summaryrefslogtreecommitdiff
path: root/data/templates/accel-ppp
diff options
context:
space:
mode:
authoraapostoliuk <a.apostoliuk@vyos.io>2023-11-13 11:17:23 +0200
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2023-12-28 15:28:02 +0000
commitd5062cb045fae8b0b5d68b3b1198c3b86de4d558 (patch)
tree589f2974f7589b7c9f12fb3388ac59e2efb14759 /data/templates/accel-ppp
parentdb108da1fb9f289968302a963a0e6a28ea243b49 (diff)
downloadvyos-1x-d5062cb045fae8b0b5d68b3b1198c3b86de4d558.tar.gz
vyos-1x-d5062cb045fae8b0b5d68b3b1198c3b86de4d558.zip
accel-ppp: T5688: Standardized pool configuration in accel-ppp
Standardized pool configuration for all accel-ppp services. 1. Only named pools are used now. 2. Allows all services to use range in x.x.x.x/mask and x.x.x.x-x.x.x.y format 3. next-pool can be used in all services 2. Allows to use in ipoe gw-ip-address without pool configuration which allows to use Fraimed-IP-Address attribute by radius. 3. Default pool name should be explicidly configured with default-pool. 4. In ipoe netmask and range subnet can be different. (cherry picked from commit 422eb463d413da812eabc28706e507a9910d7b53)
Diffstat (limited to 'data/templates/accel-ppp')
-rw-r--r--data/templates/accel-ppp/config_chap_secrets_radius.j211
-rw-r--r--data/templates/accel-ppp/config_ip_pool.j232
-rw-r--r--data/templates/accel-ppp/ipoe.config.j236
-rw-r--r--data/templates/accel-ppp/l2tp.config.j223
-rw-r--r--data/templates/accel-ppp/pppoe.config.j221
-rw-r--r--data/templates/accel-ppp/pptp.config.j216
-rw-r--r--data/templates/accel-ppp/sstp.config.j24
7 files changed, 53 insertions, 90 deletions
diff --git a/data/templates/accel-ppp/config_chap_secrets_radius.j2 b/data/templates/accel-ppp/config_chap_secrets_radius.j2
index a498d8186..595e3a565 100644
--- a/data/templates/accel-ppp/config_chap_secrets_radius.j2
+++ b/data/templates/accel-ppp/config_chap_secrets_radius.j2
@@ -30,7 +30,16 @@ dae-server={{ authentication.radius.dynamic_author.server }}:{{ authentication.r
{% endif %}
{% endif %}
{# Both chap-secrets and radius block required the gw-ip-address #}
-{% if gateway_address is vyos_defined %}
+{% if authentication.mode is vyos_defined('local') or authentication.mode is vyos_defined('radius') %}
+{% if gateway_address is vyos_defined %}
+{% if server_type == 'ipoe' %}
+{% for gw in gateway_address %}
+{% set host_address, _ = gw.split('/') %}
+gw-ip-address={{ host_address }}
+{% endfor %}
+{% else %}
gw-ip-address={{ gateway_address }}
+{% endif %}
+{% endif %}
{% endif %}
diff --git a/data/templates/accel-ppp/config_ip_pool.j2 b/data/templates/accel-ppp/config_ip_pool.j2
index f7511e445..c567236a4 100644
--- a/data/templates/accel-ppp/config_ip_pool.j2
+++ b/data/templates/accel-ppp/config_ip_pool.j2
@@ -1,24 +1,22 @@
-{% if client_ip_pool is vyos_defined %}
+{% if ordered_named_pools is vyos_defined %}
[ip-pool]
{% if gateway_address is vyos_defined %}
+{% if server_type == 'ipoe' %}
+{% for gw in gateway_address %}
+{% set host_address, _ = gw.split('/') %}
+gw-ip-address={{ host_address }}
+{% endfor %}
+{% else %}
gw-ip-address={{ gateway_address }}
+{% endif %}
{% endif %}
-{% if client_ip_pool.start is vyos_defined and client_ip_pool.stop is vyos_defined %}
-{{ client_ip_pool.start }}-{{ client_ip_pool.stop.split('.')[3] }}
-{% endif %}
-{% if client_ip_pool.subnet is vyos_defined %}
-{% for subnet in client_ip_pool.subnet %}
-{{ subnet }}
-{% endfor %}
-{% endif %}
-{% if client_ip_pool.name is vyos_defined %}
-{% for pool, pool_config in client_ip_pool.name.items() %}
-{% if pool_config.subnet is vyos_defined %}
-{{ pool_config.subnet }},name={{ pool }}
-{% endif %}
-{% if pool_config.gateway_address is vyos_defined %}
-gw-ip-address={{ pool_config.gateway_address }}
