diff options
| author | Christian Poessinger <christian@poessinger.com> | 2022-04-13 22:51:19 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2022-04-13 22:51:19 +0200 |
| commit | 2b066e2cb8fe5340c3f32e4c29c75d4f3282363f (patch) | |
| tree | 14e7465716f30f08f3a76f0822e80b1aa89a7bfd | |
| parent | 4f8ae0d3d51b62caeec856386844074f38935b87 (diff) | |
| download | vyos-1x-2b066e2cb8fe5340c3f32e4c29c75d4f3282363f.tar.gz vyos-1x-2b066e2cb8fe5340c3f32e4c29c75d4f3282363f.zip | |
openvpn: T4333: migrate to new vyos_defined Jinja2 test
| -rw-r--r-- | data/templates/openvpn/auth.pw.tmpl | 2 | ||||
| -rw-r--r-- | data/templates/openvpn/client.conf.tmpl | 6 | ||||
| -rw-r--r-- | data/templates/openvpn/server.conf.tmpl | 102 | ||||
| -rw-r--r-- | data/templates/openvpn/service-override.conf.tmpl | 2 |
4 files changed, 54 insertions, 58 deletions
diff --git a/data/templates/openvpn/auth.pw.tmpl b/data/templates/openvpn/auth.pw.tmpl index 9b20c9742..218121062 100644 --- a/data/templates/openvpn/auth.pw.tmpl +++ b/data/templates/openvpn/auth.pw.tmpl @@ -1,5 +1,5 @@ {# Autogenerated by interfaces-openvpn.py #} -{% if authentication is defined and authentication is not none %} +{% if authentication is vyos_defined %} {{ authentication.username }} {{ authentication.password }} {% endif %} diff --git a/data/templates/openvpn/client.conf.tmpl b/data/templates/openvpn/client.conf.tmpl index e6e15b6ad..98c8b0273 100644 --- a/data/templates/openvpn/client.conf.tmpl +++ b/data/templates/openvpn/client.conf.tmpl @@ -3,12 +3,12 @@ {% if ip %} ifconfig-push {{ ip[0] }} {{ server_subnet[0] | netmask_from_cidr }} {% endif %} -{% if push_route is defined and push_route is not none %} +{% if push_route is vyos_defined %} {% for route in push_route %} push "route {{ route | address_from_cidr }} {{ route | netmask_from_cidr }}" {% endfor %} {% endif %} -{% if subnet is defined and subnet is not none %} +{% if subnet is vyos_defined %} {% for network in subnet %} iroute {{ network | address_from_cidr }} {{ network | netmask_from_cidr }} {% endfor %} @@ -26,6 +26,6 @@ push "route-ipv6 {{ route6 }}" iroute-ipv6 {{ net6 }} {% endfor %} {% endif %} -{% if disable is defined %} +{% if disable is vyos_defined %} disable {% endif %} diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl index fb7ad9e16..f26680fa3 100644 --- a/data/templates/openvpn/server.conf.tmpl +++ b/data/templates/openvpn/server.conf.tmpl @@ -3,7 +3,7 @@ # See https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage # for individual keyword definition # -# {{ description if description is defined and description is not none }} +# {{ description if description is vyos_defined }} # verb 3 @@ -17,35 +17,35 @@ proto tcp-server {% else %} proto udp {% endif %} -{% if local_host is defined and local_host is not none %} +{% if local_host is vyos_defined %} local {{ local_host }} {% endif %} -{% if mode is defined and mode == 'server' and protocol == 'udp' and local_host is not defined %} +{% if mode is vyos_defined('server') and protocol is vyos_defined('udp') and local_host is not vyos_defined %} multihome {% endif %} -{% if local_port is defined and local_port is not none %} +{% if local_port is vyos_defined %} lport {{ local_port }} {% endif %} -{% if remote_port is defined and remote_port is not none %} +{% if remote_port is vyos_defined %} rport {{ remote_port }} {% endif %} -{% if remote_host is defined and remote_host is not none %} +{% if remote_host is vyos_defined %} {% for remote in remote_host %} remote {{ remote }} {% endfor %} {% endif %} -{% if shared_secret_key is defined and shared_secret_key is not none %} +{% if shared_secret_key is vyos_defined %} secret /run/openvpn/{{ ifname }}_shared.key {% endif %} -{% if persistent_tunnel is defined %} +{% if persistent_tunnel is vyos_defined %} persist-tun {% endif %} -{% if replace_default_route is defined and replace_default_route.local is defined %} +{% if replace_default_route.local is vyos_defined %} push "redirect-gateway local def1" -{% elif replace_default_route is defined %} +{% elif replace_default_route is vyos_defined %} push "redirect-gateway def1" {% endif %} -{% if use_lzo_compression is defined %} +{% if use_lzo_compression is vyos_defined %} compress lzo {% endif %} @@ -62,21 +62,21 @@ nobind # mode server tls-server -{% if server is defined