summaryrefslogtreecommitdiff
path: root/data/templates/accel-ppp
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-04-18 12:38:47 +0200
committerChristian Poessinger <christian@poessinger.com>2020-04-18 14:31:51 +0200
commit267b3213ef0e6ac4501470bef797796276879421 (patch)
tree7d2ede2263d72ea3c3ac03f735ba8932da8181b7 /data/templates/accel-ppp
parent901d5e89ec6e3fb0f3d13f90f0495a4dda592454 (diff)
downloadvyos-1x-267b3213ef0e6ac4501470bef797796276879421.tar.gz
vyos-1x-267b3213ef0e6ac4501470bef797796276879421.zip
accel-ppp: T2314: use common tempplate for chap-secrets
Diffstat (limited to 'data/templates/accel-ppp')
-rw-r--r--data/templates/accel-ppp/chap-secrets.tmpl10
-rw-r--r--data/templates/accel-ppp/l2tp.config.tmpl145
-rw-r--r--data/templates/accel-ppp/pppoe.config.tmpl203
-rw-r--r--data/templates/accel-ppp/sstp.config.tmpl114
4 files changed, 472 insertions, 0 deletions
diff --git a/data/templates/accel-ppp/chap-secrets.tmpl b/data/templates/accel-ppp/chap-secrets.tmpl
new file mode 100644
index 000000000..dd00d7bd0
--- /dev/null
+++ b/data/templates/accel-ppp/chap-secrets.tmpl
@@ -0,0 +1,10 @@
+# username server password acceptable local IP addresses shaper
+{% for user in local_users %}
+{% if user.state == 'enabled' %}
+{% if user.upload and user.download %}
+{{ "%-12s" | format(user.name) }} * {{ "%-16s" | format(user.password) }} {{ "%-16s" | format(user.ip) }} {{ user.download }} / {{ user.upload }}
+{% else %}
+{{ "%-12s" | format(user.name) }} * {{ "%-16s" | format(user.password) }} {{ "%-16s" | format(user.ip) }}
+{% endif %}
+{% endif %}
+{% endfor %}
diff --git a/data/templates/accel-ppp/l2tp.config.tmpl b/data/templates/accel-ppp/l2tp.config.tmpl
new file mode 100644
index 000000000..ebe3aca29
--- /dev/null
+++ b/data/templates/accel-ppp/l2tp.config.tmpl
@@ -0,0 +1,145 @@
+### generated by accel_l2tp.py ###
+[modules]
+log_syslog
+l2tp
+chap-secrets
+{% for proto in auth_proto: %}
+{{proto}}
+{% endfor%}
+
+{% if auth_mode == 'radius' %}
+radius
+{% endif -%}
+
+ippool
+shaper
+ipv6pool
+ipv6_nd
+ipv6_dhcp
+
+[core]
+thread-count={{thread_cnt}}
+
+[log]
+syslog=accel-l2tp,daemon
+copy=1
+level=5
+
+{% if dnsv4 %}
+[dns]
+{% for dns in dnsv4 -%}
+dns{{ loop.index }}={{ dns }}
+{% endfor -%}
+{% endif %}
+
+{% if dnsv6 %}
+[ipv6-dns]
+{% for dns in dnsv6 -%}
+{{ dns }}
+{% endfor -%}
+{% endif %}
+
+{% if wins %}
+[wins]
+{% for server in wins -%}
+wins{{ loop.index }}={{ server }}
+{% endfor -%}
+{% endif %}
+
+[l2tp]
+verbose=1
+ifname=l2tp%d
+ppp-max-mtu={{ mtu }}
+mppe={{ ppp_mppe }}
+{% if outside_addr %}
+bind={{ outside_addr }}
+{% endif %}
+{% if lns_shared_secret %}
+secret={{ lns_shared_secret }}
+{% endif %}
+
+[client-ip-range]
+0.0.0.0/0
+
+{% if client_ip_pool or client_ip_subnets %}
+[ip-pool]
+{% if client_ip_pool %}
