diff options
-rw-r--r-- | data/templates/accel-ppp/pptp.config.j2 | 9 | ||||
-rw-r--r-- | data/templates/frr/bgpd.frr.j2 | 21 | ||||
-rw-r--r-- | interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i | 2 | ||||
-rw-r--r-- | interface-definitions/include/bgp/afi-l2vpn-common.xml.i | 3 | ||||
-rw-r--r-- | interface-definitions/vpn-openconnect.xml.in | 2 | ||||
-rw-r--r-- | interface-definitions/vpn-pptp.xml.in | 1 | ||||
-rw-r--r-- | op-mode-definitions/monitor-log.xml.in | 2 | ||||
-rw-r--r-- | op-mode-definitions/show-log.xml.in | 2 | ||||
-rw-r--r-- | op-mode-definitions/vpn-ipsec.xml.in | 22 | ||||
-rwxr-xr-x | src/conf_mode/interfaces-wwan.py | 2 | ||||
-rwxr-xr-x | src/conf_mode/vpn_ipsec.py | 6 | ||||
-rwxr-xr-x | src/op_mode/ikev2_profile_generator.py | 8 | ||||
-rwxr-xr-x | src/op_mode/vpn_ike_sa.py | 2 |
13 files changed, 50 insertions, 32 deletions
diff --git a/data/templates/accel-ppp/pptp.config.j2 b/data/templates/accel-ppp/pptp.config.j2 index cc1a45d6b..442830b6b 100644 --- a/data/templates/accel-ppp/pptp.config.j2 +++ b/data/templates/accel-ppp/pptp.config.j2 @@ -93,6 +93,15 @@ bind={{ radius_source_address }} gw-ip-address={{ gw_ip }} {% endif %} +{% if radius_shaper_attr %} +[shaper] +verbose=1 +attr={{ radius_shaper_attr }} +{% if radius_shaper_vendor %} +vendor={{ radius_shaper_vendor }} +{% endif %} +{% endif %} + [cli] tcp=127.0.0.1:2003 diff --git a/data/templates/frr/bgpd.frr.j2 b/data/templates/frr/bgpd.frr.j2 index bf4be23ff..e8d135c78 100644 --- a/data/templates/frr/bgpd.frr.j2 +++ b/data/templates/frr/bgpd.frr.j2 @@ -378,14 +378,19 @@ router bgp {{ system_as }} {{ 'vrf ' ~ vrf if vrf is vyos_defined }} {% endif %} {% endif %} {% if afi_config.route_target.both is vyos_defined %} - route-target both {{ afi_config.route_target.both }} -{% else %} -{% if afi_config.route_target.export is vyos_defined %} - route-target export {{ afi_config.route_target.export }} -{% endif %} -{% if afi_config.route_target.import is vyos_defined %} - route-target import {{ afi_config.route_target.import }} -{% endif %} +{% for route_target in afi_config.route_target.both %} + route-target both {{ route_target }} +{% endfor %} +{% endif %} +{% if afi_config.route_target.export is vyos_defined %} +{% for route_target in afi_config.route_target.export %} + route-target export {{ route_target }} +{% endfor %} +{% endif %} +{% if afi_config.route_target.import is vyos_defined %} +{% for route_target in afi_config.route_target.import %} + route-target import {{ route_target }} +{% endfor %} {% endif %} {% if afi_config.route_map.vpn.export is vyos_defined %} route-map vpn export {{ afi_config.route_map.vpn.export }} diff --git a/interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i b/interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i index f44920c3f..c9ad0d3d4 100644 --- a/interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i +++ b/interface-definitions/include/accel-ppp/radius-additions-rate-limit.xml.i @@ -6,7 +6,7 @@ <children> <leafNode name="attribute"> <properties> - <help>Specifies which radius attribute contains rate information. (default is Filter-Id)</help> + <help>Specifies which RADIUS attribute contains rate information. (default is Filter-Id)</help> </properties> <defaultValue>Filter-Id</defaultValue> </leafNode> diff --git a/interface-definitions/include/bgp/afi-l2vpn-common.xml.i b/interface-definitions/include/bgp/afi-l2vpn-common.xml.i index d586635c8..fef3daf3b 100644 --- a/interface-definitions/include/bgp/afi-l2vpn-common.xml.i +++ b/interface-definitions/include/bgp/afi-l2vpn-common.xml.i @@ -27,6 +27,7 @@ <constraint> <validator name="bgp-rd-rt" argument="--route-target"/> </constraint> + <multi/> </properties> </leafNode> <leafNode name="import"> @@ -39,6 +40,7 @@ <constraint> <validator name="bgp-rd-rt" argument="--route-target"/> </constraint> + <multi/> </properties> </leafNode> <leafNode name="export"> @@ -51,6 +53,7 @@ <constraint> <validator name="bgp-rd-rt" argument="--route-target"/> </constraint> + <multi/> </properties> </leafNode> </children> diff --git a/interface-definitions/vpn-openconnect.xml.in b/interface-definitions/vpn-openconnect.xml.in index bc7f78e79..3b3a83bd4 100644 --- a/interface-definitions/vpn-openconnect.xml.in +++ b/interface-definitions/vpn-openconnect.xml.in @@ -156,7 +156,7 @@ </leafNode> <leafNode name="groupconfig"> <properties> - <help>If the groupconfig option is set, then config-per-user will be overriden, and all configuration will be read from radius.