight=10', server)
+ self.assertIn('backup', server)
+
if __name__ == '__main__':
unittest.main(verbosity=2)