diff options
Diffstat (limited to 'data/templates/accel-ppp')
18 files changed, 440 insertions, 418 deletions
diff --git a/data/templates/accel-ppp/chap-secrets.config_dict.tmpl b/data/templates/accel-ppp/chap-secrets.config_dict.j2 index da64b64d5..51e66d57c 100644 --- a/data/templates/accel-ppp/chap-secrets.config_dict.tmpl +++ b/data/templates/accel-ppp/chap-secrets.config_dict.j2 @@ -1,12 +1,10 @@ # username server password acceptable local IP addresses shaper -{% if authentication is defined and authentication.local_users is defined and authentication.local_users.username is defined %} -{% for user, user_config in authentication.local_users.username.items() %} -{% if user_config.disabled is not defined %} -{% if user_config.rate_limit is defined %} +{% if authentication.local_users.username is vyos_defined %} +{% for user, user_config in authentication.local_users.username.items() if user_config.disabled is not vyos_defined %} +{% if user_config.rate_limit is vyos_defined %} {{ "%-12s" | format(user) }} * {{ "%-16s" | format(user_config.password) }} {{ "%-16s" | format(user_config.static_ip) }} {{ user_config.rate_limit.download }}/{{ user_config.rate_limit.upload }} -{% else %} +{% else %} {{ "%-12s" | format(user) }} * {{ "%-16s" | format(user_config.password) }} {{ "%-16s" | format(user_config.static_ip) }} -{% endif %} -{% endif %} -{% endfor %} +{% endif %} +{% endfor %} {% endif %} diff --git a/data/templates/accel-ppp/chap-secrets.ipoe.tmpl b/data/templates/accel-ppp/chap-secrets.ipoe.j2 index 1df878fcf..a1430ec22 100644 --- a/data/templates/accel-ppp/chap-secrets.ipoe.tmpl +++ b/data/templates/accel-ppp/chap-secrets.ipoe.j2 @@ -1,18 +1,18 @@ # username server password acceptable local IP addresses shaper {% for interface in auth_interfaces %} -{% for mac in interface.mac %} -{% if mac.rate_upload and mac.rate_download %} -{% if mac.vlan_id %} +{% for mac in interface.mac %} +{% if mac.rate_upload and mac.rate_download %} +{% if mac.vlan_id %} {{ interface.name }}.{{ mac.vlan_id }} * {{ mac.address | lower }} * {{ mac.rate_download }}/{{ mac.rate_upload }} -{% else %} +{% else %} {{ interface.name }} * {{ mac.address | lower }} * {{ mac.rate_download }}/{{ mac.rate_upload }} -{% endif %} -{% else %} -{% if mac.vlan_id %} +{% endif %} +{% else %} +{% if mac.vlan_id %} {{ interface.name }}.{{ mac.vlan_id }} * {{ mac.address | lower }} * -{% else %} +{% else %} {{ interface.name }} * {{ mac.address | lower }} * -{% endif %} -{% endif %} -{% endfor %} +{% endif %} +{% endif %} +{% endfor %} {% endfor %} diff --git a/data/templates/accel-ppp/chap-secrets.tmpl b/data/templates/accel-ppp/chap-secrets.j2 index 6cace5401..cc3ddc28f 100644 --- a/data/templates/accel-ppp/chap-secrets.tmpl +++ b/data/templates/accel-ppp/chap-secrets.j2 @@ -1,10 +1,10 @@ # username server password acceptable local IP addresses shaper {% for user in local_users %} -{% if user.state == 'enabled' %} -{% if user.upload and user.download %} +{% if user.state == 'enabled' %} +{% if user.upload and user.download %} {{ "%-12s" | format(user.name) }} * {{ "%-16s" | format(user.password) }} {{ "%-16s" | format(user.ip) }} {{ user.download }}/{{ user.upload }} -{% else %} +{% else %} {{ "%-12s" | format(user.name) }} * {{ "%-16s" | format(user.password) }} {{ "%-16s" | format(user.ip) }} -{% endif %} -{% endif %} +{% endif %} +{% endif %} {% endfor %} diff --git a/data/templates/accel-ppp/config_chap_secrets_radius.j2 b/data/templates/accel-ppp/config_chap_secrets_radius.j2 index 49af3a228..bb820497b 100644 --- a/data/templates/accel-ppp/config_chap_secrets_radius.j2 +++ b/data/templates/accel-ppp/config_chap_secrets_radius.j2 @@ -1,33 +1,33 @@ -{% if authentication.mode is defined and authentication.mode == 'local' %} +{% if authentication.mode is vyos_defined('local') %} [chap-secrets] chap-secrets={{ chap_secrets_file }} -{% elif authentication.mode is defined and authentication.mode == 'radius' %} +{% elif authentication.mode is vyos_defined('radius') %} [radius] verbose=1 -{% for server, options in authentication.radius.server.items() if not options.disable is defined %} +{% for server, options in authentication.radius.server.items() if not options.disable is vyos_defined %} server={{ server }},{{ options.key }},auth-port={{ options.port }},acct-port={{ options.acct_port }},req-limit=0,fail-time={{ options.fail_time }} -{% endfor %} -{% if