summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--data/templates/accel-ppp/pptp.config.j29
-rw-r--r--data/templates/frr/bgpd.frr.j221
-rw-r--r--interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i2
-rw-r--r--interface-definitions/include/bgp/afi-l2vpn-common.xml.i3
-rw-r--r--interface-definitions/vpn-openconnect.xml.in2
-rw-r--r--interface-definitions/vpn-pptp.xml.in1
-rw-r--r--op-mode-definitions/monitor-log.xml.in2
-rw-r--r--op-mode-definitions/show-log.xml.in2
-rw-r--r--op-mode-definitions/vpn-ipsec.xml.in22
-rwxr-xr-xsrc/conf_mode/interfaces-wwan.py2
-rwxr-xr-xsrc/conf_mode/vpn_ipsec.py6
-rwxr-xr-xsrc/op_mode/ikev2_profile_generator.py8
-rwxr-xr-xsrc/op_mode/vpn_ike_sa.py2
13 files changed, 50 insertions, 32 deletions
diff --git a/data/templates/accel-ppp/pptp.config.j2 b/data/templates/accel-ppp/pptp.config.j2
index cc1a45d6b..442830b6b 100644
--- a/data/templates/accel-ppp/pptp.config.j2
+++ b/data/templates/accel-ppp/pptp.config.j2
@@ -93,6 +93,15 @@ bind={{ radius_source_address }}
gw-ip-address={{ gw_ip }}
{% endif %}
+{% if radius_shaper_attr %}
+[shaper]
+verbose=1
+attr={{ radius_shaper_attr }}
+{% if radius_shaper_vendor %}
+vendor={{ radius_shaper_vendor }}
+{% endif %}
+{% endif %}
+
[cli]
tcp=127.0.0.1:2003
diff --git a/data/templates/frr/bgpd.frr.j2 b/data/templates/frr/bgpd.frr.j2
index bf4be23ff..e8d135c78 100644
--- a/data/templates/frr/bgpd.frr.j2
+++ b/data/templates/frr/bgpd.frr.j2
@@ -378,14 +378,19 @@ router bgp {{ system_as }} {{ 'vrf ' ~ vrf if vrf is vyos_defined }}
{% endif %}
{% endif %}
{% if afi_config.route_target.both is vyos_defined %}
- route-target both {{ afi_config.route_target.both }}
-{% else %}
-{% if afi_config.route_target.export is vyos_defined %}
- route-target export {{ afi_config.route_target.export }}
-{% endif %}
-{% if afi_config.route_target.import is vyos_defined %}
- route-target import {{ afi_config.route_target.import }}
-{% endif %}
+{% for route_target in afi_config.route_target.both %}
+ route-target both {{ route_target }}
+{% endfor %}
+{% endif %}
+{% if afi_config.route_target.export is vyos_defined %}
+{% for route_target in afi_config.route_target.export %}
+ route-target export {{ route_target }}
+{% endfor %}
+{% endif %}
+{% if afi_config.route_target.import is vyos_defined %}
+{% for route_target in afi_config.route_target.import %}
+ route-target import {{ route_target }}
+{% endfor %}
{% endif %}
{% if afi_config.route_map.vpn.export is vyos_defined %}
route-map vpn export {{ afi_config.route_map.vpn.export }}
diff --git a/interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i b/interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i
index f44920c3f..c9ad0d3d4 100644
--- a/interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i
+++ b/interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i
@@ -6,7 +6,7 @@
<children>
<leafNode name="attribute">
<properties>
- <help>Specifies which radius attribute contains rate information. (default is Filter-Id)</help>
+ <help>Specifies which RADIUS attribute contains rate information. (default is Filter-Id)</help>
</properties>
<defaultValue>Filter-Id</defaultValue>
</leafNode>
diff --git a/interface-definitions/include/bgp/afi-l2vpn-common.xml.i b/interface-definitions/include/bgp/afi-l2vpn-common.xml.i
index d586635c8..fef3daf3b 100644
--- a/interface-definitions/include/bgp/afi-l2vpn-common.xml.i
+++ b/interface-definitions/include/bgp/afi-l2vpn-common.xml.i
@@ -27,6 +27,7 @@
<constraint>
<validator name="bgp-rd-rt" argument="--route-target"/>
</constraint>
+ <multi/>
</properties>
</leafNode>
<leafNode name="import">
@@ -39,6 +40,7 @@
<constraint>
<validator name="bgp-rd-rt" argument="--route-target"/>
</constraint>
+ <multi/>
</properties>
</leafNode>
<leafNode name="export">
@@ -51,6 +53,7 @@
<constraint>
<validator name="bgp-rd-rt" argument="--route-target"/>
</constraint>
+ <multi/>
</properties>
</leafNode>
</children>
diff --git a/interface-definitions/vpn-openconnect.xml.in b/interface-definitions/vpn-openconnect.xml.in
index bc7f78e79..3b3a83bd4 100644
--- a/interface-definitions/vpn-openconnect.xml.in
+++ b/interface-definitions/vpn-openconnect.xml.in
@@ -156,7 +156,7 @@
</leafNode>
<leafNode name="groupconfig">
<properties>
- <help>If the groupconfig option is set, then config-per-user will be overriden, and all configuration will be read from radius.</help>
+ <help>If the groupconfig option is set, then config-per-user will be overriden, and all configuration will be read from RADIUS.</help>
</properties>
</leafNode>
</children>
diff --git a/interface-definitions/vpn-pptp.xml.in b/interface-definitions/vpn-pptp.xml.in
