diff options
| author | Christian Breunig <christian@breunig.cc> | 2024-04-04 20:36:04 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-04-04 20:36:04 +0200 |
| commit | a1208818b443acb645c3c48e44b8d1dbae1fb128 (patch) | |
| tree | b2918cb2047b414af001edef592ad821e2caa3f0 | |
| parent | 3099c96ab7db359da335636bbfcc33c4d6f6e249 (diff) | |
| parent | 49d4df5926637ec3dfd33a1dfcaab364adc28c4c (diff) | |
| download | vyos-1x-a1208818b443acb645c3c48e44b8d1dbae1fb128.tar.gz vyos-1x-a1208818b443acb645c3c48e44b8d1dbae1fb128.zip | |
Merge pull request #3244 from aapostoliuk/T6197-circinus
T6197: Fixed usage ipoe interface client-subnet without pools
| -rw-r--r-- | python/vyos/accel_ppp_util.py | 34 |
1 files changed, 29 insertions, 5 deletions
diff --git a/python/vyos/accel_ppp_util.py b/python/vyos/accel_ppp_util.py index 845b2f5f0..ae75e6654 100644 --- a/python/vyos/accel_ppp_util.py +++ b/python/vyos/accel_ppp_util.py @@ -163,13 +163,23 @@ def verify_accel_ppp_authentication(config, local_users=True): if "key" not in radius_config: raise ConfigError(f'Missing RADIUS secret key for server "{server}"') + if dict_search("server_type", config) == 'ipoe' and dict_search( + "authentication.mode", config) == "local": + if not dict_search("authentication.interface", config): + raise ConfigError( + "Authentication mode local requires authentication interface to be configured!" + ) + for interface in dict_search("authentication.interface", config): + user_config = config["authentication"]["interface"][interface] + if "mac" not in user_config: + raise ConfigError( + f'Users MAC addreses are not configured for interface "{interface}"') + if dict_search('authentication.radius.dynamic_author.server', config): if not dict_search('authentication.radius.dynamic_author.key', config): raise ConfigError('DAE/CoA server key required!') - - def verify_accel_ppp_ip_pool(vpn_config): """ Common helper function which must be used by Accel-PPP @@ -192,7 +202,9 @@ def verify_accel_ppp_ip_pool(vpn_config): default_pool = dict_search("default_pool", vpn_config) if default_pool: - if default_pool not in dict_search("client_ip_pool", vpn_config): + if not dict_search('client_ip_pool', + vpn_config) or default_pool not in dict_search( + 'client_ip_pool', vpn_config): raise ConfigError(f'Default pool "{default_pool}" does not exists') if 'client_ipv6_pool' in vpn_config: @@ -204,8 +216,20 @@ def verify_accel_ppp_ip_pool(vpn_config): if dict_search('authentication.mode', vpn_config) in ['local', 'noauth']: if not dict_search('client_ip_pool', vpn_config) and not dict_search( 'client_ipv6_pool', vpn_config): - raise ConfigError( - "Local auth mode requires local client-ip-pool or client-ipv6-pool to be configured!") + if dict_search('server_type', vpn_config) == 'ipoe': + if 'interface' in vpn_config: + for interface, interface_config in vpn_config['interface'].items(): + if dict_search('client_subnet', interface_config): + break + else: + raise ConfigError( + 'Local auth and noauth mode requires local client-ip-pool \ + or client-ipv6-pool or client-subnet to be configured!') + else: + raise ConfigError( + "Local auth mode requires local client-ip-pool \ + or client-ipv6-pool to be configured!") + if dict_search('client_ip_pool', vpn_config) and not dict_search( 'default_pool', vpn_config): Warning("'default-pool' is not defined") |