+{% for pool in ordered_named_pools %}
+{% for pool_name, pool_config in pool.items() %}
+{% if pool_config.next_pool is vyos_defined %}
+{{ pool_config.range }},name={{ pool_name }},next={{ pool_config.next_pool }}
+{% else %}
+{{ pool_config.range }},name={{ pool_name }}
{% endif %}
{% endfor %}
-{% endif %}
+{% endfor %}
{% endif %} \ No newline at end of file
diff --git a/data/templates/accel-ppp/ipoe.config.j2 b/data/templates/accel-ppp/ipoe.config.j2
index 555a033d3..588f3d462 100644
--- a/data/templates/accel-ppp/ipoe.config.j2
+++ b/data/templates/accel-ppp/ipoe.config.j2
@@ -55,38 +55,18 @@ noauth=1
username=ifname
password=csid
{% endif %}
-{% if client_ip_pool.name is vyos_defined %}
-{% if first_named_pool is vyos_defined %}
-ip-pool={{ first_named_pool }}
-{% else %}
-{% for pool, pool_options in client_ip_pool.name.items() %}
-{% if pool_options.subnet is vyos_defined %}
-ip-pool={{ pool }}
-{% endif %}
-{% endfor %}
-{% endif %}
-{% for pool, pool_options in client_ip_pool.name.items() %}
-{% if pool_options.gateway_address is vyos_defined %}
-gw-ip-address={{ pool_options.gateway_address }}/{{ pool_options.subnet.split('/')[1] }}
-{% endif %}
+{% if default_pool is vyos_defined %}
+ip-pool={{ default_pool }}
+{% endif %}
+{% if gateway_address is vyos_defined %}
+{% for gw_addr in gateway_address %}
+gw-ip-address={{ gw_addr }}
{% endfor %}
{% endif %}
proxy-arp=1
-{% if ordered_named_pools is vyos_defined %}
-[ip-pool]
-{% for p in ordered_named_pools %}
-{% for pool, pool_options in p.items() %}
-{% set next_named_pool = ',next=' ~ pool_options.next_pool if pool_options.next_pool is vyos_defined else '' %}
-{{ pool_options.subnet }},name={{ pool }}{{ next_named_pool }}
-{% endfor %}
-{% endfor %}
-{% for p in ordered_named_pools %}
-{% for pool, pool_options in p.items() %}
-gw-ip-address={{ pool_options.gateway_address }}/{{ pool_options.subnet.split('/')[1] }}
-{% endfor %}
-{% endfor %}
-{% endif %}
+{# Common IP pool definitions #}
+{% include 'accel-ppp/config_ip_pool.j2' %}
{# Common IPv6 pool definitions #}
{% include 'accel-ppp/config_ipv6_pool.j2' %}
diff --git a/data/templates/accel-ppp/l2tp.config.j2 b/data/templates/accel-ppp/l2tp.config.j2
index b089d3e71..89cc0eae7 100644
--- a/data/templates/accel-ppp/l2tp.config.j2
+++ b/data/templates/accel-ppp/l2tp.config.j2
@@ -6,11 +6,9 @@ chap-secrets
{% for proto in auth_proto %}
{{ proto }}
{% endfor %}
-
{% if auth_mode == 'radius' %}
radius
{% endif %}
-
ippool
shaper
ipv6pool
@@ -65,24 +63,15 @@ secret={{ lns_shared_secret }}
{% if lns_host_name %}
host-name={{ lns_host_name }}
{% endif %}
+{% if default_pool is vyos_defined %}
+ip-pool={{ default_pool }}
+{% endif %}
[client-ip-range]
0.0.0.0/0
-{% if client_ip_pool or client_ip_subnets %}
-[ip-pool]
-{% if client_ip_pool %}
-{{ client_ip_pool }}
-{% endif %}
-{% if client_ip_subnets %}
-{% for sn in client_ip_subnets %}
-{{ sn }}
-{% endfor %}
-{% endif %}
-{% endif %}
-{% if gateway_address %}
-gw-ip-address={{ gateway_address }}
-{% endif %}
+{# Common IP pool definitions #}
+{% include 'accel-ppp/config_ip_pool.j2' %}
{% if auth_mode == 'local' %}
[chap-secrets]
@@ -115,7 +104,7 @@ nas-ip-address={{ radius_nas_ip }}
bind={{ radius_source_address }}
{% endif %}
{% endif %}
-{% if gateway_address %}
+{% if gateway_address is vyos_defined %}
gw-ip-address={{ gateway_address }}
{% endif %}
diff --git a/data/templates/accel-ppp/pppoe.config.j2 b/data/templates/accel-ppp/pppoe.config.j2
index e1ae3660e..4bb1c4450 100644
--- a/data/templates/accel-ppp/pppoe.config.j2
+++ b/data/templates/accel-ppp/pppoe.config.j2
@@ -108,7 +108,6 @@ unit-cache={{ ppp_options.interface_cache }}
[pppoe]
verbose=1
ac-name={{ access_concentrator }}
-