index 28a53acb9..5e52965fd 100644
--- a/interface-definitions/vpn-pptp.xml.in
+++ b/interface-definitions/vpn-pptp.xml.in
@@ -110,6 +110,7 @@
</node>
#include <include/radius-server-ipv4.xml.i>
#include <include/accel-ppp/radius-additions.xml.i>
+ #include <include/accel-ppp/radius-additions-rate-limit.xml.i>
</children>
</node>
</children>
diff --git a/op-mode-definitions/monitor-log.xml.in b/op-mode-definitions/monitor-log.xml.in
index 975d20465..01462ad8f 100644
--- a/op-mode-definitions/monitor-log.xml.in
+++ b/op-mode-definitions/monitor-log.xml.in
@@ -237,7 +237,7 @@
</leafNode>
<leafNode name="ipsec">
<properties>
- <help>Monitor last lines of IPSec</help>
+ <help>Monitor last lines of IPsec</help>
</properties>
<command>journalctl --no-hostname --boot --follow --unit strongswan-starter.service</command>
</leafNode>
diff --git a/op-mode-definitions/show-log.xml.in b/op-mode-definitions/show-log.xml.in
index ebd198215..8906d9ef3 100644
--- a/op-mode-definitions/show-log.xml.in
+++ b/op-mode-definitions/show-log.xml.in
@@ -384,7 +384,7 @@
</leafNode>
<leafNode name="ipsec">
<properties>
- <help>Show log for IPSec</help>
+ <help>Show log for IPsec</help>
</properties>
<command>journalctl --no-hostname --boot --unit strongswan-starter.service</command>
</leafNode>
diff --git a/op-mode-definitions/vpn-ipsec.xml.in b/op-mode-definitions/vpn-ipsec.xml.in
index 8c9e76651..f1af65fcb 100644
--- a/op-mode-definitions/vpn-ipsec.xml.in
+++ b/op-mode-definitions/vpn-ipsec.xml.in
@@ -55,9 +55,9 @@
<children>
<node name="vpn">
<properties>
- <help>Restart IPSec VPN</help>
+ <help>Restart the IPsec VPN process</help>
</properties>
- <command>if pgrep charon >/dev/null ; then sudo ipsec restart ; sleep 3 ; sudo swanctl -q ; else echo "IPSec process not running" ; fi</command>
+ <command>if pgrep charon >/dev/null ; then sudo ipsec restart ; sleep 3 ; sudo swanctl -q ; else echo "IPsec process not running" ; fi</command>
</node>
</children>
</node>
@@ -134,7 +134,7 @@
</node>
<node name="ipsec">
<properties>
- <help>Show Internet Protocol Security (IPSec) information</help>
+ <help>Show Internet Protocol Security (IPsec) information</help>
</properties>
<children>
<node name="policy">
@@ -151,19 +151,19 @@
</leafNode>
<node name="sa">
<properties>
- <help>Show all active IPSec Security Associations (SA)</help>
+ <help>Show all active IPsec Security Associations (SA)</help>
</properties>
<children>
<!--
<node name="detail">
<properties>
- <help>Show Detail on all active IPSec Security Associations (SA)</help>
+ <help>Show Detail on all active IPsec Security Associations (SA)</help>
</properties>
<command></command>
</node>
<tagNode name="stats">
<properties>
- <help>Show statistics for all currently active IPSec Security Associations (SA)</help>
+ <help>Show statistics for all currently active IPsec Security Associations (SA)</help>
<valueHelp>
<format>txt</format>
<description>Show Statistics for SAs associated with a specific peer</description>
@@ -182,12 +182,12 @@
-->
<node name="verbose">
<properties>
- <help>Show Verbose Detail on all active IPSec Security Associations (SA)</help>
+ <help>Show Verbose Detail on all active IPsec Security Associations (SA)</help>
</properties>
- <command>if pgrep charon >/dev/null ; then sudo /usr/sbin/ipsec statusall ; else echo "IPSec process not running" ; fi</command>
+ <command>if pgrep charon >/dev/null ; then sudo /usr/sbin/ipsec statusall ; else echo "IPsec process not running" ; fi</command>
</node>
</children>
- <command>if pgrep charon >/dev/null ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_sa ; else echo "IPSec process not running" ; fi</command>
+ <command>if pgrep charon >/dev/null ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_sa ; else echo "IPsec process not running" ; fi</command>
</node>
<node name="state">
<properties>
@@ -197,9 +197,9 @@
</node>
<node name="status">
<properties>
- <help>Show status of IPSec process</help>
+ <help>Show status of IPsec process</help>
</properties>
- <command>if pgrep charon >/dev/null ; then echo -e "IPSec Process Running: $(pgrep charon)\n$(sudo /usr/sbin/ipsec status)" ; else echo "IPSec process not running" ; fi</command>
+ <command>if pgrep charon >/dev/null ; then echo -e "IPsec Process Running: $(pgrep charon)\n$(sudo /usr/sbin/ipsec status)" ; else echo "IPsec process not running" ; fi</command>
</node>
</children>
</node>
diff --git a/src/conf_mode/interfaces-wwan.py b/src/conf_mode/interfaces-wwan.py
index 97b3a6396..a14a992ae 100755
--- a/src/conf_mode/interfaces-wwan.py
+++ b/src/conf_mode/interfaces-wwan.py
@@ -116,7 +116,7 @@ def generate(wwan):
