ocserv: openconnect: T4614: add support for split-dns

set vpn openconnect network-settings split-dns <domain>
author: Christian Poessinger <christian@poessinger.com> 2022-08-15 20:16:02 +0200
committer: Christian Poessinger <christian@poessinger.com> 2022-08-15 20:16:51 +0200
commit: e41685a2f56cca0a53b4f8c084f61a85cf561c80 (patch)
tree: 01009f6ad19b2653b5e07c5dc7fc9c57a43ff9de
parent: bd102eac6d0c97a5f75324d1248814ebdad42da5 (diff)
download: vyos-1x-e41685a2f56cca0a53b4f8c084f61a85cf561c80.tar.gz
vyos-1x-e41685a2f56cca0a53b4f8c084f61a85cf561c80.zip
3 files changed, 22 insertions, 0 deletions
diff --git a/data/templates/ocserv/ocserv_config.j2 b/data/templates/ocserv/ocserv_config.j2
index d3d022bb0..e0cad5181 100644
--- a/data/templates/ocserv/ocserv_config.j2
+++ b/data/templates/ocserv/ocserv_config.j2
@@ -80,3 +80,8 @@ route = {{ route }}
 {%     endfor %}
 {% endif %}
 
+{% if network_settings.split_dns is vyos_defined %}
+{%     for tmp in network_settings.split_dns %}
+split-dns = {{ tmp }}
+{%     endfor %}
+{% endif %}
diff --git a/interface-definitions/vpn-openconnect.xml.in b/interface-definitions/vpn-openconnect.xml.in
index 21b47125d..6309863c5 100644
--- a/interface-definitions/vpn-openconnect.xml.in
+++ b/interface-definitions/vpn-openconnect.xml.in
@@ -265,6 +265,19 @@
                 </children>
               </node>
               #include <include/name-server-ipv4-ipv6.xml.i>
+              <leafNode name="split-dns">
+                <properties>
+                  <help>Domains over which the provided DNS should be used</help>
+                  <valueHelp>
+                    <format>txt</format>
+                    <description>Client prefix length</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="fqdn"/>
+                  </constraint>
+                  <multi/>
+                </properties>
+              </leafNode>
             </children>
           </node>
       </children>
diff --git a/smoketest/scripts/cli/test_vpn_openconnect.py b/smoketest/scripts/cli/test_vpn_openconnect.py
index 094812791..8572d6d66 100755
--- a/smoketest/scripts/cli/test_vpn_openconnect.py
+++ b/smoketest/scripts/cli/test_vpn_openconnect.py
@@ -98,6 +98,8 @@ class TestVPNOpenConnect(VyOSUnitTestSHIM.TestCase):
 
         for ns in name_server:
             self.cli_set(base_path + ['network-settings', 'name-server', ns])
+        for domain in split_dns:
+            self.cli_set(base_path + ['network-settings', 'split-dns', domain])
 
         self.cli_set(base_path + ['ssl', 'ca-certificate', 'openconnect'])
         self.cli_set(base_path + ['ssl', 'certificate', 'openconnect'])
@@ -115,6 +117,8 @@ class TestVPNOpenConnect(VyOSUnitTestSHIM.TestCase):
 
         for ns in name_server:
             self.assertIn(f'dns = {ns}', daemon_config)
+        for domain in split_dns:
+            self.assertIn(f'split-dns = {domain}', daemon_config)
 
         auth_config = read_file(auth_file)
         self.assertIn(f'{user}:*:$', auth_config)
author	Christian Poessinger <christian@poessinger.com>	2022-08-15 20:16:02 +0200
committer	Christian Poessinger <christian@poessinger.com>	2022-08-15 20:16:51 +0200
commit	e41685a2f56cca0a53b4f8c084f61a85cf561c80 (patch)
tree	01009f6ad19b2653b5e07c5dc7fc9c57a43ff9de
parent	bd102eac6d0c97a5f75324d1248814ebdad42da5 (diff)
download	vyos-1x-e41685a2f56cca0a53b4f8c084f61a85cf561c80.tar.gz vyos-1x-e41685a2f56cca0a53b4f8c084f61a85cf561c80.zip