authentication.radius.acct_interim_jitter is defined and authentication.radius.acct_interim_jitter is not none %} +{% endfor %} +{% if authentication.radius.acct_interim_jitter is vyos_defined %} acct-interim-jitter={{ authentication.radius.acct_interim_jitter }} -{% endif %} +{% endif %} acct-timeout={{ authentication.radius.acct_timeout }} timeout={{ authentication.radius.timeout }} max-try={{ authentication.radius.max_try }} -{% if authentication.radius.nas_identifier is defined and authentication.radius.nas_identifier is not none %} +{% if authentication.radius.nas_identifier is vyos_defined %} nas-identifier={{ authentication.radius.nas_identifier }} -{% endif %} -{% if authentication.radius.nas_ip_address is defined and authentication.radius.nas_ip_address is not none %} +{% endif %} +{% if authentication.radius.nas_ip_address is vyos_defined %} nas-ip-address={{ authentication.radius.nas_ip_address }} -{% endif %} -{% if authentication.radius.source_address is defined and authentication.radius.source_address is not none %} +{% endif %} +{% if authentication.radius.source_address is vyos_defined %} bind={{ authentication.radius.source_address }} -{% endif %} -{% if authentication.radius.dynamic_author.server is defined and authentication.radius.dynamic_author.server is not none %} +{% endif %} +{% if authentication.radius.dynamic_author.server is vyos_defined %} dae-server={{ authentication.radius.dynamic_author.server }}:{{ authentication.radius.dynamic_author.port }},{{ authentication.radius.dynamic_author.key }} -{% endif %} +{% endif %} {% endif %} {# Both chap-secrets and radius block required the gw-ip-address #} -{% if gateway_address is defined and gateway_address is not none %} +{% if gateway_address is vyos_defined %} gw-ip-address={{ gateway_address }} {% endif %} diff --git a/data/templates/accel-ppp/config_ip_pool.j2 b/data/templates/accel-ppp/config_ip_pool.j2 index 3b0f68084..0bef4ad69 100644 --- a/data/templates/accel-ppp/config_ip_pool.j2 +++ b/data/templates/accel-ppp/config_ip_pool.j2 @@ -1,14 +1,14 @@ -{% if client_ip_pool is defined and client_ip_pool is not none %} +{% if client_ip_pool is vyos_defined %} [ip-pool] -{% if gateway_address is defined and gateway_address is not none %} +{% if gateway_address is vyos_defined %} gw-ip-address={{ gateway_address }} -{% endif %} -{% if client_ip_pool.start is defined and client_ip_pool.stop is defined and client_ip_pool.start is not none and client_ip_pool.stop is not none %} +{% endif %} +{% if client_ip_pool.start is vyos_defined and client_ip_pool.stop is vyos_defined %} {{ client_ip_pool.start }}-{{ client_ip_pool.stop.split('.')[3] }} -{% endif %} -{% if client_ip_pool.subnet is defined and client_ip_pool.subnet is not none %} -{% for subnet in client_ip_pool.subnet %} +{% endif %} +{% if client_ip_pool.subnet is vyos_defined %} +{% for subnet in client_ip_pool.subnet %} {{ subnet }} -{% endfor %} -{% endif %} +{% endfor %} +{% endif %} {% endif %} diff --git a/data/templates/accel-ppp/config_ipv6_pool.j2 b/data/templates/accel-ppp/config_ipv6_pool.j2 index f45bf9442..953469577 100644 --- a/data/templates/accel-ppp/config_ipv6_pool.j2 +++ b/data/templates/accel-ppp/config_ipv6_pool.j2 @@ -1,20 +1,20 @@ -{% if client_ipv6_pool is defined and client_ipv6_pool is not none %} +{% if client_ipv6_pool is vyos_defined %} [ipv6-nd] AdvAutonomousFlag=1 -{% if client_ipv6_pool.prefix is defined and client_ipv6_pool.prefix is not none %} +{% if client_ipv6_pool.prefix is vyos_defined %} [ipv6-pool] -{% for prefix, options in client_ipv6_pool.prefix.items() %} +{% for prefix, options in client_ipv6_pool.prefix.items() %} {{ prefix }},{{ options.mask }} -{% endfor %} -{% if client_ipv6_pool.delegate is defined and client_ipv6_pool.delegate is not none %} -{% for prefix, options in client_ipv6_pool.delegate.items() %} +{% endfor %} +{% if client_ipv6_pool.delegate is vyos_defined %} +{% for prefix, options in client_ipv6_pool.delegate.items() %} delegate={{ prefix }},{{ options.delegation_prefix }} -{% endfor %} +{% endfor %} +{% endif %} {% endif %} -{% endif %} -{% if client_ipv6_pool.delegate is defined and client_ipv6_pool.delegate is not none %} +{% if client_ipv6_pool.delegate is vyos_defined %} [ipv6-dhcp] verbose=1 -{% endif %} +{% endif %} {% endif %} diff --git a/data/templates/accel-ppp/config_modules_auth_mode.j2 