+{{ client_ip_pool }}
+{% endif -%}
+{% if client_ip_subnets %}
+{% for sn in client_ip_subnets %}
+{{sn}}
+{% endfor -%}
+{% endif %}
+{% endif %}
+{% if gateway_address %}
+gw-ip-address={{ gateway_address }}
+{% endif %}
+
+{% if auth_mode == 'local' %}
+[chap-secrets]
+chap-secrets={{ chap_secrets_file }}
+{% elif auth_mode == 'radius' %}
+[radius]
+verbose=1
+{% for r in radius_server %}
+server={{ r.server }},{{ r.key }},auth-port={{ r.port }},req-limit=0,fail-time={{ r.fail_time }}
+{% endfor -%}
+{% endif %}
+
+acct-timeout={{ radius_acct_tmo }}
+timeout={{ radius_timeout }}
+max-try={{ radius_max_try }}
+
+{% if radius_nas_id %}
+nas-identifier={{ radius_nas_id }}
+{% endif -%}
+{% if radius_nas_ip %}
+nas-ip-address={{ radius_nas_ip }}
+{% endif -%}
+{% if radius_source_address %}
+bind={{ radius_source_address }}
+{% endif -%}
+
+[ppp]
+verbose=1
+check-ip=1
+single-session=replace
+lcp-echo-timeout={{ ppp_echo_timeout }}
+lcp-echo-interval={{ ppp_echo_interval }}
+lcp-echo-failure={{ ppp_echo_failure }}
+{% if ccp_disable %}
+ccp=0
+{% endif %}
+{% if client_ipv6_pool %}
+ipv6=allow
+{% endif %}
+
+
+{% if client_ipv6_pool %}
+[ipv6-pool]
+{% for p in client_ipv6_pool %}
+{{ p.prefix }},{{ p.mask }}
+{% endfor %}
+{% for p in client_ipv6_delegate_prefix %}
+delegate={{ p.prefix }},{{ p.mask }}
+{% endfor %}
+{% endif %}
+
+{% if client_ipv6_delegate_prefix %}
+[ipv6-dhcp]
+verbose=1
+{% endif %}
+
+{% if radius_shaper_attr %}
+[shaper]
+verbose=1
+attr={{ radius_shaper_attr }}
+{% if radius_shaper_vendor %}
+vendor={{ radius_shaper_vendor }}
+{% endif -%}
+{% endif %}
+
+[cli]
+tcp=127.0.0.1:2004
+sessions-columns=ifname,username,calling-sid,ip,{{ ip6_column | join(',') }}{{ ',' if ip6_column }}rate-limit,type,comp,state,rx-bytes,tx-bytes,uptime
diff --git a/data/templates/accel-ppp/pppoe.config.tmpl b/data/templates/accel-ppp/pppoe.config.tmpl
new file mode 100644
index 000000000..325b75adc
--- /dev/null
+++ b/data/templates/accel-ppp/pppoe.config.tmpl
@@ -0,0 +1,203 @@
+
+### generated by accel_pppoe.py ###
+[modules]
+log_syslog
+pppoe
+{% if auth_mode == 'radius' %}
+radius
+{% endif %}
+ippool
+{% if ppp_ipv6 != 'deny' %}
+ipv6pool
+ipv6_nd
+ipv6_dhcp
+{% endif %}
+chap-secrets
+auth_pap
+auth_chap_md5
+auth_mschap_v1
+auth_mschap_v2
+shaper
+{% if snmp %}
+net-snmp
+{% endif %}
+{% if limits %}
+connlimit
+{% endif %}
+
+[core]
+thread-count={{ thread_cnt }}
+
+[log]
+syslog=accel-pppoe,daemon
+copy=1
+level=5
+
+{% if snmp == 'enable-ma' %}
+[snmp]
+master=1
+{% endif %}
+
+[client-ip-range]
+disable
+
+{% if ppp_gw %}
+[ip-pool]
+gw-ip-address={{ ppp_gw }}
+{% if client_ip_pool %}
+{{ client_ip_pool }}
+{% endif -%}
+{% if client_ip_subnets %}
+{% for subnet in client_ip_subnets %}
+{{ subnet }}
+{% endfor %}
