diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-04-18 14:33:57 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-04-18 14:33:57 +0200 |
commit | 56fb2cf15b765efdad77c111bbd5294f296d7223 (patch) | |
tree | 244c66d2e4f9b576f784fbad6d0a0c100521cb99 /data | |
parent | 8d8fea6428cf7687757f14592cc345bf0804b993 (diff) | |
parent | 267b3213ef0e6ac4501470bef797796276879421 (diff) | |
download | vyos-1x-56fb2cf15b765efdad77c111bbd5294f296d7223.tar.gz vyos-1x-56fb2cf15b765efdad77c111bbd5294f296d7223.zip |
Merge branch 'pppoe-server-update' of github.com:c-po/vyos-1x into current
* 'pppoe-server-update' of github.com:c-po/vyos-1x:
accel-ppp: T2314: use common tempplate for chap-secrets
pppoe-server: T2314: migrate IPv6 to common CLI nodes with embeeded validation
pppoe-server: T2313: bugfix Floating Point Exception
pppoe-server: T2314: migrate RADIUS configuration to common CLI syntax
vpn: l2tp: pptp: sstp: rename files to common pattern
pppoe-server: T2314: migrate IPv4/IPv6 name-servers to common node
vpn: l2tp: sstp: ease unlinking of configuration files
pppoe-server: T2314: remove boilerplate code and adjust
pppoe-server: T2185: migrate from SysVinit to systemd
Diffstat (limited to 'data')
-rw-r--r-- | data/templates/accel-ppp/chap-secrets.tmpl (renamed from data/templates/l2tp/chap-secrets.tmpl) | 0 | ||||
-rw-r--r-- | data/templates/accel-ppp/l2tp.config.tmpl (renamed from data/templates/l2tp/l2tp.config.tmpl) | 2 | ||||
-rw-r--r-- | data/templates/accel-ppp/pppoe.config.tmpl | 203 | ||||
-rw-r--r-- | data/templates/accel-ppp/sstp.config.tmpl (renamed from data/templates/sstp/sstp.config.tmpl) | 1 | ||||
-rw-r--r-- | data/templates/pppoe-server/chap-secrets.tmpl | 10 | ||||
-rw-r--r-- | data/templates/pppoe-server/pppoe.config.tmpl | 228 | ||||
-rw-r--r-- | data/templates/sstp/chap-secrets.tmpl | 10 |
7 files changed, 203 insertions, 251 deletions
diff --git a/data/templates/l2tp/chap-secrets.tmpl b/data/templates/accel-ppp/chap-secrets.tmpl index dd00d7bd0..dd00d7bd0 100644 --- a/data/templates/l2tp/chap-secrets.tmpl +++ b/data/templates/accel-ppp/chap-secrets.tmpl diff --git a/data/templates/l2tp/l2tp.config.tmpl b/data/templates/accel-ppp/l2tp.config.tmpl index ba78cadcd..ebe3aca29 100644 --- a/data/templates/l2tp/l2tp.config.tmpl +++ b/data/templates/accel-ppp/l2tp.config.tmpl @@ -124,7 +124,6 @@ ipv6=allow {% for p in client_ipv6_delegate_prefix %} delegate={{ p.prefix }},{{ p.mask }} {% endfor %} - {% endif %} {% if client_ipv6_delegate_prefix %} @@ -144,4 +143,3 @@ vendor={{ radius_shaper_vendor }} [cli] tcp=127.0.0.1:2004 sessions-columns=ifname,username,calling-sid,ip,{{ ip6_column | join(',') }}{{ ',' if ip6_column }}rate-limit,type,comp,state,rx-bytes,tx-bytes,uptime - diff --git a/data/templates/accel-ppp/pppoe.config.tmpl b/data/templates/accel-ppp/pppoe.config.tmpl new file mode 100644 index 000000000..325b75adc --- /dev/null +++ b/data/templates/accel-ppp/pppoe.config.tmpl @@ -0,0 +1,203 @@ + +### generated by accel_pppoe.py ### +[modules] +log_syslog +pppoe +{% if auth_mode == 'radius' %} +radius +{% endif %} +ippool +{% if ppp_ipv6 != 'deny' %} +ipv6pool +ipv6_nd +ipv6_dhcp +{% endif %} +chap-secrets +auth_pap +auth_chap_md5 +auth_mschap_v1 +auth_mschap_v2 +shaper +{% if snmp %} +net-snmp +{% endif %} +{% if limits %} +connlimit +{% endif %} + +[core] +thread-count={{ thread_cnt }} + +[log] +syslog=accel-pppoe,daemon +copy=1 +level=5 + +{% if snmp == 'enable-ma' %} +[snmp] +master=1 +{% endif %} + +[client-ip-range] +disable + +{% if ppp_gw %} +[ip-pool] +gw-ip-address={{ ppp_gw }} +{% if client_ip_pool %} +{{ client_ip_pool }} +{% endif -%} +{% if client_ip_subnets %} +{% for subnet in client_ip_subnets %} +{{ subnet }} +{% endfor %} +{% endif %} +{% endif %} + +{% if client_ipv6_pool %} +[ipv6-pool] +{% for p in client_ipv6_pool %} +{{ p.prefix }},{{ p.mask }} +{% endfor %} +{% for p in client_ipv6_delegate_prefix %} +delegate={{ p.prefix }},{{ p.mask }} +{% endfor %} +{% endif %} + +{% if dnsv4 %} +[dns] +{% for dns in dnsv4 -%} +dns{{ loop.index }}={{ dns }} +{% endfor -%} +{% endif %} + +{% if dnsv6 %} +[ipv6-dns] +{% for dns in dnsv6 -%} +{{ dns }} +{% endfor -%} +{% endif %} + +{% if wins %} +[wins] +{% for server in wins -%} +wins{{ loop.index }}={{ server }} +{% endfor -%} +{% endif %} + +{% if auth_mode == 'local' %} +[chap-secrets] +chap-secrets={{ chap_secrets_file }} +{% elif auth_mode == 'radius' %} +[radius] +verbose=1 +{% for r in radius_server %} +server={{ r.server }},{{ r.key }},auth-port={{ r.port }},req-limit=0,fail-time={{ r.fail_time }} +{% endfor -%} + +acct-timeout={{ radius_acct_tmo }} +timeout={{ radius_timeout }} +max-try={{ radius_max_try }} +{% if radius_nas_id %} +nas-identifier={{ radius_nas_id }} +{% endif -%} +{% if radius_nas_ip %} +nas-ip-address={{ radius_nas_ip }} +{% endif -%} +{% if radius_source_address %} +bind={{ radius_source_address }} +{% endif -%} + +{% if radius_dynamic_author %} +dae-server={{ radius_dynamic_author.server }}:{{ radius_dynamic_author.port }},{{ radius_dynamic_author.key }} +{% endif -%} + +{% if radius_shaper_attr %} +[shaper] +verbose=1 +attr={{ radius_shaper_attr }} +{% if radius_shaper_vendor %} +vendor={{ radius_shaper_vendor }} +{% endif -%} +{% endif -%} +{% endif %} + +[ppp] +verbose=1 +check-ip=1 +{% if not sesscrtl == 'disable' %} +single-session={{sesscrtl}} +{% endif -%} +{% if ppp_ccp %} +ccp=1 +{% endif %} +{% if ppp_min_mtu %} +min-mtu={{ ppp_min_mtu }} +{% else %} +min-mtu={{ mtu }} +{% endif %} +{% if ppp_mru %} +mru={{ ppp_mru }} +{% endif %} +mppe={{ ppp_mppe }} +lcp-echo-interval={{ ppp_echo_interval }} +lcp-echo-timeout={{ ppp_echo_timeout }} +lcp-echo-failure={{ ppp_echo_failure }} +{% if ppp_ipv4 %} +ipv4={{ ppp_ipv4 }} +{% endif %} +{% if client_ipv6_pool %} +ipv6=allow +{% endif %} + +{% if ppp_ipv6 %} +ipv6={{ ppp_ipv6 }} +{% if ppp_ipv6_intf_id %} +ipv6-intf-id={{ ppp_ipv6_intf_id }} +{% endif %} +{% if ppp_ipv6_peer_intf_id %} +ipv6-peer-intf-id={{ ppp_ipv6_peer_intf_id }} +{% endif %} +{% if ppp_ipv6_accept_peer_intf_id %} +ipv6-accept-peer-intf-id={{ ppp_ipv6_accept_peer_intf_id }} +{% endif %} +{% endif %} +mtu={{ mtu }} + +[pppoe] +verbose=1 +ac-name={{ concentrator }} + +{% if interfaces %} +{% for interface in interfaces %} +interface={{ interface.name }} +{% if interface.vlans %} +vlan-mon={{ interface.name }},{{ interface.vlans | join(',') }} +interface=re:{{ interface.name }}\.\d+ +{% endif %} +{% endfor -%} +{% endif -%} + +{% if svc_name %} +service-name={{ svc_name|join(',') }} +{% endif -%} + +{% if pado_delay %} +pado-delay={{ pado_delay }} +{% endif %} + +{% if limits_burst or limits_connections or limits_connections %} +[connlimit] +{% if limits_connections %} +limit={{ limits_connections }} +{% endif %} +{% if limits_burst %} +burst={{ limits_burst }} +{% endif %} +{% if limits_timeout %} +timeout={{ limits_timeout }} +{% endif %} +{% endif %} + +[cli] +tcp=127.0.0.1:2001 diff --git a/data/templates/sstp/sstp.config.tmpl b/data/templates/accel-ppp/sstp.config.tmpl index acdb6c76b..c3dc83429 100644 --- a/data/templates/sstp/sstp.config.tmpl +++ b/data/templates/accel-ppp/sstp.config.tmpl @@ -112,4 +112,3 @@ vendor={{ radius_shaper_vendor }} [cli] tcp=127.0.0.1:2005 - diff --git a/data/templates/pppoe-server/chap-secrets.tmpl b/data/templates/pppoe-server/chap-secrets.tmpl deleted file mode 100644 index 907ac6ed7..000000000 --- a/data/templates/pppoe-server/chap-secrets.tmpl +++ /dev/null @@ -1,10 +0,0 @@ -# username server password acceptable local IP addresses shaper -{% for user in authentication['local-users'] %} -{% if authentication['local-users'][user]['state'] == 'enabled' %} -{% if (authentication['local-users'][user]['upload']) and (authentication['local-users'][user]['download']) %} -{{ "%-12s" | format(user) }} * {{ "%-16s" | format(authentication['local-users'][user]['passwd']) }} {{ "%-16s" | format(authentication['local-users'][user]['ip']) }} {{ authentication['local-users'][user]['download'] }} / {{ authentication['local-users'][user]['upload'] }} -{% else %} -{{ "%-12s" | format(user) }} * {{ "%-16s" | format(authentication['local-users'][user]['passwd']) }} {{ "%-16s" | format(authentication['local-users'][user]['ip']) }} -{% endif %} -{% endif %} -{% endfor %} diff --git a/data/templates/pppoe-server/pppoe.config.tmpl b/data/templates/pppoe-server/pppoe.config.tmpl deleted file mode 100644 index d44c0aa93..000000000 --- a/data/templates/pppoe-server/pppoe.config.tmpl +++ /dev/null @@ -1,228 +0,0 @@ - -### generated by accel_pppoe.py ### -[modules] -log_syslog -pppoe -{% if authentication['mode'] == 'radius' %} -radius -{% endif %} -ippool -{% if ppp_options['ipv6'] != 'deny' %} -ipv6pool -ipv6_nd -ipv6_dhcp -{% endif %} -chap-secrets -auth_pap -auth_chap_md5 -auth_mschap_v1 -auth_mschap_v2 -#pppd_compat -shaper -{% if snmp == 'enable' or snmp == 'enable-ma' %} -net-snmp -{% endif %} -{% if limits %} -connlimit -{% endif %} - -[core] -thread-count={{thread_cnt}} - -[log] -syslog=accel-pppoe,daemon -copy=1 -level=5 - -{% if snmp == 'enable-ma' %} -[snmp] -master=1 -{% endif -%} - -[client-ip-range] -disable - -{% if ppp_gw %} -[ip-pool] -gw-ip-address={{ppp_gw}} -{% if client_ip_pool %} -{{client_ip_pool}} -{% endif -%} - -{% if client_ip_subnets %} -{% for sn in client_ip_subnets %} -{{sn}} -{% endfor %} -{% endif %} -{% endif -%} - -{% if client_ipv6_pool %} -[ipv6-pool] -{% for prfx in client_ipv6_pool['prefix']: %} -{{prfx}} -{% endfor %} -{% for prfx in client_ipv6_pool['delegate-prefix']: %} -delegate={{prfx}} -{% endfor %} -{% endif %} - -{% if dns %} -[dns] -{% if dns[0] %} -dns1={{dns[0]}} -{% endif -%} -{% if dns[1] %} -dns2={{dns[1]}} -{% endif -%} -{% endif %} - -{% if dnsv6 %} -[ipv6-dns] -{% for srv in dnsv6: %} -{{srv}} -{% endfor %} -{% endif %} - -{% if wins %} -[wins] -{% if wins[0] %} -wins1={{wins[0]}} -{% endif %} -{% if wins[1] %} -wins2={{wins[1]}} -{% endif -%} -{% endif -%} - -{% if authentication['mode'] == 'local' %} -[chap-secrets] -chap-secrets=/etc/accel-ppp/pppoe/chap-secrets -{% endif -%} - -{% if authentication['mode'] == 'radius' %} -[radius] -{% for rsrv in authentication['radiussrv']: %} -server={{rsrv}},{{authentication['radiussrv'][rsrv]['secret']}},\ -req-limit={{authentication['radiussrv'][rsrv]['req-limit']}},\ -fail-time={{authentication['radiussrv'][rsrv]['fail-time']}} -{% endfor %} -{% if authentication['radiusopt']['timeout'] %} -timeout={{authentication['radiusopt']['timeout']}} -{% endif %} -{% if authentication['radiusopt']['acct-timeout'] %} -acct-timeout={{authentication['radiusopt']['acct-timeout']}} -{% endif %} -{% if