summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-04-10 19:32:24 +0200
committerChristian Poessinger <christian@poessinger.com>2020-04-11 11:25:13 +0200
commit6a2e75dbe4003c6987c6932296e68c486ff7b380 (patch)
tree020236a6a5cbf98832c0dcfd3dac682a95db2bce
parentc2ae1ca3be86abfdba418a738785c8a217f6245f (diff)
downloadvyos-1x-6a2e75dbe4003c6987c6932296e68c486ff7b380.tar.gz
vyos-1x-6a2e75dbe4003c6987c6932296e68c486ff7b380.zip
vpn: l2tp: T2264: combine IPv4/IPv6 name-server CLI syntax
There is no reason to distinguish between an IPv4 and IPv6 name-server node on the CLI - this can be done in the underlaying Python scripts.
-rw-r--r--data/templates/l2tp/l2tp.config.tmpl17
-rw-r--r--interface-definitions/vpn-l2tp.xml.in46
-rwxr-xr-xsrc/conf_mode/vpn_l2tp.py29
-rwxr-xr-xsrc/migration-scripts/l2tp/2-to-364
4 files changed, 98 insertions, 58 deletions
diff --git a/data/templates/l2tp/l2tp.config.tmpl b/data/templates/l2tp/l2tp.config.tmpl
index b8637e256..bea2943d2 100644
--- a/data/templates/l2tp/l2tp.config.tmpl
+++ b/data/templates/l2tp/l2tp.config.tmpl
@@ -23,21 +23,18 @@ syslog=accel-l2tp,daemon
copy=1
level=5
-{% if dns %}
+{% if dnsv4 %}
[dns]
-{% if dns[0] %}
-dns1={{dns[0]}}
-{% endif %}
-{% if dns[1] %}
-dns2={{dns[1]}}
+{% for dns in dnsv4 -%}
+dns{{ loop.index }}={{ dns }}
+{% endfor -%}
{% endif %}
-{% endif -%}
{% if dnsv6 %}
[ipv6-dns]
-{% for srv in dnsv6: %}
-{{srv}}
-{% endfor %}
+{% for dns in dnsv6 -%}
+{{ dns }}
+{% endfor -%}
{% endif %}
{% if wins %}
diff --git a/interface-definitions/vpn-l2tp.xml.in b/interface-definitions/vpn-l2tp.xml.in
index dcbb5f3ed..0bd592746 100644
--- a/interface-definitions/vpn-l2tp.xml.in
+++ b/interface-definitions/vpn-l2tp.xml.in
@@ -36,48 +36,22 @@
</constraint>
</properties>
</leafNode>
- <node name="dns-servers">
+ <leafNode name="name-server">
<properties>
- <help>IPv4 Domain Name Service (DNS) server</help>
- </properties>
- <children>
- <leafNode name="server-1">
- <properties>
- <help>Primary DNS server</help>
- <valueHelp>
- <format>ipv4</format>
- <description>IPv4 address</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="server-2">
- <properties>
- <help>Secondary DNS server</help>
- <valueHelp>
- <format>ipv4</format>
- <description>IPv4 address</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- </constraint>
- </properties>
- </leafNode>
- </children>
- </node>
- <leafNode name="dnsv6-servers">
- <properties>
- <help>IPv6 Domain Name Service (DNS) server</help>
+ <help>Domain Name Server (DNS) propagated to client</help>
<valueHelp>
- <format>ipv6</format>
- <description>IPv6 DNS address</description>
+ <format>ipv4</format>
+ <description>Domain Name Server (DNS) IPv4 address</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>Domain Name Server (DNS) IPv6 address</description>
</valueHelp>
<constraint>
+ <validator name="ipv4-address"/>
<validator name="ipv6-address"/>
</constraint>
- <multi />
+ <multi/>
</properties>
</leafNode>
<node name="lns">
diff --git a/src/conf_mode/vpn_l2tp.py b/src/conf_mode/vpn_l2tp.py
index d5274a6bc..93ee9edf9 100755
--- a/src/conf_mode/vpn_l2tp.py
+++ b/src/conf_mode/vpn_l2tp.py
@@ -26,9 +26,9 @@ from jinja2 import FileSystemLoader, Environment
from vyos.config import Config
from vyos.defaults import directories as vyos_data_dir
-from vyos import ConfigError
from vyos.util import run
-
+from vyos.validate import is_ipv4
