diff options
author | Christian Breunig <christian@breunig.cc> | 2024-01-17 06:35:51 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-01-17 06:35:51 +0100 |
commit | 0afa8dd813195b43f7ac3c9f0c11fdc8dae31668 (patch) | |
tree | b84cfe5737e6342a993444b64f7e201814dfda79 /python/vyos | |
parent | bf08f0f2538b5068ff1a41b51dac832b04a7d4be (diff) | |
parent | d187803c31175e471397dd4f77040ab56d2e1073 (diff) | |
download | vyos-1x-0afa8dd813195b43f7ac3c9f0c11fdc8dae31668.tar.gz vyos-1x-0afa8dd813195b43f7ac3c9f0c11fdc8dae31668.zip |
Merge pull request #2832 from aapostoliuk/T5865-circinus
T5865: Moved ipv6 pools to named ipv6 pools in accel-ppp
Diffstat (limited to 'python/vyos')
-rw-r--r-- | python/vyos/accel_ppp_util.py | 41 |
1 files changed, 25 insertions, 16 deletions
diff --git a/python/vyos/accel_ppp_util.py b/python/vyos/accel_ppp_util.py index 757d447a2..2f029e042 100644 --- a/python/vyos/accel_ppp_util.py +++ b/python/vyos/accel_ppp_util.py @@ -1,4 +1,4 @@ -# Copyright 2023 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2023-2024 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -22,9 +22,9 @@ # makes use of it! from vyos import ConfigError +from vyos.base import Warning from vyos.utils.dict import dict_search - def get_pools_in_order(data: dict) -> list: """Return a list of dictionaries representing pool data in the order in which they should be allocated. Pool must be defined before we can @@ -156,38 +156,47 @@ def verify_accel_ppp_base_service(config, local_users=True): "Not more then three IPv6 DNS name-servers " "can be configured" ) - if "client_ipv6_pool" in config: - ipv6_pool = config["client_ipv6_pool"] - if "delegate" in ipv6_pool: - if "prefix" not in ipv6_pool: - raise ConfigError( - 'IPv6 "delegate" also requires "prefix" to be defined!' - ) - - for delegate in ipv6_pool["delegate"]: - if "delegation_prefix" not in ipv6_pool["delegate"][delegate]: - raise ConfigError("delegation-prefix length required!") def verify_accel_ppp_ip_pool(vpn_config): """ Common helper function which must be used by Accel-PPP services (pptp, l2tp, sstp, pppoe) to verify client-ip-pool + and client-ipv6-pool """ if dict_search("client_ip_pool", vpn_config): for pool_name, pool_config in vpn_config["client_ip_pool"].items(): next_pool = dict_search(f"next_pool", pool_config) if next_pool: if next_pool not in vpn_config["client_ip_pool"]: - raise ConfigError(f'Next pool "{next_pool}" does not exist') + raise ConfigError( + f'Next pool "{next_pool}" does not exist') if not dict_search(f"range", pool_config): raise ConfigError( f'Pool "{pool_name}" does not contain range but next-pool exists' ) - if not dict_search("gateway_address", vpn_config): - raise ConfigError("Server requires gateway-address to be configured!") + Warning("IPv4 Server requires gateway-address to be configured!") + default_pool = dict_search("default_pool", vpn_config) if default_pool: if default_pool not in dict_search("client_ip_pool", vpn_config): raise ConfigError(f'Default pool "{default_pool}" does not exists') + + if 'client_ipv6_pool' in vpn_config: + for ipv6_pool, ipv6_pool_config in vpn_config['client_ipv6_pool'].items(): + if 'delegate' in ipv6_pool_config and 'prefix' not in ipv6_pool_config: + raise ConfigError( + f'IPoE IPv6 deletate-prefix requires IPv6 prefix to be configured in "{ipv6_pool}"!') + + if dict_search('authentication.mode', vpn_config) in ['local', 'noauth']: + if not dict_search('client_ip_pool', vpn_config) and not dict_search( + 'client_ipv6_pool', vpn_config): + raise ConfigError( + "L2TP local auth mode requires local client-ip-pool or client-ipv6-pool to be configured!") + if dict_search('client_ip_pool', vpn_config) and not dict_search( + 'default_pool', vpn_config): + Warning("'default-pool' is not defined") + if dict_search('client_ipv6_pool', vpn_config) and not dict_search( + 'default_ipv6_pool', vpn_config): + Warning("'default-ipv6-pool' is not defined") |