# disconnect - e.g. happens during RF signal loss. The script watches every
# WWAN interface - so there is only one instance.
if not os.path.exists(cron_script):
- write_file(cron_script, '*/5 * * * * root /usr/libexec/vyos/vyos-check-wwan.py')
+ write_file(cron_script, '*/5 * * * * root /usr/libexec/vyos/vyos-check-wwan.py\n')
return None
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py
index c9061366d..77a425f8b 100755
--- a/src/conf_mode/vpn_ipsec.py
+++ b/src/conf_mode/vpn_ipsec.py
@@ -265,7 +265,7 @@ def verify(ipsec):
ike = ra_conf['ike_group']
if dict_search(f'ike_group.{ike}.key_exchange', ipsec) != 'ikev2':
- raise ConfigError('IPSec remote-access connections requires IKEv2!')
+ raise ConfigError('IPsec remote-access connections requires IKEv2!')
else:
raise ConfigError(f"Missing ike-group on {name} remote-access config")
@@ -308,10 +308,10 @@ def verify(ipsec):
for pool in ra_conf['pool']:
if pool == 'dhcp':
if dict_search('remote_access.dhcp.server', ipsec) == None:
- raise ConfigError('IPSec DHCP server is not configured!')
+ raise ConfigError('IPsec DHCP server is not configured!')
elif pool == 'radius':
if dict_search('remote_access.radius.server', ipsec) == None:
- raise ConfigError('IPSec RADIUS server is not configured!')
+ raise ConfigError('IPsec RADIUS server is not configured!')
if dict_search('authentication.client_mode', ra_conf) != 'eap-radius':
raise ConfigError('RADIUS IP pool requires eap-radius client authentication!')
diff --git a/src/op_mode/ikev2_profile_generator.py b/src/op_mode/ikev2_profile_generator.py
index 21561d16f..a22f04c45 100755
--- a/src/op_mode/ikev2_profile_generator.py
+++ b/src/op_mode/ikev2_profile_generator.py
@@ -119,7 +119,7 @@ config_base = ipsec_base + ['remote-access', 'connection']
pki_base = ['pki']
conf = ConfigTreeQuery()
if not conf.exists(config_base):
- exit('IPSec remote-access is not configured!')
+ exit('IPsec remote-access is not configured!')
profile_name = 'VyOS IKEv2 Profile'
if args.profile:
@@ -131,7 +131,7 @@ if args.name:
conn_base = config_base + [args.connection]
if not conf.exists(conn_base):
- exit(f'IPSec remote-access connection "{args.connection}" does not exist!')
+ exit(f'IPsec remote-access connection "{args.connection}" does not exist!')
data = conf.get_config_dict(conn_base, key_mangling=('-', '_'),
get_first_key=True, no_tag_node_value_mangle=True)
@@ -178,7 +178,7 @@ for _, proposal in ike_proposal.items():
proposal['hash'] in set(vyos2client_integrity) and
proposal['dh_group'] in set(supported_dh_groups)):
- # We 're-code' from the VyOS IPSec proposals to the Apple naming scheme
+ # We 're-code' from the VyOS IPsec proposals to the Apple naming scheme
proposal['encryption'] = vyos2client_cipher[ proposal['encryption'] ]
proposal['hash'] = vyos2client_integrity[ proposal['hash'] ]
@@ -191,7 +191,7 @@ count = 1
for _, proposal in esp_proposals.items():
if {'encryption', 'hash'} <= set(proposal):
if proposal['encryption'] in set(vyos2client_cipher) and proposal['hash'] in set(vyos2client_integrity):
- # We 're-code' from the VyOS IPSec proposals to the Apple naming scheme
+ # We 're-code' from the VyOS IPsec proposals to the Apple naming scheme
proposal['encryption'] = vyos2client_cipher[ proposal['encryption'] ]
proposal['hash'] = vyos2client_integrity[ proposal['hash'] ]
diff --git a/src/op_mode/vpn_ike_sa.py b/src/op_mode/vpn_ike_sa.py
index 00f34564a..4b44c5c15 100755
--- a/src/op_mode/vpn_ike_sa.py
+++ b/src/op_mode/vpn_ike_sa.py
@@ -71,7 +71,7 @@ if __name__ == '__main__':
args = parser.parse_args()
if not process_named_running('charon'):
- print("IPSec Process NOT Running")
+ print("IPsec Process NOT Running")
sys.exit(0)
ike_sa(args.peer, args.nat)