authentication['radiusopt']['max-try'] %} -max-try={{authentication['radiusopt']['max-try']}} -{% endif %} -{% if authentication['radiusopt']['nas-id'] %} -nas-identifier={{authentication['radiusopt']['nas-id']}} -{% endif %} -{% if authentication['radiusopt']['nas-ip'] %} -nas-ip-address={{authentication['radiusopt']['nas-ip']}} -{% endif -%} -{% if authentication['radiusopt']['dae-srv'] %} -dae-server={{authentication['radiusopt']['dae-srv']['ip-addr']}}:\ -{{authentication['radiusopt']['dae-srv']['port']}},\ -{{authentication['radiusopt']['dae-srv']['secret']}} -{% endif -%} -gw-ip-address={{ppp_gw}} -verbose=1 - -{% if authentication['radiusopt']['shaper'] %} -[shaper] -verbose=1 -attr={{authentication['radiusopt']['shaper']['attr']}} -{% if authentication['radiusopt']['shaper']['vendor'] %} -vendor={{authentication['radiusopt']['shaper']['vendor']}} -{% endif -%} -{% endif -%} -{% endif %} - -[ppp] -verbose=1 -check-ip=1 -{% if not sesscrtl == 'disable' %} -single-session={{sesscrtl}} -{% endif -%} -{% if ppp_options['ccp'] %} -ccp=1 -{% endif %} -{% if ppp_options['min-mtu'] %} -min-mtu={{ppp_options['min-mtu']}} -{% else %} -min-mtu={{mtu}} -{% endif %} -{% if ppp_options['mru'] %} -mru={{ppp_options['mru']}} -{% endif %} -{% if ppp_options['mppe'] %} -mppe={{ppp_options['mppe']}} -{% else %} -mppe=prefer -{% endif %} -{% if ppp_options['lcp-echo-interval'] %} -lcp-echo-interval={{ppp_options['lcp-echo-interval']}} -{% else %} -lcp-echo-interval=30 -{% endif %} -{% if ppp_options['lcp-echo-timeout'] %} -lcp-echo-timeout={{ppp_options['lcp-echo-timeout']}} -{% endif %} -{% if ppp_options['lcp-echo-failure'] %} -lcp-echo-failure={{ppp_options['lcp-echo-failure']}} -{% else %} -lcp-echo-failure=3 -{% endif %} -{% if ppp_options['ipv4'] %} -ipv4={{ppp_options['ipv4']}} -{% endif %} -{% if client_ipv6_pool %} -ipv6=allow -{% endif %} - -{% if ppp_options['ipv6'] %} -ipv6={{ppp_options['ipv6']}} -{% if ppp_options['ipv6-intf-id'] %} -ipv6-intf-id={{ppp_options['ipv6-intf-id']}} -{% endif %} -{% if ppp_options['ipv6-peer-intf-id'] %} -ipv6-peer-intf-id={{ppp_options['ipv6-peer-intf-id']}} -{% endif %} -{% if ppp_options['ipv6-accept-peer-intf-id'] %} -ipv6-accept-peer-intf-id={{ppp_options['ipv6-accept-peer-intf-id']}} -{% endif %} -{% endif %} -mtu={{mtu}} - -[pppoe] -verbose=1 -{% if concentrator %} -ac-name={{concentrator}} -{% endif %} -{% if interface %} -{% for int in interface %} -interface={{int}} -{% if interface[int]['vlans'] %} -vlan-mon={{int}},{{interface[int]['vlans']|join(',')}} -interface=re:{{int}}\.\d+ -{% endif %} -{% endfor -%} -{% endif -%} - -{% if svc_name %} -service-name={{svc_name|join(',')}} -{% endif -%} - -{% if pado_delay %} -pado-delay={{pado_delay}} -{% endif %} - -{% if limits %} -[connlimit] -limit={{limits['conn-limit']}} -burst={{limits['burst']}} -timeout={{limits['timeout']}} -{% endif %} - -[cli] -tcp=127.0.0.1:2001 diff --git a/data/templates/sstp/chap-secrets.tmpl b/data/templates/sstp/chap-secrets.tmpl deleted file mode 100644 index dd00d7bd0..000000000 --- a/data/templates/sstp/chap-secrets.tmpl +++ /dev/null @@ -1,10 +0,0 @@ -# username server password acceptable local IP addresses shaper -{% for user in local_users %} -{% if user.state == 'enabled' %} -{% if user.upload and user.download %} -{{ "%-12s" | format(user.name) }} * {{ "%-16s" | format(user.password) }} {{ "%-16s" | format(user.ip) }} {{ user.download }} / {{ user.upload }} -{% else %} -{{ "%-12s" | format(user.name) }} * {{ "%-16s" | format(user.password) }} {{ "%-16s" | format(user.ip) }} -{% endif %} -{% endif %} -{% endfor %} |