1 files changed, 12 insertions, 73 deletions

diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py
index 52f9238b8..85423142d 100644
--- a/python/vyos/configverify.py
+++ b/python/vyos/configverify.py
@@ -281,16 +281,22 @@ def verify_source_interface(config):
     perform recurring validation of the existence of a source-interface
     required by e.g. peth/MACvlan, MACsec ...
     """
+    import re
     from netifaces import interfaces
-    if 'source_interface' not in config:
-        raise ConfigError('Physical source-interface required for '
-                          'interface "{ifname}"'.format(**config))
 
-    if config['source_interface'] not in interfaces():
-        raise ConfigError('Specified source-interface {source_interface} does '
-                          'not exist'.format(**config))
+    ifname = config['ifname']
+    if 'source_interface' not in config:
+        raise ConfigError(f'Physical source-interface required for "{ifname}"!')
 
     src_ifname = config['source_interface']
+    # We do not allow sourcing other interfaces (e.g. tunnel) from dynamic interfaces
+    tmp = re.compile(r'(ppp|pppoe|sstpc|l2tp|ipoe)[0-9]+')
+    if tmp.match(src_ifname):
+        raise ConfigError(f'Can not source "{ifname}" from dynamic interface "{src_ifname}"!')
+
+    if src_ifname not in interfaces():
+        raise ConfigError(f'Specified source-interface {src_ifname} does not exist')
+
     if 'source_interface_is_bridge_member' in config:
         bridge_name = next(iter(config['source_interface_is_bridge_member']))
         raise ConfigError(f'Invalid source-interface "{src_ifname}". Interface '
@@ -303,7 +309,6 @@ def verify_source_interface(config):
 
     if 'is_source_interface' in config:
         tmp = config['is_source_interface']
-        src_ifname = config['source_interface']
         raise ConfigError(f'Can not use source-interface "{src_ifname}", it already ' \
                           f'belongs to interface "{tmp}"!')
 
@@ -385,72 +390,6 @@ def verify_vlan_config(config):
             verify_mtu_parent(c_vlan, config)
             verify_mtu_parent(c_vlan, s_vlan)
 
-def verify_accel_ppp_base_service(config, local_users=True):
-    """
-    Common helper function which must be used by all Accel-PPP services based
-    on get_config_dict()
-    """
-    # vertify auth settings
-    if local_users and dict_search('authentication.mode', config) == 'local':
-        if (dict_search(f'authentication.local_users', config) is None or
-                dict_search(f'authentication.local_users', config) == {}):
-            raise ConfigError(
-                'Authentication mode local requires local users to be configured!')
-
-        for user in dict_search('authentication.local_users.username', config):
-            user_config = config['authentication']['local_users']['username'][user]
-
-            if 'password' not in user_config:
-                raise ConfigError(f'Password required for local user "{user}"')
-
-            if 'rate_limit' in user_config:
-                # if up/download is set, check that both have a value
-                if not {'upload', 'download'} <= set(user_config['rate_limit']):
-                    raise ConfigError(f'User "{user}" has rate-limit configured for only one ' \
-                                      'direction but both upload and download must be given!')
-
-    elif dict_search('authentication.mode', config) == 'radius':
-        if not dict_search('authentication.radius.server', config):
-            raise ConfigError('RADIUS authentication requires at least one server')
-
-        for server in dict_search('authentication.radius.server', config):
-            radius_config = config['authentication']['radius']['server'][server]
-            if 'key' not in radius_config:
-                raise ConfigError(f'Missing RADIUS secret key for server "{server}"')
-
-    # Check global gateway or gateway in named pool
-    gateway = False
-    if 'gateway_address' in config:
-        gateway = True
-    else:
-        if 'client_ip_pool' in config:
-            if dict_search_recursive(config, 'gateway_address', ['client_ip_pool', 'name']):
-                for _, v in config['client_ip_pool']['name'].items():
-                    if 'gateway_address' in v:
-                        gateway = True
-                        break
-    if not gateway:
-        raise ConfigError('Server requires gateway-address to be configured!')
-
-    if 'name_server_ipv4' in config:
-        if len(config['name_server_ipv4']) > 2:
-            raise ConfigError('Not more then two IPv4 DNS name-servers ' \
-                              'can be configured')
-
-    if 'name_server_ipv6' in config:
-        if len(config['name_server_ipv6']) > 3:
-            raise ConfigError('Not more then three IPv6 DNS name-servers ' \
-                              'can be configured')
-
-    if 'client_ipv6_pool' in config:
-        ipv6_pool = config['client_ipv6_pool']
-        if 'delegate' in ipv6_pool:
-            if 'prefix' not in ipv6_pool:
-                raise ConfigError('IPv6 "delegate" also requires "prefix" to be defined!')
-
-            for delegate in ipv6_pool['delegate']:
-                if 'delegation_prefix' not in ipv6_pool['delegate'][delegate]:
-                    raise ConfigError('delegation-prefix length required!')
 
 def verify_diffie_hellman_length(file, min_keysize):
     """ Verify Diffie-Hellamn keypair length given via file. It must be greater