</help> + <help>If the groupconfig option is set, then config-per-user will be overriden, and all configuration will be read from RADIUS.</help> </properties> </leafNode> </children> diff --git a/interface-definitions/vpn-pptp.xml.in b/interface-definitions/vpn-pptp.xml.in index 28a53acb9..5e52965fd 100644 --- a/interface-definitions/vpn-pptp.xml.in +++ b/interface-definitions/vpn-pptp.xml.in @@ -110,6 +110,7 @@ </node> #include <include/radius-server-ipv4.xml.i> #include <include/accel-ppp/radius-additions.xml.i> + #include <include/accel-ppp/radius-additions-rate-limit.xml.i> </children> </node> </children> diff --git a/op-mode-definitions/monitor-log.xml.in b/op-mode-definitions/monitor-log.xml.in index 975d20465..01462ad8f 100644 --- a/op-mode-definitions/monitor-log.xml.in +++ b/op-mode-definitions/monitor-log.xml.in @@ -237,7 +237,7 @@ </leafNode> <leafNode name="ipsec"> <properties> - <help>Monitor last lines of IPSec</help> + <help>Monitor last lines of IPsec</help> </properties> <command>journalctl --no-hostname --boot --follow --unit strongswan-starter.service</command> </leafNode> diff --git a/op-mode-definitions/show-log.xml.in b/op-mode-definitions/show-log.xml.in index ebd198215..8906d9ef3 100644 --- a/op-mode-definitions/show-log.xml.in +++ b/op-mode-definitions/show-log.xml.in @@ -384,7 +384,7 @@ </leafNode> <leafNode name="ipsec"> <properties> - <help>Show log for IPSec</help> + <help>Show log for IPsec</help> </properties> <command>journalctl --no-hostname --boot --unit strongswan-starter.service</command> </leafNode> diff --git a/op-mode-definitions/vpn-ipsec.xml.in b/op-mode-definitions/vpn-ipsec.xml.in index 8c9e76651..f1af65fcb 100644 --- a/op-mode-definitions/vpn-ipsec.xml.in +++ b/op-mode-definitions/vpn-ipsec.xml.in @@ -55,9 +55,9 @@ <children> <node name="vpn"> <properties> - <help>Restart IPSec VPN</help> + <help>Restart the IPsec VPN process</help> </properties> - <command>if pgrep charon >/dev/null ; then sudo ipsec restart ; sleep 3 ; sudo swanctl -q ; else echo "IPSec process not running" ; fi</command> + <command>if pgrep charon >/dev/null ; then sudo ipsec restart ; sleep 3 ; sudo swanctl -q ; else echo "IPsec process not running" ; fi</command> </node> </children> </node> @@ -134,7 +134,7 @@ </node> <node name="ipsec"> <properties> - <help>Show Internet Protocol Security (IPSec) information</help> + <help>Show Internet Protocol Security (IPsec) information</help> </properties> <children> <node name="policy"> @@ -151,19 +151,19 @@ </leafNode> <node name="sa"> <properties> - <help>Show all active IPSec Security Associations (SA)</help> + <help>Show all active IPsec Security Associations (SA)</help> </properties> <children> <!-- <node name="detail"> <properties> - <help>Show Detail on all active IPSec Security Associations (SA)</help> + <help>Show Detail on all active IPsec Security Associations (SA)</help> </properties> <command></command> </node> <tagNode name="stats"> <properties> - <help>Show statistics for all currently active IPSec Security Associations (SA)</help> + <help>Show statistics for all currently active IPsec Security Associations (SA)</help> <valueHelp> <format>txt</format> <description>Show Statistics for SAs associated with a specific peer</description> @@ -182,12 +182,12 @@ --> <node name="verbose"> <properties> - <help>Show Verbose Detail on all active IPSec Security Associations (SA)</help> + <help>Show Verbose Detail on all active IPsec Security Associations (SA)</help> </properties> - <command>if pgrep charon >/dev/null ; then sudo /usr/sbin/ipsec statusall ; else echo "IPSec process not running" ; fi</command> + <command>if pgrep charon >/dev/null ; then sudo /usr/sbin/ipsec statusall ; else echo "IPsec process not running" ; fi</command> </node> </children> - <command>if pgrep charon >/dev/null ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_sa ; else echo "IPSec process not running" ; fi</command> + <command>if pgrep charon >/dev/null ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_sa ; else echo "IPsec process not running" ; fi</command> </node> <node name="state"> <properties> @@ -197,9 +197,9 @@ </node> <node name="status"> <properties> - <help>Show status of IPSec process</help> + <help>Show