and server is not none %} -{% if server.subnet is defined and server.subnet is not none %} -{% if server.topology is defined and server.topology == 'point-to-point' %} +{% if server is vyos_defined %} +{% if server.subnet is vyos_defined %} +{% if server.topology is vyos_defined('point-to-point') %} topology p2p -{% elif server.topology is defined and server.topology is not none %} +{% elif server.topology is vyos_defined %} topology {{ server.topology }} {% endif %} {% for subnet in server.subnet %} {% if subnet | is_ipv4 %} server {{ subnet | address_from_cidr }} {{ subnet | netmask_from_cidr }} nopool {# First ip address is used as gateway. It's allows to use metrics #} -{% if server.push_route is defined and server.push_route is not none %} +{% if server.push_route is vyos_defined %} {% for route, route_config in server.push_route.items() %} {% if route | is_ipv4 %} -push "route {{ route | address_from_cidr }} {{ route | netmask_from_cidr }}{% if route_config.metric is defined %} {{ subnet | first_host_address }} {{ route_config.metric }}{% endif %}" +push "route {{ route | address_from_cidr }} {{ route | netmask_from_cidr }}{% if route_config.metric is vyos_defined %} {{ subnet | first_host_address }} {{ route_config.metric }}{% endif %}" {% elif route | is_ipv6 %} push "route-ipv6 {{ route }}" {% endif %} @@ -84,7 +84,7 @@ push "route-ipv6 {{ route }}" {% endif %} {# OpenVPN assigns the first IP address to its local interface so the pool used #} {# in net30 topology - where each client receives a /30 must start from the second subnet #} -{% if server.topology is defined and server.topology == 'net30' %} +{% if server.topology is vyos_defined('net30') %} ifconfig-pool {{ subnet | inc_ip('4') }} {{ subnet | last_host_address | dec_ip('1') }} {{ subnet | netmask_from_cidr if device_type == 'tap' else '' }} {% else %} {# OpenVPN assigns the first IP address to its local interface so the pool must #} @@ -97,24 +97,24 @@ server-ipv6 {{ subnet }} {% endfor %} {% endif %} -{% if server.client_ip_pool is defined and server.client_ip_pool is not none and server.client_ip_pool.disable is not defined %} -ifconfig-pool {{ server.client_ip_pool.start }} {{ server.client_ip_pool.stop }}{{ server.client_ip_pool.subnet_mask if server.client_ip_pool.subnet_mask is defined and server.client_ip_pool.subnet_mask is not none }} +{% if server.client_ip_pool is vyos_defined and server.client_ip_pool.disable is not vyos_defined %} +ifconfig-pool {{ server.client_ip_pool.start }} {{ server.client_ip_pool.stop }}{{ server.client_ip_pool.subnet_mask if server.client_ip_pool.subnet_mask is vyos_defined }} {% endif %} -{% if server.max_connections is defined and server.max_connections is not none %} +{% if server.max_connections is vyos_defined %} max-clients {{ server.max_connections }} {% endif %} -{% if server.client is defined and server.client is not none %} +{% if server.client is vyos_defined %} client-config-dir /run/openvpn/ccd/{{ ifname }} {% endif %} {% endif %} keepalive {{ keep_alive.interval }} {{ keep_alive.interval|int * keep_alive.failure_count|int }} management /run/openvpn/openvpn-mgmt-intf unix -{% if server is defined and server is not none %} -{% if server.reject_unconfigured_clients is defined %} +{% if server is vyos_defined %} +{% if server.reject_unconfigured_clients is vyos_defined %} ccd-exclusive {% endif %} -{% if server.name_server is defined and server.name_server is not none %} +{% if server.name_server is vyos_defined %} {% for nameserver in server.name_server %} {% if nameserver | is_ipv4 %} push "dhcp-option DNS {{ nameserver }}" @@ -123,14 +123,12 @@ push "dhcp-option DNS6 {{ nameserver }}" {% endif %} {% endfor %} {% endif %} -{% if server.domain_name is defined and server.domain_name is not none %} +{% if server.domain_name is vyos_defined %} push "dhcp-option DOMAIN {{ server.domain_name }}" {% endif %} -{% if server.mfa is defined and server.mfa is not none %} -{% if server.mfa.totp is defined and server.mfa.totp is not none %} -{% set totp_config = server.mfa.totp %} +{% if server.mfa.totp is vyos_defined %} +{% set totp_config = server.mfa.totp %} plugin "{{ plugin_dir}}/openvpn-otp.so" "otp_secrets=/config/auth/openvpn/{{ ifname }}-otp-secrets {{ 'otp_slop=' ~ totp_config.slop }} {{ 'totp_t0=' ~ totp_config.drift }} {{ 'totp_step=' ~ totp_config.step }} {{ 'totp_digits=' ~ totp_config.digits }} password_is_cr={{ '1' if totp_config.challenge == 'enable' else '0' }}" -{% endif %} {% endif %} {% endif %} {% else %} @@ -141,9 +139,9 @@ ping {{ keep_alive.interval }} ping-restart {{ keep_alive.failure_count }} {% if device_type == 'tap' %} -{% if local_address is defined and local_address is not none %} +{% if local_address is vyos_defined %} {% for laddr, laddr_conf in local_address.items() if laddr | is_ipv4 %} -{% if laddr_conf is defined and laddr_conf.subnet_mask is defined and laddr_conf.subnet_mask is not none %} +{% if laddr_conf.subnet_mask is vyos_defined %} ifconfig {{ laddr }} {{ laddr_conf.subnet_mask }} {% endif %} {% endfor %} @@ -162,67 +160,65 @@ ifconfig-ipv6 {{ laddr }} {{ raddr }} {% endif %} {% endif %} -{% if tls is defined and tls is not none %} +{% if tls is vyos_defined %} # TLS options -{% if tls.ca_certificate is defined and tls.ca_certificate is not none %} +{% if tls.ca_certificate is vyos_defined %} ca /run/openvpn/{{ ifname }}_ca.pem {% endif %} -{% if tls.certificate is defined and tls.certificate is not none %} +{% if tls.certificate is vyos_defined %} cert /run/openvpn/{{ ifname }}_cert.pem {% endif %} -{% if tls.private_key is defined %} +{% if tls.private_key is vyos_defined %} key /run/openvpn/{{ ifname }}_cert.key {% endif %} -{% if tls.crypt_key is defined and tls.crypt_key is not none %} +{% if tls.crypt_key is vyos_defined %} tls-crypt /run/openvpn/{{ ifname }}_crypt.key {% endif %} -{% if tls.crl is defined %} +{% if tls.crl is vyos_defined %} crl-verify /run/openvpn/{{ ifname }}_crl.pem {% endif %} -{% if tls.tls_version_min is defined and tls.tls_version_min is not none %} +{% if tls.tls_version_min is vyos_defined %} tls-version-min {{ tls.tls_version_min }} {% endif %} -{% if tls.dh_params is defined and tls.dh_params is not none %} +{% if tls.dh_params is vyos_defined %} dh /run/openvpn/{{ ifname }}_dh.pem -{% elif mode == 'server' and tls.private_key is defined %} +{% elif mode is vyos_defined('server') and tls.private_key is vyos_defined %} dh none {% endif %} -{% if tls.auth_key is defined and tls.auth_key is not none %} +{% if tls.auth_key is vyos_defined %} {% if mode == 'client' %} tls-auth /run/openvpn/{{ ifname }}_auth.key 1 {% elif mode == 'server' %} tls-auth /run/openvpn/{{ ifname }}_auth.key 0 {% endif %} {% endif %} -{% if tls.role is defined and tls.role is not none %} -{% if tls.role == 'active' %} +{% if tls.role is vyos_defined('active') %} tls-client -{% elif tls.role == 'passive' %} +{% elif tls.role is vyos_defined('passive') %} tls-server -{% endif %} {% endif %} {% endif %} # Encryption options -{% if encryption is defined and encryption is not none %} -{% if encryption.cipher is defined and encryption.cipher is not none %} +{% if encryption is vyos_defined %} +{% if encryption.cipher is vyos_defined %} cipher {{ encryption.cipher | openvpn_cipher }} -{% if encryption.cipher == 'bf128' %} +{% if encryption.cipher is vyos_defined('bf128') %} keysize 128 -{% elif encryption.cipher == 'bf256' %} +{% elif encryption.cipher is vyos_defined('bf256') %} keysize 256 {% endif %} {% endif %} -{% if encryption.ncp_ciphers is defined and encryption.ncp_ciphers is not none %} +{% if encryption.ncp_ciphers is vyos_defined %} data-ciphers {{ encryption.ncp_ciphers | openvpn_ncp_ciphers }} {% endif %} {% endif %} -{% if hash is defined and hash is not none %} +{% if hash is vyos_defined %} auth {{ hash }} {% endif %} -{% if authentication is defined and authentication is not none %} +{% if authentication is vyos_defined %} auth-user-pass {{ auth_user_pass_file }} auth-retry nointeract {% endif %} diff --git a/data/templates/openvpn/service-override.conf.tmpl b/data/templates/openvpn/service-override.conf.tmpl index 069bdbd08..cba652223 100644 --- a/data/templates/openvpn/service-override.conf.tmpl +++ b/data/templates/openvpn/service-override.conf.tmpl @@ -1,7 +1,7 @@ [Service] ExecStart= ExecStart=/usr/sbin/openvpn --daemon openvpn-%i --config %i.conf --status %i.status 30 --writepid %i.pid -{%- if openvpn_option is defined and openvpn_option is not none %} +{%- if openvpn_option is vyos_defined %} {% for option in openvpn_option %} {# Remove the '--' prefix from variable if it is presented #} {% if option.startswith('--') %} |