From f6131611e15a644312e3c4baf5b8f6387c2930e7 Mon Sep 17 00:00:00 2001 From: khramshinr Date: Wed, 29 May 2024 19:46:20 +0600 Subject: T5735: Stunnel CLI and configuration Add CLI commands Add config Add conf_mode Add systemd config Add stunnel smoketests Add log level config --- data/config-mode-dependencies/vyos-1x.json | 3 +- data/configd-include.json | 1 + data/templates/stunnel/stunnel_config.j2 | 118 +++++++++++++++++++++++++++++ 3 files changed, 121 insertions(+), 1 deletion(-) create mode 100644 data/templates/stunnel/stunnel_config.j2 (limited to 'data') diff --git a/data/config-mode-dependencies/vyos-1x.json b/data/config-mode-dependencies/vyos-1x.json index 9623948c2..9361f4e7c 100644 --- a/data/config-mode-dependencies/vyos-1x.json +++ b/data/config-mode-dependencies/vyos-1x.json @@ -32,7 +32,8 @@ "reverse_proxy": ["load-balancing_reverse-proxy"], "rpki": ["protocols_rpki"], "sstp": ["vpn_sstp"], - "sstpc": ["interfaces_sstpc"] + "sstpc": ["interfaces_sstpc"], + "stunnel": ["service_stunnel"] }, "vpn_ipsec": { "nhrp": ["protocols_nhrp"] diff --git a/data/configd-include.json b/data/configd-include.json index b92d58c72..224a9c390 100644 --- a/data/configd-include.json +++ b/data/configd-include.json @@ -81,6 +81,7 @@ "service_sla.py", "service_snmp.py", "service_ssh.py", +"service_stunnel.py", "service_tftp-server.py", "service_webproxy.py", "system_acceleration.py", diff --git a/data/templates/stunnel/stunnel_config.j2 b/data/templates/stunnel/stunnel_config.j2 new file mode 100644 index 000000000..52c289fa9 --- /dev/null +++ b/data/templates/stunnel/stunnel_config.j2 @@ -0,0 +1,118 @@ +; Autogenerated by service_stunnel.py + +; Example https://www.stunnel.org/config_unix.html# +; ************************************************************************** +; * Global options * +; ************************************************************************** + +; PID file is created inside the chroot jail (if enabled) +pid = {{ config_file | replace('.conf', '.pid') }} + +; Debugging stuff (may be useful for troubleshooting) +;foreground = yes + +{% if log is vyos_defined %} +debug = {{ log.level }} +{% endif %} + +;output = /usr/local/var/log/stunnel.log + + +; ************************************************************************** +; * Service definitions * +; ************************************************************************** + +; ***************************************** Client mode services *********** + +{% if client is vyos_defined %} +{% for name, config in client.items() %} +[{{ name }}] +client = yes +{% if config.listen.address is vyos_defined %} +accept = {{ config.listen.address }}:{{ config.listen.port }} +{% else %} +accept = {{ config.listen.port }} +{% endif %} +{% if config.connect is vyos_defined %} +{% if config.connect.address is vyos_defined %} +connect = {{ config.connect.address }}:{{ config.connect.port }} +{% else %} +connect = {{ config.connect.port }} +{% endif %} +{% endif %} +{% if config.protocol is vyos_defined %} +protocol = {{ config.protocol }} +{% endif %} +{% if config.options is vyos_defined %} +{% if config.options.authentication is vyos_defined %} +protocolAuthentication = {{ config.options.authentication }} +{% endif %} +{% if config.options.domain is vyos_defined %} +protocolDomain = {{ config.options.domain }} +{% endif %} +{% if config.options.host is vyos_defined %} +protocolHost = {{ config.options.host.address }}:{{ config.options.host.port }} +{% endif %} +{% if config.options.password is vyos_defined %} +protocolPassword = {{ config.options.password }} +{% endif %} +{% if config.options.username is vyos_defined %} +protocolUsername = {{ config.options.username }} +{% endif %} +{% endif %} +{% if config.ssl.ca_path is vyos_defined %} +CApath = {{ config.ssl.ca_path }} +{% endif %} +{% if config.ssl.ca_file is vyos_defined %} +CAfile = {{ config.ssl.ca_file }} +{% endif %} +{% if config.ssl.cert is vyos_defined %} +cert = {{ config.ssl.cert }} +{% endif %} +{% if config.ssl.cert_key is vyos_defined %} +key = {{ config.ssl.cert_key }} +{% endif %} +{% if config.psk.file is vyos_defined %} +PSKsecrets = {{ config.psk.file }} +{% endif %} +{% endfor %} +{% endif %} + + +; ***************************************** Server mode services *********** + +{% if server is vyos_defined %} +{% for name, config in server.items() %} +[{{ name }}] +{% if config.listen.address is vyos_defined %} +accept = {{ config.listen.address }}:{{ config.listen.port }} +{% else %} +accept = {{ config.listen.port }} +{% endif %} +{% if config.connect is vyos_defined %} +{% if config.connect.address is vyos_defined %} +connect = {{ config.connect.address }}:{{ config.connect.port }} +{% else %} +connect = {{ config.connect.port }} +{% endif %} +{% endif %} +{% if config.protocol is vyos_defined %} +protocol = {{ config.protocol }} +{% endif %} +{% if config.ssl.ca_path is vyos_defined %} +CApath = {{ config.ssl.ca_path }} +{% endif %} +{% if config.ssl.ca_file is vyos_defined %} +CAfile = {{ config.ssl.ca_file }} +{% endif %} +{% if config.ssl.cert is vyos_defined %} +cert = {{ config.ssl.cert }} +{% endif %} +{% if config.ssl.cert_key is vyos_defined %} +key = {{ config.ssl.cert_key }} +{% endif %} +{% if config.psk.file is vyos_defined %} +PSKsecrets = {{ config.psk.file }} +{% endif %} +{% endfor %} +{% endif %} -- cgit v1.2.3