Merge branch 'current' into T3350-sagitta

author: zdc <zdc@users.noreply.github.com> 2021-11-01 17:04:11 +0200
committer: GitHub <noreply@github.com> 2021-11-01 17:04:11 +0200
commit: 1b7c879b9fed2f4563477039bc6ddf4dc0db5829 (patch)
tree: a0ea609a933a4d2e54d5712e2b1671a19181c372 /data/templates
parent: 3fd2ff423b6c6e992b2ed531c7ba99fb9e1a2123 (diff)
parent: 85bf315f71b411e3cdcd19793c4f7e1e5efed917 (diff)
download: vyos-1x-1b7c879b9fed2f4563477039bc6ddf4dc0db5829.tar.gz
vyos-1x-1b7c879b9fed2f4563477039bc6ddf4dc0db5829.zip
11 files changed, 52 insertions, 11 deletions
diff --git a/data/templates/accel-ppp/l2tp.config.tmpl b/data/templates/accel-ppp/l2tp.config.tmpl
index 44c96b935..9fcda76d4 100644
--- a/data/templates/accel-ppp/l2tp.config.tmpl
+++ b/data/templates/accel-ppp/l2tp.config.tmpl
@@ -57,6 +57,9 @@ bind={{ outside_addr }}
 {% if lns_shared_secret %}
 secret={{ lns_shared_secret }}
 {% endif %}
+{% if lns_host_name %}
+host-name={{ lns_host_name }}
+{% endif %}
 
 [client-ip-range]
 0.0.0.0/0
diff --git a/data/templates/dhcp-client/ipv4.tmpl b/data/templates/dhcp-client/ipv4.tmpl
index c934b7cdb..11e961166 100644
--- a/data/templates/dhcp-client/ipv4.tmpl
+++ b/data/templates/dhcp-client/ipv4.tmpl
@@ -7,7 +7,12 @@ retry 300;
 interface "{{ ifname }}" {
     send host-name "{{ dhcp_options.host_name }}";
 {% if dhcp_options.client_id is defined and dhcp_options.client_id is not none %}
-    send dhcp-client-identifier "{{ dhcp_options.client_id }}";
+{%   set client_id = dhcp_options.client_id %}
+{#   Use HEX representation of client-id as it is send in MAC-address style using hex characters. If not HEX, use double quotes ASCII format #}
+{%   if not dhcp_options.client_id.split(':') | length >= 5 %}
+{%     set client_id = '"' + dhcp_options.client_id + '"' %}
+{%   endif %}
+    send dhcp-client-identifier {{ client_id  }};
 {% endif %}
 {% if dhcp_options.vendor_class_id is defined and dhcp_options.vendor_class_id is not none %}
     send vendor-class-identifier "{{ dhcp_options.vendor_class_id }}";
diff --git a/data/templates/dynamic-dns/ddclient.conf.tmpl b/data/templates/dynamic-dns/ddclient.conf.tmpl
index 9d379de00..517e4bad4 100644
--- a/data/templates/dynamic-dns/ddclient.conf.tmpl
+++ b/data/templates/dynamic-dns/ddclient.conf.tmpl
@@ -9,7 +9,7 @@ ssl=yes
 {%     set web_skip = ", web-skip='" + interface[iface].use_web.skip + "'" if interface[iface].use_web.skip is defined else '' %}
 use=web, web='{{ interface[iface].use_web.url }}'{{ web_skip }}
 {%   else %}
-use=if, if={{ iface }}
+{{ 'usev6=if' if interface[iface].ipv6_enable is defined else 'use=if' }}, if={{ iface }}
 {%   endif %}
 