b/data/templates/accel-ppp/config_modules_auth_mode.j2 index e3d578b38..3fb8a011f 100644 --- a/data/templates/accel-ppp/config_modules_auth_mode.j2 +++ b/data/templates/accel-ppp/config_modules_auth_mode.j2 @@ -1,5 +1,5 @@ -{% if authentication is defined and authentication.mode is defined and authentication.mode == 'local' %} +{% if authentication.mode is vyos_defined('local') %} chap-secrets -{% elif authentication is defined and authentication.mode is defined and authentication.mode == 'radius' %} +{% elif authentication.mode is vyos_defined('radius') %} radius {% endif %} diff --git a/data/templates/accel-ppp/config_modules_auth_protocols.j2 b/data/templates/accel-ppp/config_modules_auth_protocols.j2 index 454d37792..285468406 100644 --- a/data/templates/accel-ppp/config_modules_auth_protocols.j2 +++ b/data/templates/accel-ppp/config_modules_auth_protocols.j2 @@ -1,10 +1,10 @@ {% for protocol in authentication.protocols %} {# this should be fixed in the CLI by a migrator #} -{% if protocol == 'chap' %} +{% if protocol == 'chap' %} auth_chap_md5 -{% elif protocol == 'mschap' %} +{% elif protocol == 'mschap' %} auth_mschap_v1 -{% else %} +{% else %} auth_{{ protocol.replace('-', '_') }} -{% endif %} +{% endif %} {% endfor %} diff --git a/data/templates/accel-ppp/config_modules_ipv6.j2 b/data/templates/accel-ppp/config_modules_ipv6.j2 index 02740ce7c..6174779a5 100644 --- a/data/templates/accel-ppp/config_modules_ipv6.j2 +++ b/data/templates/accel-ppp/config_modules_ipv6.j2 @@ -1,4 +1,4 @@ -{% if ppp_options.ipv6 is defined and ppp_options.ipv6 != 'deny' %} +{% if ppp_options.ipv6 is vyos_defined and ppp_options.ipv6 is not vyos_defined('deny') %} ipv6pool ipv6_nd ipv6_dhcp diff --git a/data/templates/accel-ppp/config_name_server.j2 b/data/templates/accel-ppp/config_name_server.j2 index 2bf064f92..9c745fe62 100644 --- a/data/templates/accel-ppp/config_name_server.j2 +++ b/data/templates/accel-ppp/config_name_server.j2 @@ -1,13 +1,13 @@ -{% if name_server_ipv4 is defined and name_server_ipv4 is not none %} +{% if name_server_ipv4 is vyos_defined %} [dns] -{% for ns in name_server_ipv4 %} +{% for ns in name_server_ipv4 %} dns{{ loop.index }}={{ ns }} -{% endfor %} +{% endfor %} {% endif %} -{% if name_server_ipv6 is defined and name_server_ipv6 is not none %} +{% if name_server_ipv6 is vyos_defined %} [ipv6-dns] -{% for ns in name_server_ipv6 %} +{% for ns in name_server_ipv6 %} {{ ns }} -{% endfor %} +{% endfor %} {% endif %} diff --git a/data/templates/accel-ppp/config_shaper_radius.j2 b/data/templates/accel-ppp/config_shaper_radius.j2 index 8de5f5df3..942cdf132 100644 --- a/data/templates/accel-ppp/config_shaper_radius.j2 +++ b/data/templates/accel-ppp/config_shaper_radius.j2 @@ -1,10 +1,13 @@ -{% if authentication is defined and authentication.mode is defined and authentication.mode == 'radius' %} -{% if authentication is defined and authentication.radius is defined and authentication.radius.rate_limit is defined and authentication.radius.rate_limit.enable is defined %} +{% if authentication.mode is vyos_defined('radius') %} +{% if authentication.radius.rate_limit.enable is vyos_defined %} [shaper] verbose=1 attr={{ authentication.radius.rate_limit.attribute }} -{% if authentication.radius.rate_limit.vendor is defined and authentication.radius.rate_limit.vendor is not none %} +{% if authentication.radius.rate_limit.vendor is vyos_defined %} vendor={{ authentication.radius.rate_limit.vendor }} +{% endif %} +{% if authentication.radius.rate_limit.multiplier is vyos_defined %} +rate-multiplier={{ authentication.radius.rate_limit.multiplier }} +{% endif %} {% endif %} -{% endif %} {% endif %} diff --git a/data/templates/accel-ppp/ipoe.config.j2 b/data/templates/accel-ppp/ipoe.config.j2 new file mode 100644 index 000000000..3c0d47b27 --- /dev/null +++ b/data/templates/accel-ppp/ipoe.config.j2 @@ -0,0 +1,142 @@ +{# j2lint: disable=operator-enclosed-by-spaces #} +### generated by ipoe.py ### +[modules] +log_syslog +ipoe +shaper +ipv6pool +ipv6_nd +ipv6_dhcp +ippool +{% if auth_mode == 'radius' %} +radius +{% elif auth_mode == 'local' %} +chap-secrets +{% endif %} + +[core] +thread-count={{ thread_cnt }} + +[log] +syslog=accel-ipoe,daemon +copy=1 +level=5 + +[ipoe] +verbose=1 +{% for interface in interfaces %} +{% set tmp = 'interface=' %} +{% if interface.vlan_mon %} +{% set tmp = tmp ~ 're:' ~ interface.name ~ '\.