From 2ed561e249e7f44d1269879bcf55cb83aee2324a Mon Sep 17 00:00:00 2001 From: Viacheslav Date: Tue, 2 Nov 2021 13:48:36 +0000 Subject: sstp: T2566: Fix to allow IPv6 only pools To allow IPv6 only for vpn sstp sessions we have to add 'ppp-options' which can disable IPv4 allocation explicity. Additional IPv6 ppp-options and fix template for it. (cherry picked from commit dd036c62d1370f655a8d2075577597f24ffff7dc) --- data/templates/accel-ppp/config_ipv6_pool.j2 | 2 +- data/templates/accel-ppp/sstp.config.tmpl | 6 +++--- .../include/accel-ppp/ppp-options-ipv4.xml.i | 23 ++++++++++++++++++++++ .../include/accel-ppp/ppp-options-ipv6.xml.i | 1 + interface-definitions/vpn_sstp.xml.in | 1 + 5 files changed, 29 insertions(+), 4 deletions(-) create mode 100644 interface-definitions/include/accel-ppp/ppp-options-ipv4.xml.i diff --git a/data/templates/accel-ppp/config_ipv6_pool.j2 b/data/templates/accel-ppp/config_ipv6_pool.j2 index f45bf9442..093887f7e 100644 --- a/data/templates/accel-ppp/config_ipv6_pool.j2 +++ b/data/templates/accel-ppp/config_ipv6_pool.j2 @@ -5,7 +5,7 @@ AdvAutonomousFlag=1 {% if client_ipv6_pool.prefix is defined and client_ipv6_pool.prefix is not none %} [ipv6-pool] {% for prefix, options in client_ipv6_pool.prefix.items() %} -{{ prefix }},{{ options.mask }} +{{ prefix }},{{ '64 ' if options.mask is not defined else options.mask }} {% endfor %} {% if client_ipv6_pool.delegate is defined and client_ipv6_pool.delegate is not none %} {% for prefix, options in client_ipv6_pool.delegate.items() %} diff --git a/data/templates/accel-ppp/sstp.config.tmpl b/data/templates/accel-ppp/sstp.config.tmpl index fad91d118..8fd7d230d 100644 --- a/data/templates/accel-ppp/sstp.config.tmpl +++ b/data/templates/accel-ppp/sstp.config.tmpl @@ -50,9 +50,9 @@ verbose=1 check-ip=1 {# MTU #} mtu={{ mtu }} -{% if client_ipv6_pool is defined %} -ipv6=allow -{% endif %} +ipv6={{ 'allow' if ppp_options.ipv6 == "deny" and client_ipv6_pool is defined else ppp_options.ipv6 }} +ipv4={{ ppp_options.ipv4 }} + mppe={{ ppp_options.mppe }} lcp-echo-interval={{ ppp_options.lcp_echo_interval }} lcp-echo-timeout={{ ppp_options.lcp_echo_timeout }} diff --git a/interface-definitions/include/accel-ppp/ppp-options-ipv4.xml.i b/interface-definitions/include/accel-ppp/ppp-options-ipv4.xml.i new file mode 100644 index 000000000..3e065329d --- /dev/null +++ b/interface-definitions/include/accel-ppp/ppp-options-ipv4.xml.i @@ -0,0 +1,23 @@ + + + + IPv4 negotiation algorithm + + ^(deny|allow)$ + + invalid value + + deny + Do not negotiate IPv4 + + + allow + Negotiate IPv4 only if client requests + + + deny allow + + + allow + + diff --git a/interface-definitions/include/accel-ppp/ppp-options-ipv6.xml.i b/interface-definitions/include/accel-ppp/ppp-options-ipv6.xml.i index cd40a1f96..b9fbac5c6 100644 --- a/interface-definitions/include/accel-ppp/ppp-options-ipv6.xml.i +++ b/interface-definitions/include/accel-ppp/ppp-options-ipv6.xml.i @@ -26,5 +26,6 @@ deny allow prefer require + deny diff --git a/interface-definitions/vpn_sstp.xml.in b/interface-definitions/vpn_sstp.xml.in index 9901a0cdf..fe2fea9f8 100644 --- a/interface-definitions/vpn_sstp.xml.in +++ b/interface-definitions/vpn_sstp.xml.in @@ -43,6 +43,7 @@ #include + #include #include #include #include -- cgit v1.2.3