{% if interface is vyos_defined %}
{% for iface, iface_config in interface.items() %}
{% if iface_config.vlan is not vyos_defined %}
@@ -121,11 +120,9 @@ vlan-mon={{ iface }},{{ iface_config.vlan | join(',') }}
{% endif %}
{% endfor %}
{% endif %}
-
{% if service_name %}
service-name={{ service_name | join(',') }}
{% endif %}
-
{% if pado_delay %}
{% set pado_delay_param = namespace(value='0') %}
{% for delay in pado_delay | sort(attribute='0') %}
@@ -140,21 +137,11 @@ pado-delay={{ pado_delay_param.value }}
{% if authentication.radius.called_sid_format is vyos_defined %}
called-sid={{ authentication.radius.called_sid_format }}
{% endif %}
-
-{% if authentication.mode is vyos_defined("local") or authentication.mode is vyos_defined("noauth") %}
-{% if authentication.mode is vyos_defined("noauth") %}
+{% if authentication.mode is vyos_defined("noauth") %}
noauth=1
-{% endif %}
-{% if client_ip_pool.name is vyos_defined %}
-{% for pool, pool_config in client_ip_pool.name.items() %}
-{% if pool_config.subnet is vyos_defined %}
-ip-pool={{ pool }}
-{% endif %}
-{% if pool_config.gateway_address is vyos_defined %}
-gw-ip-address={{ pool_config.gateway_address }}/{{ pool_config.subnet.split('/')[1] }}
-{% endif %}
-{% endfor %}
-{% endif %}
+{% endif %}
+{% if default_pool is vyos_defined %}
+ip-pool={{ default_pool }}
{% endif %}
{% if limits is vyos_defined %}
diff --git a/data/templates/accel-ppp/pptp.config.j2 b/data/templates/accel-ppp/pptp.config.j2
index 46a9f933a..4e891777f 100644
--- a/data/templates/accel-ppp/pptp.config.j2
+++ b/data/templates/accel-ppp/pptp.config.j2
@@ -51,14 +51,15 @@ ppp-max-mtu={{ mtu }}
mppe={{ ppp_mppe }}
echo-interval=10
echo-failure=3
-
+{% if default_pool is vyos_defined %}
+ip-pool={{ default_pool }}
+{% endif %}
[client-ip-range]
0.0.0.0/0
-[ip-pool]
-tunnel={{ client_ip_pool }}
-gw-ip-address={{ gw_ip }}
+{# Common IP pool definitions #}
+{% include 'accel-ppp/config_ip_pool.j2' %}
[ppp]
verbose=5
@@ -74,18 +75,15 @@ verbose=1
{% for r in radius_server %}
server={{ r.server }},{{ r.key }},auth-port={{ r.port }},acct-port={{ r.acct_port }},req-limit=0,fail-time={{ r.fail_time }}
{% endfor %}
-
{% if radius_acct_interim_interval is vyos_defined %}
acct-interim-interval={{ radius_acct_interim_interval }}
{% endif %}
{% if radius_acct_inter_jitter %}
acct-interim-jitter={{ radius_acct_inter_jitter }}
{% endif %}
-
acct-timeout={{ radius_acct_tmo }}
timeout={{ radius_timeout }}
max-try={{ radius_max_try }}
-
{% if radius_nas_id %}
nas-identifier={{ radius_nas_id }}
{% endif %}
@@ -97,8 +95,8 @@ bind={{ radius_source_address }}
{% endif %}
{% endif %}
{# Both chap-secrets and radius block required the gw-ip-address #}
-{% if gw_ip is defined and gw_ip is not none %}
-gw-ip-address={{ gw_ip }}
+{% if gateway_address is vyos_defined %}
+gw-ip-address={{ gateway_address }}
{% endif %}
{% if radius_shaper_enable %}
diff --git a/data/templates/accel-ppp/sstp.config.j2 b/data/templates/accel-ppp/sstp.config.j2
index cf1d23f54..6117cea1b 100644
--- a/data/templates/accel-ppp/sstp.config.j2
+++ b/data/templates/accel-ppp/sstp.config.j2
@@ -36,6 +36,9 @@ accept=ssl
ssl-ca-file=/run/accel-pppd/sstp-ca.pem
ssl-pemfile=/run/accel-pppd/sstp-cert.pem
ssl-keyfile=/run/accel-pppd/sstp-cert.key
+{% if default_pool is vyos_defined %}
+ip-pool={{ default_pool }}
+{% endif %}
{# Common IP pool definitions #}
{% include 'accel-ppp/config_ip_pool.j2' %}
@@ -56,7 +59,6 @@ check-ip=1
mtu={{ mtu }}
ipv6={{ 'allow' if ppp_options.ipv6 is vyos_defined("deny") and client_ipv6_pool is vyos_defined else ppp_options.ipv6 }}
ipv4={{ ppp_options.ipv4 }}
-
mppe={{ ppp_options.mppe }}
lcp-echo-interval={{ ppp_options.lcp_echo_interval }}
lcp-echo-timeout={{ ppp_options.lcp_echo_timeout }}