\d+' %} +{% else %} +{% set tmp = tmp ~ interface.name %} +{% endif %} +{{ tmp }},shared={{ interface.shared }},mode={{ interface.mode }},ifcfg={{ interface.ifcfg }}{{ ',range=' ~ interface.range if interface.range is defined and interface.range is not none }},start={{ interface.sess_start }},ipv6=1 +{% endfor %} +{% if auth_mode == 'noauth' %} +noauth=1 +{% if client_named_ip_pool %} +{% for pool in client_named_ip_pool %} +{% if pool.subnet is defined %} +ip-pool={{ pool.name }} +{% endif %} +{% if pool.gateway_address is defined %} +gw-ip-address={{ pool.gateway_address }}/{{ pool.subnet.split('/')[1] }} +{% endif %} +{% endfor %} +{% endif %} +{% elif auth_mode == 'local' %} +username=ifname +password=csid +{% endif %} +proxy-arp=1 + +{% for interface in interfaces %} +{% if (interface.shared == '0') and (interface.vlan_mon) %} +vlan-mon={{ interface.name }},{{ interface.vlan_mon | join(',') }} +{% endif %} +{% endfor %} + +{% if dnsv4 %} +[dns] +{% for dns in dnsv4 %} +dns{{ loop.index }}={{ dns }} +{% endfor %} +{% endif %} + +{% if dnsv6 %} +[ipv6-dns] +{% for dns in dnsv6 %} +{{ dns }} +{% endfor %} +{% endif %} + +[ipv6-nd] +verbose=1 + +[ipv6-dhcp] +verbose=1 + +{% if client_named_ip_pool %} +[ip-pool] +{% for pool in client_named_ip_pool %} +{% if pool.subnet is defined %} +{{ pool.subnet }},name={{ pool.name }} +{% endif %} +{% if pool.gateway_address is defined %} +gw-ip-address={{ pool.gateway_address }}/{{ pool.subnet.split('/')[1] }} +{% endif %} +{% endfor %} +{% endif %} + +{% if client_ipv6_pool %} +[ipv6-pool] +{% for p in client_ipv6_pool %} +{{ p.prefix }},{{ p.mask }} +{% endfor %} +{% for p in client_ipv6_delegate_prefix %} +delegate={{ p.prefix }},{{ p.mask }} +{% endfor %} +{% endif %} + +{% if auth_mode == 'local' %} +[chap-secrets] +chap-secrets={{ chap_secrets_file }} +{% elif auth_mode == 'radius' %} +[radius] +verbose=1 +{% for r in radius_server %} +server={{ r.server }},{{ r.key }},auth-port={{ r.port }},acct-port={{ r.acct_port }},req-limit=0,fail-time={{ r.fail_time }} +{% endfor %} + +{% if radius_acct_inter_jitter %} +acct-interim-jitter={{ radius_acct_inter_jitter }} +{% endif %} + +acct-timeout={{ radius_acct_tmo }} +timeout={{ radius_timeout }} +max-try={{ radius_max_try }} +{% if radius_nas_id %} +nas-identifier={{ radius_nas_id }} +{% endif %} +{% if radius_nas_ip %} +nas-ip-address={{ radius_nas_ip }} +{% endif %} +{% if radius_source_address %} +bind={{ radius_source_address }} +{% endif %} +{% if radius_dynamic_author %} +dae-server={{ radius_dynamic_author.server }}:{{ radius_dynamic_author.port }},{{ radius_dynamic_author.key }} +{% endif %} +{% if radius_shaper_attr %} +[shaper] +verbose=1 +attr={{ radius_shaper_attr }} +{% if radius_shaper_vendor %} +vendor={{ radius_shaper_vendor }} +{% endif %} +{% endif %} +{% endif %} + +[cli] +tcp=127.0.0.1:2002 diff --git a/data/templates/accel-ppp/ipoe.config.tmpl b/data/templates/accel-ppp/ipoe.config.tmpl deleted file mode 100644 index 1cf2ab0be..000000000 --- a/data/templates/accel-ppp/ipoe.config.tmpl +++ /dev/null @@ -1,116 +0,0 @@ -### generated by ipoe.py ### -[modules] -log_syslog -ipoe -shaper -ipv6pool -ipv6_nd -ipv6_dhcp -ippool -{% if auth_mode == 'radius' %} -radius -{% elif auth_mode == 'local' %} -chap-secrets -{% endif %} - -[core] -thread-count={{ thread_cnt }} - -[log] -syslog=accel-ipoe,daemon -copy=1 -level=5 - -[ipoe] -verbose=1 -{% for interface in interfaces %} -{% if interface.vlan_mon %} -interface=re:{{ interface.name }}\.\d+,{% else %}interface={{ interface.name }},{% endif %}shared={{ interface.shared }},mode={{ interface.mode }},ifcfg={{ interface.ifcfg }},range={{ interface.range }},start={{ interface.sess_start }},ipv6=1 -{% endfor %} -{% if auth_mode == 'noauth' %} -noauth=1 -{% elif auth_mode == 'local' %} -username=ifname -password=csid -{% endif %} -proxy-arp=1 - -{% for interface in interfaces %} -{% if (interface.shared == '0') and (interface.vlan_mon) %} -vlan-mon={{ interface.name }},{{ interface.vlan_mon | join(',') }} -{% endif %} -{% endfor %} - -{% if dnsv4 %} -[dns] -{% for dns in dnsv4 %} -dns{{ loop.index }}={{ dns }} -{% endfor %} -{% endif %} - -{% if dnsv6 %} -[ipv6-dns] -{% for dns in dnsv6 %} -{{ dns }} -{% endfor %} -{% endif %} - -[ipv6-nd] -verbose=1 - -[ipv6-dhcp] -verbose=1 - -{% if client_ipv6_pool %} -[ipv6-pool] -{% for p in client_ipv6_pool %} -{{ p.prefix }},{{ p.mask }} -{% endfor %} -{% for p in