diff options
author | Marcus Hoff <marcus.hoff@ring2.dk> | 2020-09-26 13:19:37 +0200 |
---|---|---|
committer | Marcus Hoff <marcus.hoff@ring2.dk> | 2020-09-26 13:19:37 +0200 |
commit | 1141bee72677b25d18436975625d2d298be503ff (patch) | |
tree | 4b6dc8fe1a8ced931e1ba08c58a348abfcd85a6b /data | |
parent | 45b30adfaaec7065f768d04085138a75a76ed376 (diff) | |
parent | 374724be64728101c262fcac1579beece63ee651 (diff) | |
download | vyos-1x-1141bee72677b25d18436975625d2d298be503ff.tar.gz vyos-1x-1141bee72677b25d18436975625d2d298be503ff.zip |
Merge remote-tracking branch 'upstream/current' into current
Diffstat (limited to 'data')
-rw-r--r-- | data/configd-include.json | 1 | ||||
-rw-r--r-- | data/templates/dns-forwarding/recursor.conf.tmpl | 2 | ||||
-rw-r--r-- | data/templates/dns-forwarding/recursor.forward-zones.conf.tmpl | 34 | ||||
-rw-r--r-- | data/templates/dns-forwarding/recursor.vyos-hostsd.conf.lua.tmpl | 28 | ||||
-rw-r--r-- | data/templates/macsec/wpa_supplicant.conf.tmpl | 2 | ||||
-rw-r--r-- | data/templates/openvpn/server.conf.tmpl | 10 | ||||
-rw-r--r-- | data/templates/wifi/hostapd.conf.tmpl | 23 | ||||
-rw-r--r-- | data/templates/wifi/wpa_supplicant.conf.tmpl | 8 | ||||
-rw-r--r-- | data/templates/wwan/peer.tmpl | 2 |
9 files changed, 73 insertions, 37 deletions
diff --git a/data/configd-include.json b/data/configd-include.json index 0c75657e0..2711a29b8 100644 --- a/data/configd-include.json +++ b/data/configd-include.json @@ -2,6 +2,7 @@ "bcast_relay.py", "dhcp_relay.py", "dhcpv6_relay.py", +"dns_forwarding.py", "dynamic_dns.py", "firewall_options.py", "host_name.py", diff --git a/data/templates/dns-forwarding/recursor.conf.tmpl b/data/templates/dns-forwarding/recursor.conf.tmpl index d233b8abc..b0ae3cc61 100644 --- a/data/templates/dns-forwarding/recursor.conf.tmpl +++ b/data/templates/dns-forwarding/recursor.conf.tmpl @@ -21,7 +21,7 @@ max-cache-entries={{ cache_size }} max-negative-ttl={{ negative_ttl }} # ignore-hosts-file -export-etc-hosts={{ export_hosts_file }} +export-etc-hosts={{ 'no' if ignore_hosts_file is defined else 'yes' }} # listen-address local-address={{ listen_address | join(',') }} diff --git a/data/templates/dns-forwarding/recursor.forward-zones.conf.tmpl b/data/templates/dns-forwarding/recursor.forward-zones.conf.tmpl index de5eaee00..90f35ae1c 100644 --- a/data/templates/dns-forwarding/recursor.forward-zones.conf.tmpl +++ b/data/templates/dns-forwarding/recursor.forward-zones.conf.tmpl @@ -3,26 +3,26 @@ # dot zone (catch-all): '+' indicates recursion is desired # (same as forward-zones-recurse) -{#- the code below ensures the order of nameservers is determined first by #} -{#- the order of tags, then by the order of nameservers within that tag #} -{%- set n = namespace(dot_zone_ns='') %} -{%- for tag in name_server_tags_recursor %} -{%- set ns = '' %} -{%- if tag in name_servers %} -{%- set ns = ns + name_servers[tag]|join(', ') %} -{%- set n.dot_zone_ns = (n.dot_zone_ns, ns)|join(', ') if n.dot_zone_ns != '' else ns %} -{%- endif %} +{# the code below ensures the order of nameservers is determined first by #} +{# the order of tags, then by the order of nameservers within that tag #} +{% set n = namespace(dot_zone_ns='') %} +{% for tag in name_server_tags_recursor %} +{% set ns = '' %} +{% if tag in name_servers %} +{% set ns = ns + name_servers[tag]|join(', ') %} +{% set n.dot_zone_ns = (n.dot_zone_ns, ns)|join(', ') if n.dot_zone_ns != '' else ns %} +{% endif %} # {{ tag }}: {{ ns }} -{%- endfor %} +{% endfor %} -{%- if n.dot_zone_ns %} +{% if n.dot_zone_ns %} +.={{ n.dot_zone_ns }} -{%- endif %} +{% endif %} -{% if forward_zones -%} +{% if forward_zones is defined %} # zones added via 'service dns forwarding domain' -{%- for zone, zonedata in forward_zones.items() %} -{% if zonedata['recursion-desired'] %}+{% endif %}{{ zone }}={{ zonedata['nslist']|join(', ') }} -{%- endfor %} -{%- endif %} +{% for zone, zonedata in forward_zones.items() %} +{{ "+" if zonedata['recursion_desired'] is defined }}{{ zone }}={{ zonedata['server']|join(', ') }} +{% endfor %} +{% endif %} diff --git a/data/templates/dns-forwarding/recursor.vyos-hostsd.conf.lua.tmpl b/data/templates/dns-forwarding/recursor.vyos-hostsd.conf.lua.tmpl index b0d99d9ae..784d5c360 100644 --- a/data/templates/dns-forwarding/recursor.vyos-hostsd.conf.lua.tmpl +++ b/data/templates/dns-forwarding/recursor.vyos-hostsd.conf.lua.tmpl @@ -1,24 +1,24 @@ -- Autogenerated by VyOS (vyos-hostsd) -- -- Do not edit, your changes will get overwritten -- -{% if hosts -%} +{% if hosts %} -- from 'system static-host-mapping' and DHCP server -{%- for tag, taghosts in hosts.items() %} -{%- for host, hostprops in