status of IPsec process</help> </properties> - <command>if pgrep charon >/dev/null ; then echo -e "IPSec Process Running: $(pgrep charon)\n$(sudo /usr/sbin/ipsec status)" ; else echo "IPSec process not running" ; fi</command> + <command>if pgrep charon >/dev/null ; then echo -e "IPsec Process Running: $(pgrep charon)\n$(sudo /usr/sbin/ipsec status)" ; else echo "IPsec process not running" ; fi</command> </node> </children> </node> diff --git a/src/conf_mode/interfaces-wwan.py b/src/conf_mode/interfaces-wwan.py index 97b3a6396..a14a992ae 100755 --- a/src/conf_mode/interfaces-wwan.py +++ b/src/conf_mode/interfaces-wwan.py @@ -116,7 +116,7 @@ def generate(wwan): # disconnect - e.g. happens during RF signal loss. The script watches every # WWAN interface - so there is only one instance. if not os.path.exists(cron_script): - write_file(cron_script, '*/5 * * * * root /usr/libexec/vyos/vyos-check-wwan.py') + write_file(cron_script, '*/5 * * * * root /usr/libexec/vyos/vyos-check-wwan.py\n') return None diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py index c9061366d..77a425f8b 100755 --- a/src/conf_mode/vpn_ipsec.py +++ b/src/conf_mode/vpn_ipsec.py @@ -265,7 +265,7 @@ def verify(ipsec): ike = ra_conf['ike_group'] if dict_search(f'ike_group.{ike}.key_exchange', ipsec) != 'ikev2': - raise ConfigError('IPSec remote-access connections requires IKEv2!') + raise ConfigError('IPsec remote-access connections requires IKEv2!') else: raise ConfigError(f"Missing ike-group on {name} remote-access config") @@ -308,10 +308,10 @@ def verify(ipsec): for pool in ra_conf['pool']: if pool == 'dhcp': if dict_search('remote_access.dhcp.server', ipsec) == None: - raise ConfigError('IPSec DHCP server is not configured!') + raise ConfigError('IPsec DHCP server is not configured!') elif pool == 'radius': if dict_search('remote_access.radius.server', ipsec) == None: - raise ConfigError('IPSec RADIUS server is not configured!') + raise ConfigError('IPsec RADIUS server is not configured!') if dict_search('authentication.client_mode', ra_conf) != 'eap-radius': raise ConfigError('RADIUS IP pool requires eap-radius client authentication!') diff --git a/src/op_mode/ikev2_profile_generator.py b/src/op_mode/ikev2_profile_generator.py index 21561d16f..a22f04c45 100755 --- a/src/op_mode/ikev2_profile_generator.py +++ b/src/op_mode/ikev2_profile_generator.py @@ -119,7 +119,7 @@ config_base = ipsec_base + ['remote-access', 'connection'] pki_base = ['pki'] conf = ConfigTreeQuery() if not conf.exists(config_base): - exit('IPSec remote-access is not configured!') + exit('IPsec remote-access is not configured!') profile_name = 'VyOS IKEv2 Profile' if args.profile: @@ -131,7 +131,7 @@ if args.name: conn_base = config_base + [args.connection] if not conf.exists(conn_base): - exit(f'IPSec remote-access connection "{args.connection}" does not exist!') + exit(f'IPsec remote-access connection "{args.connection}" does not exist!') data = conf.get_config_dict(conn_base, key_mangling=('-', '_'), get_first_key=True, no_tag_node_value_mangle=True) @@ -178,7 +178,7 @@ for _, proposal in ike_proposal.items(): proposal['hash'] in set(vyos2client_integrity) and proposal['dh_group'] in set(supported_dh_groups)): - # We 're-code' from the VyOS IPSec proposals to the Apple naming scheme + # We 're-code' from the VyOS IPsec proposals to the Apple naming scheme proposal['encryption'] = vyos2client_cipher[ proposal['encryption'] ] proposal['hash'] = vyos2client_integrity[ proposal['hash'] ] @@ -191,7 +191,7 @@ count = 1 for _, proposal in esp_proposals.items(): if {'encryption', 'hash'} <= set(proposal): if proposal['encryption'] in set(vyos2client_cipher) and proposal['hash'] in set(vyos2client_integrity): - # We 're-code' from the VyOS IPSec proposals to the Apple naming scheme + # We 're-code' from the VyOS IPsec proposals to the Apple naming scheme proposal['encryption'] = vyos2client_cipher[ proposal['encryption'] ] proposal['hash'] = vyos2client_integrity[ proposal['hash'] ] diff --git a/src/op_mode/vpn_ike_sa.py b/src/op_mode/vpn_ike_sa.py index 00f34564a..4b44c5c15 100755 --- a/src/op_mode/vpn_ike_sa.py +++ b/src/op_mode/vpn_ike_sa.py @@ -71,7 +71,7 @@ if __name__ == '__main__': args = parser.parse_args() if not process_named_running('charon'): - print("IPSec Process NOT Running") + print("IPsec Process NOT Running") sys.exit(0) ike_sa(args.peer, args.nat) |