client_ipv6_delegate_prefix %} -delegate={{ p.prefix }},{{ p.mask }} -{% endfor %} -{% endif %} - -{% if auth_mode == 'local' %} -[chap-secrets] -chap-secrets={{ chap_secrets_file }} -{% elif auth_mode == 'radius' %} -[radius] -verbose=1 -{% for r in radius_server %} -server={{ r.server }},{{ r.key }},auth-port={{ r.port }},acct-port={{ r.acct_port }},req-limit=0,fail-time={{ r.fail_time }} -{% endfor %} - -{% if radius_acct_inter_jitter %} -acct-interim-jitter={{ radius_acct_inter_jitter }} -{% endif %} - -acct-timeout={{ radius_acct_tmo }} -timeout={{ radius_timeout }} -max-try={{ radius_max_try }} -{% if radius_nas_id %} -nas-identifier={{ radius_nas_id }} -{% endif %} -{% if radius_nas_ip %} -nas-ip-address={{ radius_nas_ip }} -{% endif %} -{% if radius_source_address %} -bind={{ radius_source_address }} -{% endif %} - -{% if radius_dynamic_author %} -dae-server={{ radius_dynamic_author.server }}:{{ radius_dynamic_author.port }},{{ radius_dynamic_author.key }} -{% endif %} - -{% if radius_shaper_attr %} -[shaper] -verbose=1 -attr={{ radius_shaper_attr }} -{% if radius_shaper_vendor %} -vendor={{ radius_shaper_vendor }} -{% endif %} -{% endif %} -{% endif %} - -[cli] -tcp=127.0.0.1:2002 diff --git a/data/templates/accel-ppp/l2tp.config.tmpl b/data/templates/accel-ppp/l2tp.config.j2 index 9fcda76d4..9eeaf7622 100644 --- a/data/templates/accel-ppp/l2tp.config.tmpl +++ b/data/templates/accel-ppp/l2tp.config.j2 @@ -3,9 +3,9 @@ log_syslog l2tp chap-secrets -{% for proto in auth_proto: %} -{{proto}} -{% endfor%} +{% for proto in auth_proto %} +{{ proto }} +{% endfor %} {% if auth_mode == 'radius' %} radius @@ -18,7 +18,7 @@ ipv6_nd ipv6_dhcp [core] -thread-count={{thread_cnt}} +thread-count={{ thread_cnt }} [log] syslog=accel-l2tp,daemon @@ -27,23 +27,23 @@ level=5 {% if dnsv4 %} [dns] -{% for dns in dnsv4 %} +{% for dns in dnsv4 %} dns{{ loop.index }}={{ dns }} -{% endfor %} +{% endfor %} {% endif %} {% if dnsv6 %} [ipv6-dns] -{% for dns in dnsv6 %} +{% for dns in dnsv6 %} {{ dns }} -{% endfor %} +{% endfor %} {% endif %} {% if wins %} [wins] -{% for server in wins %} +{% for server in wins %} wins{{ loop.index }}={{ server }} -{% endfor %} +{% endfor %} {% endif %} [l2tp] @@ -66,14 +66,14 @@ host-name={{ lns_host_name }} {% if client_ip_pool or client_ip_subnets %} [ip-pool] -{% if client_ip_pool %} +{% if client_ip_pool %} {{ client_ip_pool }} -{% endif %} -{% if client_ip_subnets %} -{% for sn in client_ip_subnets %} -{{sn}} -{% endfor %} -{% endif %} +{% endif %} +{% if client_ip_subnets %} +{% for sn in client_ip_subnets %} +{{ sn }} +{% endfor %} +{% endif %} {% endif %} {% if gateway_address %} gw-ip-address={{ gateway_address }} @@ -85,27 +85,24 @@ chap-secrets={{ chap_secrets_file }} {% elif auth_mode == 'radius' %} [radius] verbose=1 -{% for r in radius_server %} +{% for r in radius_server %} server={{ r.server }},{{ r.key }},auth-port={{ r.port }},acct-port={{ r.acct_port }},req-limit=0,fail-time={{ r.fail_time }} -{% endfor %} - -{% if radius_acct_inter_jitter %} +{% endfor %} +{% if radius_acct_inter_jitter %} acct-interim-jitter={{ radius_acct_inter_jitter }} -{% endif %} - +{% endif %} acct-timeout={{ radius_acct_tmo }} timeout={{ radius_timeout }} max-try={{ radius_max_try }} - -{% if radius_nas_id %} +{% if radius_nas_id %} nas-identifier={{ radius_nas_id }} -{% endif %} -{% if radius_nas_ip %} +{% endif %} +{% if radius_nas_ip %} nas-ip-address={{ radius_nas_ip }} -{% endif %} -{% if radius_source_address %} +{% endif %} +{% if radius_source_address %} bind={{ radius_source_address }} -{% endif %} +{% endif %} {% endif %} {% if gateway_address %} gw-ip-address={{ gateway_address }} @@ -128,12 +125,12 @@ ipv6=allow {% if client_ipv6_pool %} [ipv6-pool] -{% for p in client_ipv6_pool %} +{% for p in client_ipv6_pool %} {{ p.prefix }},{{ p.mask }} -{% endfor %} -{% for p in client_ipv6_delegate_prefix %} +{% endfor %} +{% for p in client_ipv6_delegate_prefix %} delegate={{ p.prefix }},{{ p.mask }} -{% endfor %} +{% endfor %} {% endif %} {% if client_ipv6_delegate_prefix %} @@ -145,9 +142,9 @@ verbose=1 [shaper] verbose=1 attr={{ radius_shaper_attr }} -{% if radius_shaper_vendor %} +{% if radius_shaper_vendor %} vendor={{ radius_shaper_vendor }} -{% endif %} +{% endif %} {% endif %} [cli] diff --git a/data/templates/accel-ppp/pppoe.config.j2 b/data/templates/accel-ppp/pppoe.config.j2 new file mode 100644 