+{% endif %}
+{% endif %}
+
+{% if client_ipv6_pool %}
+[ipv6-pool]
+{% for p in client_ipv6_pool %}
+{{ p.prefix }},{{ p.mask }}
+{% endfor %}
+{% for p in client_ipv6_delegate_prefix %}
+delegate={{ p.prefix }},{{ p.mask }}
+{% endfor %}
+{% endif %}
+
+{% if dnsv4 %}
+[dns]
+{% for dns in dnsv4 -%}
+dns{{ loop.index }}={{ dns }}
+{% endfor -%}
+{% endif %}
+
+{% if dnsv6 %}
+[ipv6-dns]
+{% for dns in dnsv6 -%}
+{{ dns }}
+{% endfor -%}
+{% endif %}
+
+{% if wins %}
+[wins]
+{% for server in wins -%}
+wins{{ loop.index }}={{ server }}
+{% endfor -%}
+{% endif %}
+
+{% if auth_mode == 'local' %}
+[chap-secrets]
+chap-secrets={{ chap_secrets_file }}
+{% elif auth_mode == 'radius' %}
+[radius]
+verbose=1
+{% for r in radius_server %}
+server={{ r.server }},{{ r.key }},auth-port={{ r.port }},req-limit=0,fail-time={{ r.fail_time }}
+{% endfor -%}
+
+acct-timeout={{ radius_acct_tmo }}
+timeout={{ radius_timeout }}
+max-try={{ radius_max_try }}
+{% if radius_nas_id %}
+nas-identifier={{ radius_nas_id }}
+{% endif -%}
+{% if radius_nas_ip %}
+nas-ip-address={{ radius_nas_ip }}
+{% endif -%}
+{% if radius_source_address %}
+bind={{ radius_source_address }}
+{% endif -%}
+
+{% if radius_dynamic_author %}
+dae-server={{ radius_dynamic_author.server }}:{{ radius_dynamic_author.port }},{{ radius_dynamic_author.key }}
+{% endif -%}
+
+{% if radius_shaper_attr %}
+[shaper]
+verbose=1
+attr={{ radius_shaper_attr }}
+{% if radius_shaper_vendor %}
+vendor={{ radius_shaper_vendor }}
+{% endif -%}
+{% endif -%}
+{% endif %}
+
+[ppp]
+verbose=1
+check-ip=1
+{% if not sesscrtl == 'disable' %}
+single-session={{sesscrtl}}
+{% endif -%}
+{% if ppp_ccp %}
+ccp=1
+{% endif %}
+{% if ppp_min_mtu %}
+min-mtu={{ ppp_min_mtu }}
+{% else %}
+min-mtu={{ mtu }}
+{% endif %}
+{% if ppp_mru %}
+mru={{ ppp_mru }}
+{% endif %}
+mppe={{ ppp_mppe }}
+lcp-echo-interval={{ ppp_echo_interval }}
+lcp-echo-timeout={{ ppp_echo_timeout }}
+lcp-echo-failure={{ ppp_echo_failure }}
+{% if ppp_ipv4 %}
+ipv4={{ ppp_ipv4 }}
+{% endif %}
+{% if client_ipv6_pool %}
+ipv6=allow
+{% endif %}
+
+{% if ppp_ipv6 %}
+ipv6={{ ppp_ipv6 }}
+{% if ppp_ipv6_intf_id %}
+ipv6-intf-id={{ ppp_ipv6_intf_id }}
+{% endif %}
+{% if ppp_ipv6_peer_intf_id %}
+ipv6-peer-intf-id={{ ppp_ipv6_peer_intf_id }}
+{% endif %}
+{% if ppp_ipv6_accept_peer_intf_id %}
+ipv6-accept-peer-intf-id={{ ppp_ipv6_accept_peer_intf_id }}
+{% endif %}
+{% endif %}
+mtu={{ mtu }}
+
+[pppoe]
+verbose=1
+ac-name={{ concentrator }}
+
+{% if interfaces %}
+{% for interface in interfaces %}
+interface={{ interface.name }}
+{% if interface.vlans %}
+vlan-mon={{ interface.name }},{{ interface.vlans | join(',') }}
+interface=re:{{ interface.name }}\.\d+
+{% endif %}
+{% endfor -%}
+{% endif -%}
+
+{% if svc_name %}
+service-name={{ svc_name|join(',') }}
