diff options
| author | Christian Poessinger <christian@poessinger.com> | 2020-04-19 10:33:10 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2020-04-19 10:33:10 +0200 |
| commit | b2af248ff2c63ac08ef7b9f01fdcec023c815086 (patch) | |
| tree | fd4596b411097b92e2b3c6d400ae1138cf872068 | |
| parent | c08ea8340ec5138b5f7a696eae09ff77a734350e (diff) | |
| download | vyos-1x-b2af248ff2c63ac08ef7b9f01fdcec023c815086.tar.gz vyos-1x-b2af248ff2c63ac08ef7b9f01fdcec023c815086.zip | |
pppoe-server: T2314: add common accel-radius-additions XML file
| -rw-r--r-- | data/templates/accel-ppp/pppoe.config.tmpl | 43 | ||||
| -rw-r--r-- | interface-definitions/include/accel-radius-additions.xml.in | 113 | ||||
| -rw-r--r-- | interface-definitions/service_pppoe-server.xml.in | 60 | ||||
| -rw-r--r-- | interface-definitions/vpn_sstp.xml.in | 110 | ||||
| -rwxr-xr-x | src/conf_mode/service_pppoe-server.py | 8 |
5 files changed, 138 insertions, 196 deletions
diff --git a/data/templates/accel-ppp/pppoe.config.tmpl b/data/templates/accel-ppp/pppoe.config.tmpl index 39a20c1ca..537b2770d 100644 --- a/data/templates/accel-ppp/pppoe.config.tmpl +++ b/data/templates/accel-ppp/pppoe.config.tmpl @@ -88,35 +88,30 @@ wins{{ loop.index }}={{ server }} {% if auth_mode == 'local' %} [chap-secrets] chap-secrets={{ chap_secrets_file }} -{% endif %} - -{% if auth_mode == 'radius' %} +{% elif auth_mode == 'radius' %} [radius] verbose=1 -{% for srv in auth['radius'] %} -server={{srv}},{{auth['radius'][srv]['secret']}}, -req-limit={{auth['radius'][srv]['req-limit']}}, -fail-time={{auth['radius'][srv]['fail-time']}} -{% endfor %} -{% if auth['radsettings']['dae-server']['ip-address'] %} -dae-server={{auth['radsettings']['dae-server']['ip-address']}}: -{{auth['radsettings']['dae-server']['port']}}, -{{auth['radsettings']['dae-server']['secret']}} -{% endif -%} -{% if auth['radsettings']['acct-timeout'] %} -acct-timeout={{auth['radsettings']['acct-timeout']}} -{% endif -%} -{% if auth['radsettings']['max-try'] %} -max-try={{auth['radsettings']['max-try']}} +{% for r in radius_server %} +server={{ r.server }},{{ r.key }},auth-port={{ r.port }},req-limit=0,fail-time={{ r.fail_time }} +{% endfor -%} + +acct-timeout={{ radius_acct_tmo }} +timeout={{ radius_timeout }} +max-try={{ radius_max_try }} + +{% if radius_nas_id %} +nas-identifier={{ radius_nas_id }} {% endif -%} -{% if auth['radsettings']['timeout'] %} -timeout={{auth['radsettings']['timeout']}} +{% if radius_nas_ip %} +nas-ip-address={{ radius_nas_ip }} {% endif -%} -{% if auth['radsettings']['nas-ip-address'] %} -nas-ip-address={{auth['radsettings']['nas-ip-address']}} +{% if radius_source_address %} +bind={{ radius_source_address }} {% endif -%} -{% if auth['radsettings']['nas-identifier'] %} -nas-identifier={{auth['radsettings']['nas-identifier']}} + + +{% if radius_dynamic_author %} +dae-server={{ radius_dynamic_author.server }}:{{ radius_dynamic_author.port }},{{ radius_dynamic_author.key }} {% endif -%} {% endif %} diff --git a/interface-definitions/include/accel-radius-additions.xml.in b/interface-definitions/include/accel-radius-additions.xml.in new file mode 100644 index 000000000..227a043cd --- /dev/null +++ b/interface-definitions/include/accel-radius-additions.xml.in @@ -0,0 +1,113 @@ +<node name="radius"> + <children> + <tagNode name="server"> + <children> + <leafNode name="fail-time"> + <properties> + <help>Mark server unavailable for <n> seconds on failure</help> + <valueHelp> + <format>0-600</format> + <description>Fail time penalty</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-600"/> + </constraint> + <constraintErrorMessage>Fail time must be between 0 and 600 seconds</constraintErrorMessage> + </properties> + </leafNode> + </children> + </tagNode> + <leafNode name="timeout"> + <properties> + <help>Timeout in seconds to wait response from RADIUS server</help> + <valueHelp> + <format>1-60</format> + <description>Timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-60"/> + </constraint> + <constraintErrorMessage>Timeout must be between 1 and 60 seconds</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="acct-timeout"> + <properties> + <help>Timeout for Interim-Update packets, terminate session