index 000000000..0a92e2d54 --- /dev/null +++ b/data/templates/accel-ppp/pppoe.config.j2 @@ -0,0 +1,172 @@ +### generated by accel_pppoe.py ### +[modules] +log_syslog +pppoe +shaper +{# Common authentication backend definitions #} +{% include 'accel-ppp/config_modules_auth_mode.j2' %} +ippool +{# Common IPv6 definitions #} +{% include 'accel-ppp/config_modules_ipv6.j2' %} +{# Common authentication protocols (pap, chap ...) #} +{% include 'accel-ppp/config_modules_auth_protocols.j2' %} + +{% if snmp is vyos_defined %} +net-snmp +{% endif %} +{% if limits is vyos_defined %} +connlimit +{% endif %} +{% if extended_scripts is vyos_defined %} +sigchld +pppd_compat +{% endif %} + +[core] +thread-count={{ thread_count }} + +[log] +syslog=accel-pppoe,daemon +copy=1 +level=5 + +{% if snmp.master_agent is vyos_defined %} +[snmp] +master=1 +{% endif %} + +[client-ip-range] +disable + +{# Common IP pool definitions #} +{% include 'accel-ppp/config_ip_pool.j2' %} + +{# Common IPv6 pool definitions #} +{% include 'accel-ppp/config_ipv6_pool.j2' %} + +{# Common DNS name-server definition #} +{% include 'accel-ppp/config_name_server.j2' %} + +{% if wins_server is vyos_defined %} +[wins] +{% for server in wins_server %} +wins{{ loop.index }}={{ server }} +{% endfor %} +{% endif %} + +{# Common chap-secrets and RADIUS server/option definitions #} +{% include 'accel-ppp/config_chap_secrets_radius.j2' %} + +{% if session_control is vyos_defined and session_control is not vyos_defined('disable') %} +[common] +single-session={{ session_control }} +{% endif %} + +[ppp] +verbose=1 +check-ip=1 +ccp={{ "1" if ppp_options.ccp is vyos_defined else "0" }} +unit-preallocate={{ "1" if authentication.radius.preallocate_vif is vyos_defined else "0" }} +{% if ppp_options.min_mtu is vyos_defined %} +min-mtu={{ ppp_options.min_mtu }} +{% else %} +min-mtu={{ mtu }} +{% endif %} +{% if ppp_options.mru is vyos_defined %} +mru={{ ppp_options.mru }} +{% endif %} +mppe={{ ppp_options.mppe }} +lcp-echo-interval={{ ppp_options.lcp_echo_interval }} +lcp-echo-timeout={{ ppp_options.lcp_echo_timeout }} +lcp-echo-failure={{ ppp_options.lcp_echo_failure }} +{% if ppp_options.ipv4 is vyos_defined %} +ipv4={{ ppp_options.ipv4 }} +{% endif %} +{# IPv6 #} +{% if ppp_options.ipv6 is vyos_defined %} +ipv6={{ ppp_options.ipv6 }} +{% if ppp_options.ipv6_intf_id is vyos_defined %} +ipv6-intf-id={{ ppp_options.ipv6_intf_id }} +{% endif %} +{% if ppp_options.ipv6_peer_intf_id is vyos_defined %} +ipv6-peer-intf-id={{ ppp_options.ipv6_peer_intf_id }} +{% endif %} +ipv6-accept-peer-intf-id={{ "1" if ppp_options.ipv6_accept_peer_intf_id is vyos_defined else "0" }} +{% endif %} +{# MTU #} +mtu={{ mtu }} +{% if ppp_options.interface_cache is vyos_defined %} +unit-cache={{ ppp_options.interface_cache }} +{% endif %} + +[pppoe] +verbose=1 +ac-name={{ access_concentrator }} + +{% if interface is vyos_defined %} +{% for iface, iface_config in interface.items() %} +{% if iface_config.vlan_id is not vyos_defined and iface_config.vlan_range is not vyos_defined %} +interface={{ iface }} +{% endif %} +{% if iface_config.vlan_range is vyos_defined %} +{% for regex in iface_config.regex %} +interface=re:^{{ iface | replace('.', '\\.') }}\.({{ regex }})$ +{% endfor %} +vlan-mon={{ iface }},{{ iface_config.vlan_range | join(',') }} +{% endif %} +{% if iface_config.vlan_id is vyos_defined %} +{% for vlan in iface_config.vlan_id %} +vlan-mon={{ iface }},{{ vlan }} +interface=re:^{{ iface | replace('.', '\\.') }}\.{{ vlan }}$ +{% endfor %} +{% endif %} +{% endfor %} +{% endif %} + +{% if service_name %} +service-name={{ service_name | join(',') }} +{% endif %} + +{% if pado_delay %} +{% set pado_delay_param = namespace(value='0') %} +{% for delay in pado_delay | sort(attribute='0') %} +{% if not loop.last %} +{% set pado_delay_param.value = pado_delay_param.value + ',' + delay + ':' + pado_delay[delay].sessions %} +{% else %} +{% set pado_delay_param.value = pado_delay_param.value + ',-1:' + pado_delay[delay].sessions %} +{% endif %} +{% endfor %} +pado-delay={{ pado_delay_param.value }} +{% endif %} +{% if authentication.radius.called_sid_format is vyos_defined %} +called-sid={{ authentication.radius.called_sid_format }} +{% endif %} + +{% if limits is vyos_defined %} +[connlimit] +{% if limits.connection_limit is vyos_defined %} +limit={{ limits.connection_limit }} +{% endif %} +{% if limits.burst