+{% endif -%}
+
+{% if pado_delay %}
+pado-delay={{ pado_delay }}
+{% endif %}
+
+{% if limits_burst or limits_connections or limits_connections %}
+[connlimit]
+{% if limits_connections %}
+limit={{ limits_connections }}
+{% endif %}
+{% if limits_burst %}
+burst={{ limits_burst }}
+{% endif %}
+{% if limits_timeout %}
+timeout={{ limits_timeout }}
+{% endif %}
+{% endif %}
+
+[cli]
+tcp=127.0.0.1:2001
diff --git a/data/templates/accel-ppp/sstp.config.tmpl b/data/templates/accel-ppp/sstp.config.tmpl
new file mode 100644
index 000000000..c3dc83429
--- /dev/null
+++ b/data/templates/accel-ppp/sstp.config.tmpl
@@ -0,0 +1,114 @@
+### generated by vpn_sstp.py ###
+[modules]
+log_syslog
+sstp
+shaper
+{% if auth_mode == 'local' %}
+chap-secrets
+{% elif auth_mode == 'radius' %}
+radius
+{% endif -%}
+ippool
+
+{% for proto in auth_proto %}
+{{proto}}
+{% endfor %}
+
+[core]
+thread-count={{thread_cnt}}
+
+[common]
+single-session=replace
+
+[log]
+syslog=accel-sstp,daemon
+copy=1
+level=5
+
+[client-ip-range]
+disable
+
+[sstp]
+verbose=1
+ifname=sstp%d
+accept=ssl
+ssl-ca-file={{ ssl_ca }}
+ssl-pemfile={{ ssl_cert }}
+ssl-keyfile={{ ssl_key }}
+
+{% if client_ip_pool %}
+[ip-pool]
+gw-ip-address={{ client_gateway }}
+{% for subnet in client_ip_pool %}
+{{ subnet }}
+{% endfor %}
+{% endif %}
+
+{% if dnsv4 %}
+[dns]
+{% for dns in dnsv4 -%}
+dns{{ loop.index }}={{ dns }}
+{% endfor -%}
+{% endif %}
+
+{% if auth_mode == 'local' %}
+[chap-secrets]
+chap-secrets={{ chap_secrets_file }}
+{% elif auth_mode == 'radius' %}
+[radius]
+verbose=1
+{% for r in radius_server %}
+server={{ r.server }},{{ r.key }},auth-port={{ r.port }},req-limit=0,fail-time={{ r.fail_time }}
+{% endfor -%}
+
+acct-timeout={{ radius_acct_tmo }}
+timeout={{ radius_timeout }}
+max-try={{ radius_max_try }}
+
+{% if radius_nas_id %}
+nas-identifier={{ radius_nas_id }}
+{% endif -%}
+{% if radius_nas_ip %}
+nas-ip-address={{ radius_nas_ip }}
+{% endif -%}
+{% if radius_source_address %}
+bind={{ radius_source_address }}
+{% endif -%}
+
+
+{% if radius_dynamic_author %}
+dae-server={{ radius_dynamic_author.server }}:{{ radius_dynamic_author.port }},{{ radius_dynamic_author.key }}
+{% endif -%}
+{% endif %}
+
+[ppp]
+verbose=1
+check-ip=1
+{% if mtu %}
+mtu={{ mtu }}
+{% endif -%}
+
+{% if ppp_mppe %}
+mppe={{ ppp_mppe }}
+{% endif -%}
+{% if ppp_echo_interval %}
+lcp-echo-interval={{ ppp_echo_interval }}
+{% endif -%}
+{% if ppp_echo_failure %}
+lcp-echo-failure={{ ppp_echo_failure }}
+{% endif -%}
+{% if ppp_echo_timeout %}
+lcp-echo-timeout={{ ppp_echo_timeout }}
+{% endif %}
+
+{% if radius_shaper_attr %}
+[shaper]
+verbose=1
+attr={{ radius_shaper_attr }}
+{% if radius_shaper_vendor %}
+vendor={{ radius_shaper_vendor }}
+{% endif -%}
+{% endif %}
+
+[cli]
+tcp=127.0.0.1:2005