+from vyos import ConfigError
pidfile = r'/var/run/accel_l2tp.pid'
l2tp_cnf_dir = r'/etc/accel-ppp/l2tp'
@@ -53,7 +53,7 @@ default_config_data = {
},
'outside_addr': '',
'gateway_address': '10.255.255.0',
- 'dns': [],
+ 'dnsv4': [],
'dnsv6': [],
'wins': [],
'client_ip_pool': None,
@@ -91,7 +91,7 @@ def _accel_cmd(command):
def get_config():
c = Config()
- base = ['vpn', 'l2tp' 'remote-access']
+ base = ['vpn', 'l2tp', 'remote-access']
if not c.exists(base):
return None
@@ -99,17 +99,19 @@ def get_config():
config_data = deepcopy(default_config_data)
### general options ###
- if c.exists('dns-servers server-1'):
- config_data['dns'].append(c.return_value('dns-servers server-1'))
- if c.exists('dns-servers server-2'):
- config_data['dns'].append(c.return_value('dns-servers server-2'))
- if c.exists('dnsv6-servers'):
- for dns6_server in c.return_values('dnsv6-servers'):
- config_data['dnsv6'].append(dns6_server)
+ if c.exists(['name-server']):
+ for name_server in c.return_values(['name-server']):
+ if is_ipv4(name_server):
+ config_data['dnsv4'].append(name_server)
+ else:
+ config_data['dnsv6'].append(name_server)
+
if c.exists('wins-servers server-1'):
config_data['wins'].append(c.return_value('wins-servers server-1'))
+
if c.exists('wins-servers server-2'):
config_data['wins'].append(c.return_value('wins-servers server-2'))
+
if c.exists('outside-address'):
config_data['outside_addr'] = c.return_value('outside-address')
@@ -324,8 +326,11 @@ def verify(c):
raise ConfigError(
"\"set vpn l2tp remote-access client-ipv6-pool prefix\" required for delegate-prefix ")
+ if len(c['dnsv4']) > 2:
+ raise ConfigError('Not more then two IPv4 DNS name-servers can be configured')
+
if len(c['dnsv6']) > 3:
- raise ConfigError("Maximum allowed dnsv6-servers addresses is 3")
+ raise ConfigError('Not more then three IPv6 DNS name-servers can be configured')
def generate(c):
diff --git a/src/migration-scripts/l2tp/2-to-3 b/src/migration-scripts/l2tp/2-to-3
new file mode 100755
index 000000000..ebeb814c1
--- /dev/null
+++ b/src/migration-scripts/l2tp/2-to-3
@@ -0,0 +1,64 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2020 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# - remove primary/secondary identifier from nameserver
+
+import os
+import sys
+
+from sys import argv, exit
+from vyos.configtree import ConfigTree
+
+if (len(argv) < 1):
+ print("Must specify file name!")
+ exit(1)
+
+file_name = argv[1]
+
+with open(file_name, 'r') as f:
+ config_file = f.read()
+
+config = ConfigTree(config_file)
+base = ['vpn', 'l2tp', 'remote-access']
+if not config.exists(base):
+ # Nothing to do
+ exit(0)
+else:
+
+ # Migrate IPv4 DNS servers
+ dns_base = base + ['dns-servers']
+ if config.exists(dns_base):
+ for server in ['server-1', 'server-2']:
+ if config.exists(dns_base + [server]):
+ dns = config.return_value(dns_base + [server])
+ config.set(base + ['name-server'], value=dns, replace=False)
+
+ config.delete(dns_base)
+
+ # Migrate IPv6 DNS servers
+ dns_base = base + ['dnsv6-servers']
+ if config.exists(dns_base):
+ for server in config.return_values(dns_base):
+ config.set(base + ['name-server'], value=server, replace=False)
+
+ config.delete(dns_base)
+
+ try:
+ with open(file_name, 'w') as f:
+ f.write(config.to_string())
+ except OSError as e:
+ print("Failed to save the modified config: {}".format(e))
+ exit(1)