 {%   if interface[iface].rfc2136 is defined and interface[iface].rfc2136 is not none %}
diff --git a/data/templates/frr/bgpd.frr.tmpl b/data/templates/frr/bgpd.frr.tmpl
index 27a2b98a5..61936bb56 100644
--- a/data/templates/frr/bgpd.frr.tmpl
+++ b/data/templates/frr/bgpd.frr.tmpl
@@ -230,10 +230,8 @@ router bgp {{ local_as }} {{ 'vrf ' ~ vrf if vrf is defined and vrf is not none
 {% else %}
  no bgp ebgp-requires-policy
 {% endif %}
-{% if parameters is defined and parameters.default is defined and parameters.default.no_ipv4_unicast is defined %}
 {#   Option must be set before any neighbor - see https://phabricator.vyos.net/T3463 #}
  no bgp default ipv4-unicast
-{% endif %}
 {# Workaround for T2100 until we have decided about a migration script #}
  no bgp network import-check
 {% if address_family is defined and address_family is not none %}
@@ -266,8 +264,11 @@ router bgp {{ local_as }} {{ 'vrf ' ~ vrf if vrf is defined and vrf is not none
 {%     endif %}
 {%     endif %}
 {%     if afi_config.aggregate_address is defined and afi_config.aggregate_address is not none %}
-{%       for ip in afi_config.aggregate_address %}
-  aggregate-address {{ ip }}{{ ' as-set' if afi_config.aggregate_address[ip].as_set is defined }}{{ ' summary-only' if afi_config.aggregate_address[ip].summary_only is defined }}
+{%       for aggregate, aggregate_config in afi_config.aggregate_address.items() %}
+  aggregate-address {{ aggregate }}{{ ' as-set' if aggregate_config.as_set is defined }}{{ ' summary-only' if aggregate_config.summary_only is defined }}
+{%         if aggregate_config.route_map is defined and aggregate_config.route_map is not none %}
+  aggregate-address {{ aggregate }} route-map {{ aggregate_config.route_map }}
+{%         endif %}
 {%       endfor %}
 {%     endif %}
 {%     if afi_config.maximum_paths is defined and afi_config.maximum_paths.ebgp is defined and afi_config.maximum_paths.ebgp is not none %}
diff --git a/data/templates/lcd/LCDd.conf.tmpl b/data/templates/lcd/LCDd.conf.tmpl
index 6cf6a440f..2c7ad920f 100644
--- a/data/templates/lcd/LCDd.conf.tmpl
+++ b/data/templates/lcd/LCDd.conf.tmpl
@@ -53,6 +53,8 @@ DriverPath=/usr/lib/x86_64-linux-gnu/lcdproc/
 Driver=CFontzPacket
 {%   elif model == 'sdec' %}
 Driver=sdeclcd
+{%   elif model == 'hd44780' %}
+Driver=hd44780
 {%   endif %}
 {% endif %}
 
@@ -128,5 +130,10 @@ USB=yes
 ## SDEC driver for Lanner, Watchguard, Sophos sppliances ##
 [sdeclcd]
 # No options
+{%   elif model == 'hd44780' %}
+[hd44780]
+ConnectionType=ezio
+Device={{ device }}
+Size=16x2
 {%   endif %}
 {% endif %}
diff --git a/data/templates/mdns-repeater/avahi-daemon.tmpl b/data/templates/mdns-repeater/avahi-daemon.tmpl
new file mode 100644
index 000000000..65bb5a306
--- /dev/null
+++ b/data/templates/mdns-repeater/avahi-daemon.tmpl
@@ -0,0 +1,18 @@
+[server]
+use-ipv4=yes
+use-ipv6=yes
+allow-interfaces={{ interface | join(', ') }}
+disallow-other-stacks=no
+
+[wide-area]
+enable-wide-area=yes
+
+[publish]
+disable-publishing=yes
+disable-user-service-publishing=yes
+publish-addresses=no
+publish-hinfo=no
+publish-workstation=no
+
+[reflector]
+enable-reflector=yes
diff --git a/data/templates/mdns-repeater/mdns-repeater.tmpl b/data/templates/mdns-repeater/mdns-repeater.tmpl
deleted file mode 100644
index 80f4ab047..000000000
--- a/data/templates/mdns-repeater/mdns-repeater.tmpl
+++ /dev/null
@@ -1,2 +0,0 @@
-### Autogenerated by mdns_repeater.py ###
-DAEMON_ARGS="{{ interface | join(' ') }}"
diff --git a/data/templates/ntp/ntpd.conf.tmpl b/data/templates/ntp/ntpd.conf.tmpl
index 2b56b53c3..38e68f24f 100644
--- a/data/templates/ntp/ntpd.conf.tmpl
+++ b/data/templates/ntp/ntpd.conf.tmpl
@@ -6,6 +6,8 @@
 driftfile /var/lib/ntp/ntp.drift
 # By default, only allow ntpd to query time sources, ignore any incoming requests
 restrict default noquery nopeer notrap nomodify
+# Allow pool associations
+restrict source nomodify notrap noquery
 # Local users have unrestricted access, allowing reconfiguration via ntpdc
 restrict 127.0.0.1
 restrict -6 ::1
diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl
index 213c5c785..7a0470d0e 100644
--- a/data/templates/openvpn/server.conf.tmpl
+++ b/data/templates/openvpn/server.conf.tmpl
@@ -126,6 +126,12 @@ push "dhcp-option DNS6 {{ nameserver }}"
 {%     if server.domain_name is defined and server.domain_name is not none %}
 push "dhcp-option DOMAIN {{ server.domain_name }}"
 {%     endif %}
+{%     if server.mfa is defined and server.mfa is not none %}
+{%       if server.mfa.totp is defined and server.mfa.totp is not none %}
+{%         set totp_config = server.mfa.totp %}
+plugin "{{ plugin_dir}}/openvpn-otp.so" "otp_secrets=/config/auth/openvpn/{{ ifname }}-otp-secrets {{ 'otp_slop=' ~ totp_config.slop }} {{ 'totp_t0=' ~ totp_config.drift }} {{ 'totp_step=' ~ totp_config.step }} {{ 'totp_digits=' ~ totp_config.digits }} password_is_cr={{ '1' if totp_config.challenge == 'enable' else '0' }}"
+{%       endif %}
+{%     endif %}
 {%   endif %}
 {% else %}
 #
diff --git a/data/templates/snmp/etc.snmpd.conf.tmpl b/data/templates/snmp/etc.snmpd.conf.tmpl
index db2114fa1..30806ce8a 100644
--- a/data/templates/snmp/etc.snmpd.conf.tmpl
+++ b/data/templates/snmp/etc.snmpd.conf.tmpl
@@ -39,7 +39,7 @@ SysDescr {{ description }}
 {% endif %}
 
