summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDmitriyEshenko <snooppy@mail.ua>2019-07-26 20:32:43 +0000
committerDmitriyEshenko <snooppy@mail.ua>2019-07-26 20:32:43 +0000
commit8e8c0b152e6ae98bb1ad0e479c20bae0fca7279a (patch)
treec2556bde8e8dff40cb4ed9e16bda7ca7e63b1d9e
parent50e671cd5a2c2143621d16a7249f8769b641fbd9 (diff)
downloadvyos-1x-8e8c0b152e6ae98bb1ad0e479c20bae0fca7279a.tar.gz
vyos-1x-8e8c0b152e6ae98bb1ad0e479c20bae0fca7279a.zip
T1546 fix syntax l2tp radius source-address and migrate other radius options
-rw-r--r--interface-definitions/l2tp-server.xml21
-rwxr-xr-xsrc/conf_mode/accel_l2tp.py80
2 files changed, 49 insertions, 52 deletions
diff --git a/interface-definitions/l2tp-server.xml b/interface-definitions/l2tp-server.xml
index 2d103aae0..797e5a812 100644
--- a/interface-definitions/l2tp-server.xml
+++ b/interface-definitions/l2tp-server.xml
@@ -417,13 +417,15 @@
</leafNode>
</children>
</tagNode>
- </children>
- </node>
- <node name="radius-settings">
- <properties>
- <help>RADIUS settings</help>
- </properties>
- <children>
+ <leafNode name="source-address">
+ <properties>
+ <help>Local RADIUS client address from which packets are sent.</help>
+ <valueHelp>
+ <format>&lt;x.x.x.x&gt;</format>
+ <description>Local RADIUS client address from which packets are sent</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
<leafNode name="timeout">
<properties>
<help>Timeout to wait response from server (seconds)</help>
@@ -444,11 +446,6 @@
<help>Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests.</help>
</properties>
</leafNode>
- <leafNode name="nas-ip-address">
- <properties>
- <help>Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address.</help>
- </properties>
- </leafNode>
<node name="dae-server">
<properties>
<help>IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA)</help>
diff --git a/src/conf_mode/accel_l2tp.py b/src/conf_mode/accel_l2tp.py
index 39732b97d..5f0546d63 100755
--- a/src/conf_mode/accel_l2tp.py
+++ b/src/conf_mode/accel_l2tp.py
@@ -141,8 +141,8 @@ max-try={{authentication['radiusopt']['max-try']}}
{% if authentication['radiusopt']['nas-id'] %}
nas-identifier={{authentication['radiusopt']['nas-id']}}
{% endif %}
-{% if authentication['radiusopt']['nas-ip'] %}
-nas-ip-address={{authentication['radiusopt']['nas-ip']}}
+{% if authentication['radius_source_address'] %}
+nas-ip-address={{authentication['radius_source_address']}}
{% endif -%}
{% if authentication['radiusopt']['dae-srv'] %}
dae-server={{authentication['radiusopt']['dae-srv']['ip-addr']}}:\
@@ -314,47 +314,47 @@ def get_config():
}
}
)
+ ### Source ip address feature
+ if c.exists('authentication radius source-address'):
+ config_data['authentication']['radius_source_address'] = c.return_value('authentication radius source-address')
#### advanced radius-setting
- if c.exists('authentication radius-settings'):
- if c.exists('authentication radius-settings acct-timeout'):
- config_data['authentication']['radiusopt']['acct-timeout'] = c.return_value('authentication radius-settings acct-timeout')
- if c.exists('authentication radius-settings max-try'):
- config_data['authentication']['radiusopt']['max-try'] = c.return_value('authentication radius-settings max-try')
- if c.exists('authentication radius-settings timeout'):
- config_data['authentication']['radiusopt']['timeout'] = c.return_value('authentication radius-settings timeout')
- if c.exists('authentication radius-settings nas-identifier'):
- config_data['authentication']['radiusopt']['nas-id'] = c.return_value('authentication radius-settings nas-identifier')
- if c.exists('authentication radius-settings nas-ip-address'):
- config_data['authentication']['radiusopt']['nas-ip'] = c.return_value('authentication radius-settings nas-ip-address')
- if c.exists('authentication radius-settings dae-server'):
- # Set default dae-server port if not defined
- if c.exists('authentication radius-settings dae-server port'):
- dae_server_port = c.return_value('authentication radius-settings dae-server port')
- else:
- dae_server_port = "3799"
- config_data['authentication']['radiusopt'].update(
- {
- 'dae-srv' : {
- 'ip-addr' : c.return_value('authentication radius-settings dae-server ip-address'),
- 'port' : dae_server_port,
- 'secret' : str(c.return_value('authentication radius-settings dae-server secret'))
- }
- }
- )
- #### filter-id is the internal accel default if attribute is empty
- #### set here as default for visibility which may change in the future
- if c.exists('authentication radius-settings rate-limit enable'):
- if not c.exists('authentication radius-settings rate-limit attribute'):
- config_data['authentication']['radiusopt']['shaper'] = {
- 'attr' : 'Filter-Id'
- }
- else:
- config_data['authentication']['radiusopt']['shaper'] = {
- 'attr' : c.return_value('authentication radius-settings rate-limit attribute')
+ if c.exists('authentication radius acct-timeout'):
+ config_data['authentication']['radiusopt']['acct-timeout'] = c.return_value('authentication radius acct-timeout')
+ if c.exists('authentication radius max-try'):
+ config_data['authentication']['radiusopt']['max-try'] = c.return_value('authentication radius max-try')
+ if c.exists('authentication radius timeout'):
+ config_data['authentication']['radiusopt']['timeout'] = c.return_value('authentication radius timeout')
+ if c.exists('authentication radius nas-identifier'):
+ config_data['authentication']['radiusopt']['nas-id'] = c.return_value('authentication radius nas-identifier')
+ if c.exists('authentication radius dae-server'):
+ # Set default dae-server port if not defined
+ if c.exists('authentication radius dae-server port'):
+ dae_server_port = c.return_value('authentication radius dae-server port')
+ else:
+ dae_server_port = "3799"
+ config_data['authentication']['radiusopt'].update(
+ {
+ 'dae-srv' : {
+ 'ip-addr' : c.return_value('authentication radius dae-server ip-address'),
+ 'port' : dae_server_port,
+ 'secret' : str(c.return_value('authentication radius dae-server secret'))
}
- if c.exists('authentication radius-settings rate-limit vendor'):
- config_data['authentication']['radiusopt']['shaper']['vendor'] = c.return_value('authentication radius-settings rate-limit vendor')
+ }
+ )
+ #### filter-id is the internal accel default if attribute is empty
+ #### set here as default for visibility which may change in the future
+ if c.exists('authentication radius rate-limit enable'):
+ if not c.exists('authentication radius rate-limit attribute'):
+ config_data['authentication']['radiusopt']['shaper'] = {
+ 'attr' : 'Filter-Id'
+ }
+ else:
+ config_data['authentication']['radiusopt']['shaper'] = {
+ 'attr' : c.return_value('authentication radius rate-limit attribute')
+ }
+ if c.exists('authentication radius rate-limit vendor'):
+ config_data['authentication']['radiusopt']['shaper']['vendor'] = c.return_value('authentication radius rate-limit vendor')
if c.exists('client-ip-pool'):
if c.exists('client-ip-pool start') and c.exists('client-ip-pool stop'):