is vyos_defined %} +burst={{ limits.burst }} +{% endif %} +{% if limits.timeout is vyos_defined %} +timeout={{ limits.timeout }} +{% endif %} +{% endif %} + +{# Common RADIUS shaper configuration #} +{% include 'accel-ppp/config_shaper_radius.j2' %} + +{% if extended_scripts is vyos_defined %} +[pppd-compat] +verbose=1 +radattr-prefix=/run/accel-pppd/radattr +{% set script_name = {'on_up': 'ip-up', 'on_down': 'ip-down', 'on_change':'ip-change', 'on_pre_up':'ip-pre-up'} %} +{% for script in extended_scripts %} +{{ script_name[script] }}={{ extended_scripts[script] }} +{% endfor %} +{% endif %} + +[cli] +tcp=127.0.0.1:2001 diff --git a/data/templates/accel-ppp/pppoe.config.tmpl b/data/templates/accel-ppp/pppoe.config.tmpl deleted file mode 100644 index 238e7ee15..000000000 --- a/data/templates/accel-ppp/pppoe.config.tmpl +++ /dev/null @@ -1,174 +0,0 @@ -### generated by accel_pppoe.py ### -[modules] -log_syslog -pppoe -shaper -{# Common authentication backend definitions #} -{% include 'accel-ppp/config_modules_auth_mode.j2' %} -ippool -{# Common IPv6 definitions #} -{% include 'accel-ppp/config_modules_ipv6.j2' %} -{# Common authentication protocols (pap, chap ...) #} -{% include 'accel-ppp/config_modules_auth_protocols.j2' %} - -{% if snmp is defined %} -net-snmp -{% endif %} -{% if limits is defined %} -connlimit -{% endif %} -{% if extended_scripts is defined %} -sigchld -pppd_compat -{% endif %} - -[core] -thread-count={{ thread_count }} - -[log] -syslog=accel-pppoe,daemon -copy=1 -level=5 - -{% if snmp is defined and snmp.master_agent is defined %} -[snmp] -master=1 -{% endif %} - -[client-ip-range] -disable - -{# Common IP pool definitions #} -{% include 'accel-ppp/config_ip_pool.j2' %} - -{# Common IPv6 pool definitions #} -{% include 'accel-ppp/config_ipv6_pool.j2' %} - -{# Common DNS name-server definition #} -{% include 'accel-ppp/config_name_server.j2' %} - -{% if wins_server is defined and wins_server is not none %} -[wins] -{% for server in wins_server %} -wins{{ loop.index }}={{ server }} -{% endfor %} -{% endif %} - -{# Common chap-secrets and RADIUS server/option definitions #} -{% include 'accel-ppp/config_chap_secrets_radius.j2' %} - -{% if session_control is defined and session_control != 'disable' %} -[common] -single-session={{ session_control }} -{% endif %} - -[ppp] -verbose=1 -check-ip=1 -ccp={{ "1" if ppp_options.ccp is defined else "0" }} -unit-preallocate={{ "1" if authentication.radius.preallocate_vif is defined else "0" }} -{% if ppp_options.min_mtu is defined and ppp_options.min_mtu is not none %} -min-mtu={{ ppp_options.min_mtu }} -{% else %} -min-mtu={{ mtu }} -{% endif %} -{% if ppp_options.mru is defined and ppp_options.mru is not none %} -mru={{ ppp_options.mru }} -{% endif %} -mppe={{ ppp_options.mppe }} -lcp-echo-interval={{ ppp_options.lcp_echo_interval }} -lcp-echo-timeout={{ ppp_options.lcp_echo_timeout }} -lcp-echo-failure={{ ppp_options.lcp_echo_failure }} -{% if ppp_options.ipv4 is defined and ppp_options.ipv4 is not none %} -ipv4={{ ppp_options.ipv4 }} -{% endif %} -{# IPv6 #} -{% if ppp_options.ipv6 is defined and ppp_options.ipv6 is not none %} -ipv6={{ ppp_options.ipv6 }} -{% if ppp_options.ipv6_intf_id is defined and ppp_options.ipv6_intf_id is not none %} -ipv6-intf-id={{ ppp_options.ipv6_intf_id }} -{% endif %} -{% if ppp_options.ipv6_peer_intf_id is defined and ppp_options.ipv6_peer_intf_id is not none %} -ipv6-peer-intf-id={{ ppp_options.ipv6_peer_intf_id }} -{% endif %} -ipv6-accept-peer-intf-id={{ "1" if ppp_options.ipv6_accept_peer_intf_id is defined else "0" }} -{% endif %} -{# MTU #} -mtu={{ mtu }} -{% if ppp_options.interface_cache is defined and ppp_options.interface_cache is not none %} -unit-cache={{ ppp_options.interface_cache }} -{% endif %} - -[pppoe] -verbose=1 -ac-name={{ access_concentrator }} - -{% if interface is defined and interface is not none %} -{% for iface, iface_config in interface.items() %} -{% if iface_config.vlan_id is not defined and iface_config.vlan_range is not defined %} -interface={{ iface }} -{% endif %} -{% if iface_config.vlan_id is defined and iface_config.vlan_range is not defined %} -{% for vlan in iface_config.vlan_id %} -interface={{ iface }}.{{ vlan }} -vlan-mon={{ iface }},{{ vlan }} -{% endfor %} -{% endif %} -{% if iface_config.vlan_range is defined and iface_config.vlan_id is not defined %} -vlan-mon={{ iface }},{{ iface_config.vlan_range | join(',') }} -interface=re:{{ iface | replace('.', '\\.') }}\.