summaryrefslogtreecommitdiff
path: root/src/conf_mode/vpn_sstp.py
diff options
context:
space:
mode:
Diffstat (limited to 'src/conf_mode/vpn_sstp.py')
-rwxr-xr-xsrc/conf_mode/vpn_sstp.py130
1 files changed, 36 insertions, 94 deletions
diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py
index ca0844c50..438731972 100755
--- a/src/conf_mode/vpn_sstp.py
+++ b/src/conf_mode/vpn_sstp.py
@@ -18,49 +18,24 @@ import os
from time import sleep
from sys import exit
-from socket import socket, AF_INET, SOCK_STREAM
from copy import deepcopy
from stat import S_IRUSR, S_IWUSR, S_IRGRP
-from jinja2 import FileSystemLoader, Environment
from vyos.config import Config
from vyos import ConfigError
-from vyos.defaults import directories as vyos_data_dir
-from vyos.util import process_running
-from vyos.util import process_running, cmd, run
-
-pidfile = r'/var/run/accel_sstp.pid'
-sstp_cnf_dir = r'/etc/accel-ppp/sstp'
-chap_secrets = sstp_cnf_dir + '/chap-secrets'
-sstp_conf = sstp_cnf_dir + '/sstp.config'
-
-# config path creation
-if not os.path.exists(sstp_cnf_dir):
- os.makedirs(sstp_cnf_dir)
-
-def chk_con():
- cnt = 0
- s = socket(AF_INET, SOCK_STREAM)
- while True:
- try:
- s.connect(("127.0.0.1", 2005))
- s.close()
- break
- except ConnectionRefusedError:
- sleep(0.5)
- cnt += 1
- if cnt == 100:
- raise("failed to start sstp server")
- break
-
-
-def _accel_cmd(command):
- return run(f'/usr/bin/accel-cmd -p 2005 {command}')
+from vyos.util import call, run
+from vyos.template import render
+
+
+sstp_conf = '/run/accel-pppd/sstp.conf'
+sstp_chap_secrets = '/run/accel-pppd/sstp.chap-secrets'
default_config_data = {
'local_users' : [],
'auth_mode' : 'local',
- 'auth_proto' : [],
+ 'auth_proto' : ['auth_mschap_v2'],
+ 'chap_secrets_file': sstp_chap_secrets, # used in Jinja2 template
+ 'client_gateway': '',
'radius_server' : [],
'radius_acct_tmo' : '3',
'radius_max_try' : '3',
@@ -77,11 +52,11 @@ default_config_data = {
'client_ip_pool' : [],
'dnsv4' : [],
'mtu' : '',
- 'ppp_mppe' : '',
+ 'ppp_mppe' : 'prefer',
'ppp_echo_failure' : '',
'ppp_echo_interval' : '',
'ppp_echo_timeout' : '',
- 'thread_cnt' : ''
+ 'thread_cnt' : 1
}
def get_config():
@@ -93,10 +68,9 @@ def get_config():
conf.set_level(base_path)
- cpu = int(os.cpu_count()/2)
- if cpu < 1:
- cpu = 1
- sstp['thread_cnt'] = cpu
+ cpu = os.cpu_count()
+ if cpu > 1:
+ sstp['thread_cnt'] = int(cpu/2)
if conf.exists(['authentication', 'mode']):
sstp['auth_mode'] = conf.return_value(['authentication', 'mode'])
@@ -214,6 +188,8 @@ def get_config():
# authentication protocols
conf.set_level(base_path + ['authentication'])
if conf.exists(['protocols']):
+ # clear default list content, now populate with actual CLI values
+ sstp['auth_proto'] = []
auth_mods = {
'pap': 'auth_pap',
'chap': 'auth_chap_md5',
@@ -224,9 +200,6 @@ def get_config():
for proto in conf.return_values(['protocols']):
sstp['auth_proto'].append(auth_mods[proto])
- else:
- sstp['auth_proto'] = ['auth_mschap_v2']
-
#
# read in SSL certs
conf.set_level(base_path + ['ssl'])
@@ -262,7 +235,7 @@ def get_config():
# read in PPP stuff
conf.set_level(base_path + ['ppp-settings'])
if conf.exists('mppe'):
- sstp['ppp_mppe'] = conf.return_value('ppp-settings mppe')
+ sstp['ppp_mppe'] = conf.return_value(['ppp-settings', 'mppe'])
if conf.exists(['lcp-echo-failure']):
sstp['ppp_echo_failure'] = conf.return_value(['lcp-echo-failure'])
@@ -283,7 +256,7 @@ def verify(sstp):
# vertify auth settings
if sstp['auth_mode'] == 'local':
if not sstp['local_users']:
- raise ConfigError('sstp-server authentication local-users required')
+ raise ConfigError('SSTP local auth mode requires local users to be configured!')
