From e41685a2f56cca0a53b4f8c084f61a85cf561c80 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Mon, 15 Aug 2022 20:16:02 +0200
Subject: ocserv: openconnect: T4614: add support for split-dns

set vpn openconnect network-settings split-dns <domain>
---
 data/templates/ocserv/ocserv_config.j2        |  5 +++++
 interface-definitions/vpn-openconnect.xml.in  | 13 +++++++++++++
 smoketest/scripts/cli/test_vpn_openconnect.py |  4 ++++
 3 files changed, 22 insertions(+)

diff --git a/data/templates/ocserv/ocserv_config.j2 b/data/templates/ocserv/ocserv_config.j2
index d3d022bb0..e0cad5181 100644
--- a/data/templates/ocserv/ocserv_config.j2
+++ b/data/templates/ocserv/ocserv_config.j2
@@ -80,3 +80,8 @@ route = {{ route }}
 {%     endfor %}
 {% endif %}
 
+{% if network_settings.split_dns is vyos_defined %}
+{%     for tmp in network_settings.split_dns %}
+split-dns = {{ tmp }}
+{%     endfor %}
+{% endif %}
diff --git a/interface-definitions/vpn-openconnect.xml.in b/interface-definitions/vpn-openconnect.xml.in
index 21b47125d..6309863c5 100644
--- a/interface-definitions/vpn-openconnect.xml.in
+++ b/interface-definitions/vpn-openconnect.xml.in
@@ -265,6 +265,19 @@
                 </children>
               </node>
               #include <include/name-server-ipv4-ipv6.xml.i>
+              <leafNode name="split-dns">
+                <properties>
+                  <help>Domains over which the provided DNS should be used</help>
+                  <valueHelp>
+                    <format>txt</format>
+                    <description>Client prefix length</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="fqdn"/>
+                  </constraint>
+                  <multi/>
+                </properties>
+              </leafNode>
             </children>
           </node>
       </children>
diff --git a/smoketest/scripts/cli/test_vpn_openconnect.py b/smoketest/scripts/cli/test_vpn_openconnect.py
index 094812791..8572d6d66 100755
--- a/smoketest/scripts/cli/test_vpn_openconnect.py
+++ b/smoketest/scripts/cli/test_vpn_openconnect.py
@@ -98,6 +98,8 @@ class TestVPNOpenConnect(VyOSUnitTestSHIM.TestCase):
 
         for ns in name_server:
             self.cli_set(base_path + ['network-settings', 'name-server', ns])
+        for domain in split_dns:
+            self.cli_set(base_path + ['network-settings', 'split-dns', domain])
 
         self.cli_set(base_path + ['ssl', 'ca-certificate', 'openconnect'])
         self.cli_set(base_path + ['ssl', 'certificate', 'openconnect'])
@@ -115,6 +117,8 @@ class TestVPNOpenConnect(VyOSUnitTestSHIM.TestCase):
 
         for ns in name_server:
             self.assertIn(f'dns = {ns}', daemon_config)
+        for domain in split_dns:
+            self.assertIn(f'split-dns = {domain}', daemon_config)
 
         auth_config = read_file(auth_file)
         self.assertIn(f'{user}:*:$', auth_config)
-- 
cgit v1.2.3