\d+ -{% endif %} -{% if iface_config.vlan_id is defined and iface_config.vlan_range is defined %} -vlan-mon={{ iface }},{{ iface_config.vlan_id | join(',') }},{{ iface_config.vlan_range | join(',') }} -interface=re:{{ iface | replace('.', '\\.') }}\.\d+ -{% endif %} -{% endfor %} -{% endif %} - -{% if service_name %} -service-name={{ service_name | join(',') }} -{% endif %} - -{% if pado_delay %} -{% set pado_delay_param = namespace(value='0') %} -{% for delay in pado_delay|sort(attribute='0') %} -{% if not loop.last %} -{% set pado_delay_param.value = pado_delay_param.value + ',' + delay + ':' + pado_delay[delay].sessions %} -{% else %} -{% set pado_delay_param.value = pado_delay_param.value + ',-1:' + pado_delay[delay].sessions %} -{% endif %} -{% endfor %} -pado-delay={{ pado_delay_param.value }} -{% endif %} -{% if authentication.radius.called_sid_format is defined and authentication.radius.called_sid_format is not none %} -called-sid={{ authentication.radius.called_sid_format }} -{% endif %} - -{% if limits is defined %} -[connlimit] -{% if limits.connection_limit is defined and limits.connection_limit is not none %} -limit={{ limits.connection_limit }} -{% endif %} -{% if limits.burst is defined and limits.burst %} -burst={{ limits.burst }} -{% endif %} -{% if limits.timeout is defined and limits.timeout is not none %} -timeout={{ limits.timeout }} -{% endif %} -{% endif %} - -{# Common RADIUS shaper configuration #} -{% include 'accel-ppp/config_shaper_radius.j2' %} - -{% if extended_scripts is defined %} -[pppd-compat] -verbose=1 -radattr-prefix=/run/accel-pppd/radattr -{% set script_name = {'on_up': 'ip-up', 'on_down': 'ip-down', 'on_change':'ip-change', 'on_pre_up':'ip-pre-up'} %} -{% for script in extended_scripts %} -{{ script_name[script] }}={{ extended_scripts[script] }} -{% endfor %} -{% endif %} - -[cli] -tcp=127.0.0.1:2001 diff --git a/data/templates/accel-ppp/pptp.config.tmpl b/data/templates/accel-ppp/pptp.config.j2 index 3cfc4a906..cc1a45d6b 100644 --- a/data/templates/accel-ppp/pptp.config.tmpl +++ b/data/templates/accel-ppp/pptp.config.j2 @@ -10,7 +10,7 @@ radius {% endif %} ippool {% for proto in auth_proto %} -{{proto}} +{{ proto }} {% endfor %} [core] @@ -23,16 +23,16 @@ level=5 {% if dnsv4 %} [dns] -{% for dns in dnsv4 %} +{% for dns in dnsv4 %} dns{{ loop.index }}={{ dns }} -{% endfor %} +{% endfor %} {% endif %} {% if wins %} [wins] -{% for server in wins %} +{% for server in wins %} wins{{ loop.index }}={{ server }} -{% endfor %} +{% endfor %} {% endif %} @@ -42,7 +42,7 @@ ifname=pptp%d bind={{ outside_addr }} {% endif %} verbose=1 -ppp-max-mtu={{mtu}} +ppp-max-mtu={{ mtu }} mppe={{ ppp_mppe }} echo-interval=10 echo-failure=3 @@ -66,27 +66,27 @@ chap-secrets={{ chap_secrets_file }} {% elif auth_mode == 'radius' %} [radius] verbose=1 -{% for r in radius_server %} +{% for r in radius_server %} server={{ r.server }},{{ r.key }},auth-port={{ r.port }},acct-port={{ r.acct_port }},req-limit=0,fail-time={{ r.fail_time }} -{% endfor %} +{% endfor %} -{% if radius_acct_inter_jitter %} +{% if radius_acct_inter_jitter %} acct-interim-jitter={{ radius_acct_inter_jitter }} -{% endif %} +{% endif %} acct-timeout={{ radius_acct_tmo }} timeout={{ radius_timeout }} max-try={{ radius_max_try }} -{% if radius_nas_id %} +{% if radius_nas_id %} nas-identifier={{ radius_nas_id }} -{% endif %} -{% if radius_nas_ip %} +{% endif %} +{% if radius_nas_ip %} nas-ip-address={{ radius_nas_ip }} -{% endif %} -{% if radius_source_address %} +{% endif %} +{% if radius_source_address %} bind={{ radius_source_address }} -{% endif %} +{% endif %} {% endif %} {# Both chap-secrets and radius block required the gw-ip-address #} {% if gw_ip is defined and gw_ip is not none %} diff --git a/data/templates/accel-ppp/sstp.config.tmpl b/data/templates/accel-ppp/sstp.config.j2 index 8fd7d230d..5c6f19306 100644 --- a/data/templates/accel-ppp/sstp.config.tmpl +++ b/data/templates/accel-ppp/sstp.config.j2 @@ -50,7 +50,7 @@ verbose=1 check-ip=1 {# MTU #} mtu={{ mtu }} -ipv6={{ 'allow' if ppp_options.ipv6 == "deny" and client_ipv6_pool is defined else ppp_options.ipv6 }} +ipv6={{ 'allow' if ppp_options.ipv6 is vyos_defined("deny") and client_ipv6_pool is vyos_defined else ppp_options.ipv6 }} ipv4={{ ppp_options.ipv4 }} mppe={{ ppp_options.mppe }} |