for user in sstp['local_users']:
if not user['password']:
@@ -303,7 +276,7 @@ def verify(sstp):
raise ConfigError("Client gateway IP address required")
if len(sstp['dnsv4']) > 2:
- raise ConfigError("Only 2 DNS name-servers can be configured")
+ raise ConfigError('Not more then two IPv4 DNS name-servers can be configured')
if not sstp['ssl_ca'] or not sstp['ssl_cert'] or not sstp['ssl_key']:
raise ConfigError('One or more SSL certificates missing')
@@ -326,69 +299,38 @@ def verify(sstp):
raise ConfigError(f"Missing RADIUS secret for server {{ radius['key'] }}")
def generate(sstp):
- if sstp is None:
+ if not sstp:
return None
- # Prepare Jinja2 template loader from files
- tmpl_path = os.path.join(vyos_data_dir['data'], 'templates', 'sstp')
- fs_loader = FileSystemLoader(tmpl_path)
- env = Environment(loader=fs_loader, trim_blocks=True)
+ dirname = os.path.dirname(sstp_conf)
+ if not os.path.exists(dirname):
+ os.mkdir(dirname)
# accel-cmd reload doesn't work so any change results in a restart of the daemon
- tmpl = env.get_template('sstp.config.tmpl')
- config_text = tmpl.render(sstp)
- with open(sstp_conf, 'w') as f:
- f.write(config_text)
+ render(sstp_conf, 'sstp/sstp.config.tmpl', sstp, trim_blocks=True)
if sstp['local_users']:
- tmpl = env.get_template('chap-secrets.tmpl')
- config_text = tmpl.render(sstp)
- with open(chap_secrets, 'w') as f:
- f.write(config_text)
-
- os.chmod(chap_secrets, S_IRUSR | S_IWUSR | S_IRGRP)
+ render(sstp_chap_secrets, 'sstp/chap-secrets.tmpl', sstp, trim_blocks=True)
+ os.chmod(sstp_chap_secrets, S_IRUSR | S_IWUSR | S_IRGRP)
else:
- if os.path.exists(chap_secrets):
- os.unlink(chap_secrets)
+ if os.path.exists(sstp_chap_secrets):
+ os.unlink(sstp_chap_secrets)
return sstp
def apply(sstp):
- if sstp is None:
- if process_running(pidfile):
- command = 'start-stop-daemon'
- command += ' --stop '
- command += ' --quiet'
- command += ' --oknodo'
- command += ' --pidfile ' + pidfile
- cmd(command)
+ if not sstp:
+ call('systemctl stop accel-ppp@sstp.service')
- if os.path.exists(pidfile):
- os.remove(pidfile)
+ if os.path.exists(sstp_conf):
+ os.unlink(sstp_conf)
- return None
+ if os.path.exists(sstp_chap_secrets):
+ os.unlink(sstp_chap_secrets)
- if not process_running(pidfile):
- if os.path.exists(pidfile):
- os.remove(pidfile)
-
- command = 'start-stop-daemon'
- command += ' --start '
- command += ' --quiet'
- command += ' --oknodo'
- command += ' --pidfile ' + pidfile
- command += ' --exec /usr/sbin/accel-pppd'
- # now pass arguments to accel-pppd binary
- command += ' --'
- command += ' -c ' + sstp_conf
- command += ' -p ' + pidfile
- command += ' -d'
- cmd(command)
-
- chk_con()
+ return None
- else:
- _accel_cmd('restart')
+ call('systemctl restart accel-ppp@sstp.service')
if __name__ == '__main__':