diff options
author | Christian Breunig <christian@breunig.cc> | 2024-01-03 18:58:17 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-01-03 18:58:17 +0100 |
commit | 1cc70ce273cbddb5ea9eb4148808c6c2aaf3d28f (patch) | |
tree | 3a175bdd292e31fc91f2215dd4aaa4b5f01c39a1 /data | |
parent | 4f56a3df61cd66234fa2fda254869c17eaf1eca6 (diff) | |
parent | df2db15dde6ef928556a4e632bce3222428c6486 (diff) | |
download | vyos-1x-1cc70ce273cbddb5ea9eb4148808c6c2aaf3d28f.tar.gz vyos-1x-1cc70ce273cbddb5ea9eb4148808c6c2aaf3d28f.zip |
Merge pull request #2719 from c-po/sagitta-backports-accel-ppp
Backports for Accel-PPP based serviced T5801, T5842 and T5688
Diffstat (limited to 'data')
-rw-r--r-- | data/templates/accel-ppp/l2tp.config.j2 | 145 | ||||
-rw-r--r-- | data/templates/accel-ppp/pptp.config.j2 | 89 | ||||
-rw-r--r-- | data/templates/accel-ppp/sstp.config.j2 | 1 |
3 files changed, 66 insertions, 169 deletions
diff --git a/data/templates/accel-ppp/l2tp.config.j2 b/data/templates/accel-ppp/l2tp.config.j2 index 89cc0eae7..49755254a 100644 --- a/data/templates/accel-ppp/l2tp.config.j2 +++ b/data/templates/accel-ppp/l2tp.config.j2 @@ -2,21 +2,17 @@ [modules] log_syslog l2tp -chap-secrets -{% for proto in auth_proto %} -{{ proto }} -{% endfor %} -{% if auth_mode == 'radius' %} -radius -{% endif %} -ippool shaper -ipv6pool -ipv6_nd -ipv6_dhcp +{# Common authentication backend definitions #} +{% include 'accel-ppp/config_modules_auth_mode.j2' %} +ippool +{# Common IPv6 definitions #} +{% include 'accel-ppp/config_modules_ipv6.j2' %} +{# Common authentication protocols (pap, chap ...) #} +{% include 'accel-ppp/config_modules_auth_protocols.j2' %} [core] -thread-count={{ thread_cnt }} +thread-count={{ thread_count }} [common] {% if max_concurrent_sessions is vyos_defined %} @@ -28,23 +24,12 @@ syslog=accel-l2tp,daemon copy=1 level=5 -{% if dnsv4 %} -[dns] -{% for dns in dnsv4 %} -dns{{ loop.index }}={{ dns }} -{% endfor %} -{% endif %} +{# Common DNS name-server definition #} +{% include 'accel-ppp/config_name_server.j2' %} -{% if dnsv6 %} -[ipv6-dns] -{% for dns in dnsv6 %} -{{ dns }} -{% endfor %} -{% endif %} - -{% if wins %} +{% if wins_server is vyos_defined %} [wins] -{% for server in wins %} +{% for server in wins_server %} wins{{ loop.index }}={{ server }} {% endfor %} {% endif %} @@ -53,15 +38,15 @@ wins{{ loop.index }}={{ server }} verbose=1 ifname=l2tp%d ppp-max-mtu={{ mtu }} -mppe={{ ppp_mppe }} -{% if outside_addr %} -bind={{ outside_addr }} +mppe={{ ppp_options.mppe }} +{% if outside_address is vyos_defined %} +bind={{ outside_address }} {% endif %} -{% if lns_shared_secret %} -secret={{ lns_shared_secret }} +{% if lns.shared_secret is vyos_defined %} +secret={{ lns.shared_secret }} {% endif %} -{% if lns_host_name %} -host-name={{ lns_host_name }} +{% if lns.host_name is vyos_defined %} +host-name={{ lns.host_name }} {% endif %} {% if default_pool is vyos_defined %} ip-pool={{ default_pool }} @@ -73,87 +58,39 @@ ip-pool={{ default_pool }} {# Common IP pool definitions #} {% include 'accel-ppp/config_ip_pool.j2' %} -{% if auth_mode == 'local' %} -[chap-secrets] -chap-secrets={{ chap_secrets_file }} -{% elif auth_mode == 'radius' %} -[radius] -verbose=1 -{% for r in radius_server %} -server={{ r.server }},{{ r.key }},auth-port={{ r.port }},acct-port={{ r.acct_port }},req-limit=0,fail-time={{ r.fail_time }} -{% endfor %} -{% if radius_dynamic_author.server is vyos_defined %} -dae-server={{ radius_dynamic_author.server }}:{{ radius_dynamic_author.port }},{{ radius_dynamic_author.key }} -{% endif %} -{% if radius_acct_interim_interval is vyos_defined %} -acct-interim-interval={{ radius_acct_interim_interval }} -{% endif %} -{% if radius_acct_inter_jitter %} -acct-interim-jitter={{ radius_acct_inter_jitter }} -{% endif %} -acct-timeout={{ radius_acct_tmo }} -timeout={{ radius_timeout }} -max-try={{ radius_max_try }} -{% if radius_nas_id %} -nas-identifier={{ radius_nas_id }} -{% endif %} -{% if radius_nas_ip %} -nas-ip-address={{ radius_nas_ip }} -{% endif %} -{% if radius_source_address %} -bind={{ radius_source_address }} -{% endif %} -{% endif %} -{% if gateway_address is vyos_defined %} -gw-ip-address={{ gateway_address }} -{% endif %} +{# Common chap-secrets and RADIUS server/option definitions #} +{% include 'accel-ppp/config_chap_secrets_radius.j2' %} [ppp] verbose=1 check-ip=1 single-session=replace -lcp-echo-timeout={{ ppp_echo_timeout }} -lcp-echo-interval={{ ppp_echo_interval }} -lcp-echo-failure={{ ppp_echo_failure }} -{% if ccp_disable %} +lcp-echo-interval={{ ppp_options.lcp_echo_interval }} +lcp-echo-timeout={{ ppp_options.lcp_echo_timeout }} +lcp-echo-failure={{ ppp_options.lcp_echo_failure }} +{# MTU #} +mtu={{ mtu }} +ipv6={{ 'allow' if ppp_options.ipv6 is vyos_defined("deny") and client_ipv6_pool is vyos_defined else ppp_options.ipv6 }} +ipv4={{ ppp_options.ipv4 }} +mppe={{ ppp_options.mppe }} +{% if ccp_disable is vyos_defined %} ccp=0 {% endif %} -{% if ppp_ipv6 is vyos_defined %} -ipv6={{ ppp_ipv6 }} -{% else %} -{{ 'ipv6=allow' if client_ipv6_pool_configured else '' }} -{% endif %} -{% if ppp_ipv6_intf_id is vyos_defined %} -ipv6-intf-id={{ ppp_ipv6_intf_id }} -{% endif %} -{% if ppp_ipv6_peer_intf_id is vyos_defined %} -ipv6-peer-intf-id={{ ppp_ipv6_peer_intf_id }} -{% endif %} -ipv6-accept-peer-intf-id={{ "1" if ppp_ipv6_accept_peer_intf_id else "0" }} +unit-preallocate={{ "1" if authentication.radius.preallocate_vif is vyos_defined else "0" }} -{% if client_ipv6_pool %} -[ipv6-pool] -{% for p in client_ipv6_pool %} -{{ p.prefix }},{{ p.mask }} -{% endfor %} -{% for p in client_ipv6_delegate_prefix %} -delegate={{ p.prefix }},{{ p.mask }} -{% endfor %} +{% if ppp_options.ipv6_intf_id is vyos_defined %} +ipv6-intf-id={{ ppp_options.ipv6_intf_id }} {% endif %} - -{% if client_ipv6_delegate_prefix %} -[ipv6-dhcp] -verbose=1 +{% if ppp_options.ipv6_peer_intf_id is vyos_defined %} +ipv6-peer-intf-id={{ ppp_options.ipv6_peer_intf_id }} {% endif %} +ipv6-accept-peer-intf-id={{ "1" if ppp_options.ipv6_accept_peer_intf_id is vyos_defined else "0" }} -{% if radius_shaper_attr %} -[shaper] -verbose=1 -attr={{ radius_shaper_attr }} -{% if radius_shaper_vendor %} -vendor={{ radius_shaper_vendor }} -{% endif %} -{% endif %} +{# Common IPv6 pool definitions #} +{% include 'accel-ppp/config_ipv6_pool.j2' %} + +{# Common RADIUS shaper configuration #} +{% include 'accel-ppp/config_shaper_radius.j2' %} [cli] tcp=127.0.0.1:2004 diff --git a/data/templates/accel-ppp/pptp.config.j2 b/data/templates/accel-ppp/pptp.config.j2 index 4e891777f..daafd6e92 100644 --- a/data/templates/accel-ppp/pptp.config.j2 +++ b/data/templates/accel-ppp/pptp.config.j2 @@ -3,18 +3,22 @@ log_syslog pptp shaper -{% if auth_mode == 'local' %} -chap-secrets -{% elif auth_mode == 'radius' %} -radius -{% endif %} +{# Common authentication backend definitions #} +{% include 'accel-ppp/config_modules_auth_mode.j2' %} ippool -{% for proto in auth_proto %} -{{ proto }} -{% endfor %} +{# Common authentication protocols (pap, chap ...) #} +{% if authentication.require is vyos_defined %} +{% if authentication.require == 'chap' %} +auth_chap_md5 +{% elif authentication.require == 'mschap' %} +auth_mschap_v1 +{% else %} +auth_{{ authentication.require.replace('-', '_') }} +{% endif %} +{% endif %} [core] -thread-count={{ thread_cnt }} +thread-count={{ thread_count }} [common] {% if max_concurrent_sessions is vyos_defined %} @@ -26,16 +30,12 @@ syslog=accel-pptp,daemon copy=1 level=5 -{% if dnsv4 %} -[dns] -{% for dns in dnsv4 %} -dns{{ loop.index }}={{ dns }} -{% endfor %} -{% endif %} +{# Common DNS name-server definition #} +{% include 'accel-ppp/config_name_server.j2' %} -{% if wins %} +{% if wins_server is vyos_defined %} [wins] -{% for server in wins %} +{% for server in wins_server %} wins{{ loop.index }}={{ server }} {% endfor %} {% endif %} @@ -43,12 +43,12 @@ wins{{ loop.index }}={{ server }} [pptp] ifname=pptp%d -{% if outside_addr %} -bind={{ outside_addr }} +{% if outside_address is vyos_defined %} +bind={{ outside_address }} {% endif %} verbose=1 ppp-max-mtu={{ mtu }} -mppe={{ ppp_mppe }} +mppe={{ authentication.mppe }} echo-interval=10 echo-failure=3 {% if default_pool is vyos_defined %} @@ -66,52 +66,11 @@ verbose=5 check-ip=1 single-session=replace -{% if auth_mode == 'local' %} -[chap-secrets] -chap-secrets={{ chap_secrets_file }} -{% elif auth_mode == 'radius' %} -[radius] -verbose=1 -{% for r in radius_server %} -server={{ r.server }},{{ r.key }},auth-port={{ r.port }},acct-port={{ r.acct_port }},req-limit=0,fail-time={{ r.fail_time }} -{% endfor %} -{% if radius_acct_interim_interval is vyos_defined %} -acct-interim-interval={{ radius_acct_interim_interval }} -{% endif %} -{% if radius_acct_inter_jitter %} -acct-interim-jitter={{ radius_acct_inter_jitter }} -{% endif %} -acct-timeout={{ radius_acct_tmo }} -timeout={{ radius_timeout }} -max-try={{ radius_max_try }} -{% if radius_nas_id %} -nas-identifier={{ radius_nas_id }} -{% endif %} -{% if radius_nas_ip %} -nas-ip-address={{ radius_nas_ip }} -{% endif %} -{% if radius_source_address %} -bind={{ radius_source_address }} -{% endif %} -{% endif %} -{# Both chap-secrets and radius block required the gw-ip-address #} -{% if gateway_address is vyos_defined %} -gw-ip-address={{ gateway_address }} -{% endif %} +{# Common chap-secrets and RADIUS server/option definitions #} +{% include 'accel-ppp/config_chap_secrets_radius.j2' %} -{% if radius_shaper_enable %} -[shaper] -verbose=1 -{% if radius_shaper_attr %} -attr={{ radius_shaper_attr }} -{% endif %} -{% if radius_shaper_multiplier %} -rate-multiplier={{ radius_shaper_multiplier }} -{% endif %} -{% if radius_shaper_vendor %} -vendor={{ radius_shaper_vendor }} -{% endif %} -{% endif %} +{# Common RADIUS shaper configuration #} +{% include 'accel-ppp/config_shaper_radius.j2' %} [cli] tcp=127.0.0.1:2003 diff --git a/data/templates/accel-ppp/sstp.config.j2 b/data/templates/accel-ppp/sstp.config.j2 index 6117cea1b..014ae1235 100644 --- a/data/templates/accel-ppp/sstp.config.j2 +++ b/data/templates/accel-ppp/sstp.config.j2 @@ -57,6 +57,7 @@ verbose=1 check-ip=1 {# MTU #} mtu={{ mtu }} +unit-preallocate={{ "1" if authentication.radius.preallocate_vif is vyos_defined else "0" }} ipv6={{ 'allow' if ppp_options.ipv6 is vyos_defined("deny") and client_ipv6_pool is vyos_defined else ppp_options.ipv6 }} ipv4={{ ppp_options.ipv4 }} mppe={{ ppp_options.mppe }} |