afterwards (default 3 seconds)</help> + <valueHelp> + <format>0-60</format> + <description>Timeout in seconds, 0 to keep active</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-60"/> + </constraint> + <constraintErrorMessage>Timeout must be between 0 and 60 seconds</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="max-try"> + <properties> + <help>Number of tries to send Access-Request/Accounting-Request queries</help> + <valueHelp> + <format>1-20</format> + <description>Maximum tries</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-20"/> + </constraint> + <constraintErrorMessage>Maximum tries must be between 1 and 20</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="nas-identifier"> + <properties> + <help>NAS-Identifier attribute sent to RADIUS</help> + </properties> + </leafNode> + <leafNode name="nas-ip-address"> + <properties> + <help>NAS-IP-Address attribute sent to RADIUS</help> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <valueHelp> + <format>ipv4</format> + <description>NAS-IP-Address attribute</description> + </valueHelp> + </properties> + </leafNode> + <node name="dynamic-author"> + <properties> + <help>Dynamic Authorization Extension/Change of Authorization server</help> + </properties> + <children> + <leafNode name="server"> + <properties> + <help>IP address for Dynamic Authorization Extension server (DM/CoA)</help> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address for aynamic authorization server</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="port"> + <properties> + <help>Port for Dynamic Authorization Extension server (DM/CoA)</help> + <valueHelp> + <format>number</format> + <description>TCP port</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="key"> + <properties> + <help>Shared secret for Dynamic Authorization Extension server</help> + </properties> + </leafNode> + </children> + </node> + </children> +</node> diff --git a/interface-definitions/service_pppoe-server.xml.in b/interface-definitions/service_pppoe-server.xml.in index e42de4f90..edfa321a4 100644 --- a/interface-definitions/service_pppoe-server.xml.in +++ b/interface-definitions/service_pppoe-server.xml.in @@ -127,67 +127,9 @@ </properties> </leafNode> #include <include/radius-server.xml.i> + #include <include/accel-radius-additions.xml.in> <node name="radius"> <children> - <tagNode name="server"> - <children> - <leafNode name="fail-time"> - <properties> - <help>Mark server unavailable for <n> seconds on failure</help> - <valueHelp> - <format>0-600</format> - <description>Fail time penalty</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-600"/> - </constraint> - <constraintErrorMessage>Fail time must be between 0 and 600 seconds</constraintErrorMessage> - </properties> - </leafNode> - </children> - </tagNode> - <leafNode name="timeout"> - <properties> - <help>Timeout to wait response from server (seconds)</help> - </properties> - </leafNode> - <leafNode name="acct-timeout"> - <properties> - <help>Timeout to wait reply for Interim-Update packets. (default 3 seconds)</help> - </properties> - </leafNode> - <leafNode name="max-try"> - <properties> - <help>Maximum number of tries to send Access-Request/Accounting-Request queries</help> - </properties> - </leafNode> - <leafNode name="nas-identifier"> - <properties> - <help>Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests.</help> - </properties> - </leafNode> - <node name="dae-server"> - <properties> - <help>IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA)</help> - </properties> - <children> - <leafNode name="ip-address"> - <properties> - <help>IP address for Dynamic Authorization Extension server (DM/CoA)</help> - </properties> - </leafNode> - <leafNode name="port"> - <properties> - <help>Port for Dynamic Authorization Extension server (DM/CoA)</help> - </properties> - </leafNode> - <leafNode name="secret"> - <properties> - <help>Secret for Dynamic Authorization Extension server (DM/CoA)</help> - </properties> - </leafNode> - </children> - </node> <node name="rate-limit"> <properties> <help>Upload/Download speed limits</help> diff --git a/interface-definitions/vpn_sstp.xml.in b/interface-definitions/vpn_sstp.xml.in index b026417b3..b5a1b6800 