taghosts.items() %} +{% for tag, taghosts in hosts.items() %} +{% for host, hostprops in taghosts.items() %} addNTA("{{ host }}.", "{{ tag }}") -{%- for a in hostprops['aliases'] %} +{% for a in hostprops['aliases'] %} addNTA("{{ a }}.", "{{ tag }} alias") -{%- endfor %} -{%- endfor %} -{%- endfor %} -{%- endif %} +{% endfor %} +{% endfor %} +{% endfor %} +{% endif %} -{% if forward_zones -%} +{% if forward_zones is defined %} -- from 'service dns forwarding domain' -{%- for zone, zonedata in forward_zones.items() %} -{%- if zonedata['addNTA'] %} +{% for zone, zonedata in forward_zones.items() %} +{% if zonedata['addnta'] is defined %} addNTA("{{ zone }}", "static") -{%- endif %} -{%- endfor %} -{%- endif %} +{% endif %} +{% endfor %} +{% endif %} diff --git a/data/templates/macsec/wpa_supplicant.conf.tmpl b/data/templates/macsec/wpa_supplicant.conf.tmpl index 1731bf160..5b353def8 100644 --- a/data/templates/macsec/wpa_supplicant.conf.tmpl +++ b/data/templates/macsec/wpa_supplicant.conf.tmpl @@ -1,4 +1,4 @@ -# autogenerated by interfaces-macsec.py +### Autogenerated by interfaces-macsec.py ### # see full documentation: # https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl index 401f8e04b..fea310236 100644 --- a/data/templates/openvpn/server.conf.tmpl +++ b/data/templates/openvpn/server.conf.tmpl @@ -181,7 +181,11 @@ dh {{ tls_dh }} {%- endif %} {%- if tls_auth %} -tls-auth {{tls_auth}} +{%- if mode == 'client' %} +tls-auth {{tls_auth}} 1 +{%- elif mode == 'server' %} +tls-auth {{tls_auth}} 0 +{%- endif %} {%- endif %} {%- if tls_role %} @@ -196,7 +200,9 @@ tls-server # Encryption options {%- if encryption %} -{% if encryption == 'des' -%} +{% if encryption == 'none' -%} +cipher none +{%- elif encryption == 'des' -%} cipher des-cbc {%- elif encryption == '3des' -%} cipher des-ede3-cbc diff --git a/data/templates/wifi/hostapd.conf.tmpl b/data/templates/wifi/hostapd.conf.tmpl index 132c4ce40..c5e4240d1 100644 --- a/data/templates/wifi/hostapd.conf.tmpl +++ b/data/templates/wifi/hostapd.conf.tmpl @@ -11,6 +11,21 @@ device_name={{ description | truncate(32, True) }} # command line parameter. interface={{ ifname }} +{% if is_bridge_member is defined %} +# In case of atheros and nl80211 driver interfaces, an additional +# configuration parameter, bridge, may be used to notify hostapd if the +# interface is included in a bridge. This parameter is not used with Host AP +# driver. If the bridge parameter is not set, the drivers will automatically +# figure out the bridge interface (assuming sysfs is enabled and mounted to +# /sys) and this parameter may not be needed. +# +# For nl80211, this parameter can be used to request the AP interface to be +# added to the bridge automatically (brctl may refuse to do this before hostapd +# has been started to change the interface mode). If needed, the bridge +# interface is also created. +bridge={{ is_bridge_member }} +{% endif %} + # Driver interface type (hostap/wired/none/nl80211/bsd); # default: hostap). nl80211 is used with all Linux mac80211 drivers. # Use driver=none if building hostapd as a standalone RADIUS server that does @@ -433,6 +448,14 @@ macaddr_acl=0 max_num_sta={{ max_stations }} {% endif %} +{% if wds is defined %} +# WDS (4-address frame) mode with per-station virtual interfaces +# (only supported with driver=nl80211) +# This mode allows associated stations to use 4-address frames to allow layer 2 +# bridging to be used. +wds_sta=1 +{% endif %} + {% if isolate_stations is defined %} # Client isolation can be used to prevent low-level bridging of frames between # associated stations in the BSS. By default, this bridging is allowed. diff --git a/data/templates/wifi/wpa_supplicant.conf.tmpl b/data/templates/wifi/wpa_supplicant.conf.tmpl index 9ddad35fd..f84892dc0 100644 --- a/data/templates/wifi/wpa_supplicant.conf.tmpl +++ b/data/templates/wifi/wpa_supplicant.conf.tmpl @@ -1,7 +1,13 @@ -# WPA supplicant config +### Autogenerated by interfaces-macsec.py ### + +# see full documentation: +# https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf + network={ ssid="{{ ssid }}" + scan_ssid=1 {% if security is defined and security.wpa is defined and security.wpa.passphrase is defined %} + key_mgmt=WPA-PSK psk="{{ security.wpa.passphrase }}" {% else %} key_mgmt=NONE diff --git a/data/templates/wwan/peer.tmpl b/data/templates/wwan/peer.tmpl index aa759f741..e23881bf8 100644 --- a/data/templates/wwan/peer.tmpl +++ b/data/templates/wwan/peer.tmpl @@ -21,7 +21,7 @@ noauth crtscts lock persist -{{ "demand" if ondemand is defined }} +{{ "demand" if connect_on_demand is defined }} connect '/usr/sbin/chat -v -t6 -f /etc/ppp/peers/chat.{{ ifname }}' |