 # Listen
-agentaddress unix:/run/snmpd.socket{% if listen_on %}{% for li in listen_on %},{{ li }}{% endfor %}{% else %},udp:161{% if ipv6_enabled %},udp6:161{% endif %}{% endif %}
+agentaddress unix:/run/snmpd.socket{% if listen_on %}{% for li in listen_on %},{{ li }}{% endfor %}{% else %},{{protocol}}:161{% if ipv6_enabled %},{{protocol}}6:161{% endif %}{% endif %}
 
 # SNMP communities
 {% for c in communities %}
diff --git a/data/templates/vyos-hostsd/hosts.tmpl b/data/templates/vyos-hostsd/hosts.tmpl
index 8b73c6e51..03662d562 100644
--- a/data/templates/vyos-hostsd/hosts.tmpl
+++ b/data/templates/vyos-hostsd/hosts.tmpl
@@ -17,8 +17,9 @@ ff02::2         ip6-allrouters
 {%   for tag, taghosts in hosts.items() %}
 # {{ tag }}
 {%     for host, hostprops in taghosts.items() if hostprops.address is defined %}
-{{ "%-15s" | format(hostprops.address) }} {{ host }} {{ hostprops.aliases|join(' ') if hostprops.aliases is defined }}
+{%       for addr in hostprops.address %}
+{{ "%-15s" | format(addr) }} {{ host }} {{ hostprops.aliases|join(' ') if hostprops.aliases is defined }}
+{%       endfor %}
 {%     endfor %}
 {%   endfor %}
 {% endif %}
-
author	zdc <zdc@users.noreply.github.com>	2021-11-01 17:04:11 +0200
committer	GitHub <noreply@github.com>	2021-11-01 17:04:11 +0200
commit	1b7c879b9fed2f4563477039bc6ddf4dc0db5829 (patch)
tree	a0ea609a933a4d2e54d5712e2b1671a19181c372 /data/templates
parent	3fd2ff423b6c6e992b2ed531c7ba99fb9e1a2123 (diff)
parent	85bf315f71b411e3cdcd19793c4f7e1e5efed917 (diff)
download	vyos-1x-1b7c879b9fed2f4563477039bc6ddf4dc0db5829.tar.gz vyos-1x-1b7c879b9fed2f4563477039bc6ddf4dc0db5829.zip