100644 --- a/interface-definitions/vpn_sstp.xml.in +++ b/interface-definitions/vpn_sstp.xml.in @@ -114,117 +114,9 @@ </properties> </leafNode> #include <include/radius-server.xml.i> + #include <include/accel-radius-additions.xml.in> <node name="radius"> <children> - <tagNode name="server"> - <children> - <leafNode name="fail-time"> - <properties> - <help>Mark server unavailable for <n> seconds on failure</help> - <valueHelp> - <format>0-600</format> - <description>Fail time penalty</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-600"/> - </constraint> - <constraintErrorMessage>Fail time must be between 0 and 600 seconds</constraintErrorMessage> - </properties> - </leafNode> - </children> - </tagNode> - <leafNode name="timeout"> - <properties> - <help>Timeout in seconds to wait response from RADIUS server</help> - <valueHelp> - <format>1-60</format> - <description>Timeout in seconds</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-60"/> - </constraint> - <constraintErrorMessage>Timeout must be between 1 and 60 seconds</constraintErrorMessage> - </properties> - </leafNode> - <leafNode name="acct-timeout"> - <properties> - <help>Timeout for Interim-Update packets, terminate session afterwards (default 3 seconds)</help> - <valueHelp> - <format>0-60</format> - <description>Timeout in seconds, 0 to keep active</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-60"/> - </constraint> - <constraintErrorMessage>Timeout must be between 0 and 60 seconds</constraintErrorMessage> - </properties> - </leafNode> - <leafNode name="max-try"> - <properties> - <help>Number of tries to send Access-Request/Accounting-Request queries</help> - <valueHelp> - <format>1-20</format> - <description>Maximum tries</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-20"/> - </constraint> - <constraintErrorMessage>Maximum tries must be between 1 and 20</constraintErrorMessage> - </properties> - </leafNode> - <leafNode name="nas-identifier"> - <properties> - <help>NAS-Identifier attribute sent to RADIUS</help> - </properties> - </leafNode> - <leafNode name="nas-ip-address"> - <properties> - <help>NAS-IP-Address attribute sent to RADIUS</help> - <constraint> - <validator name="ipv4-address"/> - </constraint> - <valueHelp> - <format>ipv4</format> - <description>NAS-IP-Address attribute</description> - </valueHelp> - </properties> - </leafNode> - <node name="dynamic-author"> - <properties> - <help>Dynamic Authorization Extension/Change of Authorization server</help> - </properties> - <children> - <leafNode name="server"> - <properties> - <help>IP address for Dynamic Authorization Extension server (DM/CoA)</help> - <constraint> - <validator name="ipv4-address"/> - </constraint> - <valueHelp> - <format>ipv4</format> - <description>IPv4 address for aynamic authorization server</description> - </valueHelp> - </properties> - </leafNode> - <leafNode name="port"> - <properties> - <help>Port for Dynamic Authorization Extension server (DM/CoA)</help> - <valueHelp> - <format>number</format> - <description>TCP port</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> - </leafNode> - <leafNode name="key"> - <properties> - <help>Shared secret for Dynamic Authorization Extension server</help> - </properties> - </leafNode> - </children> - </node> <node name="rate-limit"> <properties> <help>Upload/Download speed limits</help> diff --git a/src/conf_mode/service_pppoe-server.py b/src/conf_mode/service_pppoe-server.py index b791f1716..f0dd3751a 100755 --- a/src/conf_mode/service_pppoe-server.py +++ b/src/conf_mode/service_pppoe-server.py @@ -276,14 +276,14 @@ def get_config(): 'key' : '' } - if conf.exists(['dynamic-author', 'ip-address']): - dae['server'] = conf.return_value(['dynamic-author', 'ip-address']) + if conf.exists(['dynamic-author', 'server']): + dae['server'] = conf.return_value(['dynamic-author', 'server']) if conf.exists(['dynamic-author', 'port']): dae['port'] = conf.return_value(['dynamic-author', 'port']) - if conf.exists(['dynamic-author', 'secret']): - dae['key'] = conf.return_value(['dynamic-author', 'secret']) + if conf.exists(['dynamic-author', 'key']): + dae['key'] = conf.return_value(['dynamic-author', 'key']) pppoe['radius_dynamic_author'] = dae |