Merge branch 'current' of github.com:vyos/vyos-1x into equuleus

* 'current' of github.com:vyos/vyos-1x:
  openvpn: bridge: T1556: remove obsolete bridge-group definition
  ifconfig: T1849: fix DHCPv6 startup
  Python/VyOS validate: T1849: handle is_ipv6()/is_ipv6() exceptions
  ifconfig: T1793: remove dhcpv6 client debug output
  ddclient: T1853: bugfix TypeError exception
  syslog: T1845: syslog host no longer accepts a port
  syslog: code formatting
  syslog: T1845: syslog host no longer accepts a port
  syslog: renaming files and conf script to fit new scheme
  T1855, T1826: clean up the reboot/shutdown script.
  wireguard: T1853: disable peer doesn't work
  Revert "syslog: T1845: syslog host no longer accepts a port"
  dmvpn: T1784: Add swanctl load call
  syslog: T1845: syslog host no longer accepts a port
  [vyos.config] T1847: correctly set_level for path given as empty string

4 files changed, 47 insertions, 10 deletions

diff --git a/src/conf_mode/dynamic_dns.py b/src/conf_mode/dynamic_dns.py
index 7c3b9ff6a..9ba8659a1 100755
--- a/src/conf_mode/dynamic_dns.py
+++ b/src/conf_mode/dynamic_dns.py
@@ -95,6 +95,7 @@ default_service_protocol = {
 default_config_data = {
     'interfaces': [],
     'cache_file': cache_file,
+    'deleted': False,
     'pid_file': pid_file
 }
 
@@ -102,7 +103,8 @@ def get_config():
     dyndns = default_config_data
     conf = Config()
     if not conf.exists('service dns dynamic'):
-        return None
+        dyndns['deleted'] = True
+        return dyndns
     else:
         conf.set_level('service dns dynamic')
 
@@ -194,7 +196,7 @@ def get_config():
 
 def verify(dyndns):
     # bail out early - looks like removal from running config
-    if dyndns is None:
+    if dyndns['deleted']:
         return None
 
     # A 'node' corresponds to an interface
@@ -239,7 +241,10 @@ def verify(dyndns):
 
 def generate(dyndns):
     # bail out early - looks like removal from running config
-    if dyndns is None:
+    if dyndns['deleted']:
+        if os.path.exists(config_file):
+            os.unlink(config_file)
+
         return None
 
     dirname = os.path.dirname(dyndns['pid_file'])
@@ -264,7 +269,7 @@ def apply(dyndns):
     if os.path.exists('/etc/ddclient.conf'):
         os.unlink('/etc/ddclient.conf')
 
-    if dyndns is None:
+    if dyndns['deleted']:
         os.system('/etc/init.d/ddclient stop')
         if os.path.exists(dyndns['pid_file']):
             os.unlink(dyndns['pid_file'])
diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py
index 013a07f32..cac911c8c 100755
--- a/src/conf_mode/interfaces-wireguard.py
+++ b/src/conf_mode/interfaces-wireguard.py
@@ -169,6 +169,10 @@ def get_config():
                     if key_eff != key_cfg and key_eff != None:
                         wg['peer_remove'].append(key_cfg)
 
+                # if a peer is disabled, we have to exec a remove for it's pubkey
+                else:
+                  peer_key = c.return_value('peer {peer} pubkey'.format(peer=p))
+                  wg['peer_remove'].append(peer_key)
     return wg
 
 
@@ -191,6 +195,7 @@ def verify(c):
             if not c['peer'][p]['pubkey']:
                 raise ConfigError("peer pubkey required for peer " + p)
 
+
 def apply(c):
     # no wg configs left, remove all interface from system
     # maybe move it into ifconfig.py
diff --git a/src/conf_mode/ipsec-settings.py b/src/conf_mode/ipsec-settings.py
index 156bb2edd..331a62316 100755
--- a/src/conf_mode/ipsec-settings.py
+++ b/src/conf_mode/ipsec-settings.py
@@ -21,6 +21,7 @@ import re
 import os
 import jinja2
 import syslog as sl
+import time
 
 import vyos.config
 import vyos.defaults
@@ -38,6 +39,7 @@ server_cert_path = '/etc/ipsec.d/certs'
 server_key_path = '/etc/ipsec.d/private'
 delim_ipsec_l2tp_begin = "### VyOS L2TP VPN Begin ###"
 delim_ipsec_l2tp_end = "### VyOS L2TP VPN End ###"
+charon_pidfile = '/var/run/charon.pid'
 
 l2pt_ipsec_conf = '''
 {{delim_ipsec_l2tp_begin}}
@@ -243,11 +245,22 @@ def generate(data):
         remove_confs(delim_ipsec_l2tp_begin, delim_ipsec_l2tp_end, ipsec_secrets_flie)
         remove_confs(delim_ipsec_l2tp_begin, delim_ipsec_l2tp_end, ipsec_conf_flie)
 
-def apply(data):
-    # Do nothing
-    # StrongSWAN should only be restarted when actual tunnels are configured
-    # Restart ipsec for l2tp
+def restart_ipsec():
     os.system("ipsec restart >&/dev/null")
+    # counter for apply swanctl config
+    counter = 10
+    while counter <= 10:
+        if os.path.exists(charon_pidfile):
+            os.system("swanctl -q >&/dev/null")
+            break
+        counter -=1
+        time.sleep(1)
+        if counter == 0:
+            raise ConfigError('VPN configuration error: IPSec is not running.')
+
+def apply(data):
+    # Restart IPSec daemon
+    restart_ipsec()
 
 if __name__ == '__main__':
     try:
diff --git a/src/conf_mode/syslog.py b/src/conf_mode/system-syslog.py
index c4f3d2c9c..4f0a54962 100755
--- a/src/conf_mode/syslog.py
+++ b/src/conf_mode/system-syslog.py
@@ -53,10 +53,18 @@ $outchannel {{file}},{{files[file]['log-file']}},{{files[file]['max-size']}},{{f
 ## remote logging
 {% for host in hosts %}
 {% if hosts[host]['proto'] == 'tcp' %}
+{% if hosts[host]['port'] %}
+{{hosts[host]['selectors']}} @@{{host}}:{{hosts[host]['port']}}
+{% else %}
 {{hosts[host]['selectors']}} @@{{host}}
+{% endif %}
+{% else %}
+{% if hosts[host]['port'] %}
+{{hosts[host]['selectors']}} @{{host}}:{{hosts[host]['port']}}
 {% else %}
 {{hosts[host]['selectors']}} @{{host}}
 {% endif %}
+{% endif %}
 {% endfor %}
 {% endif %}
 {% if user %}
@@ -177,13 +185,14 @@ def get_config():
 
     # set system syslog host
     if c.exists('host'):
-        proto = 'udp'
         rhosts = c.list_nodes('host')
         for rhost in rhosts:
             for fac in c.list_nodes('host ' + rhost + ' facility'):
                 if c.exists('host ' + rhost + ' facility ' + fac + ' protocol'):
                     proto = c.return_value(
                         'host ' + rhost + ' facility ' + fac + ' protocol')
+                else:
+                    proto = 'udp'
 
             config_data['hosts'].update(
                 {
@@ -193,6 +202,9 @@ def get_config():
                     }
                 }
             )
+            if c.exists('host ' + rhost + ' port'):
+                config_data['hosts'][rhost][
+                    'port'] = c.return_value(['host', rhost, 'port'])
 
     # set system syslog user
     if c.exists('user'):
@@ -261,7 +273,8 @@ def generate(c):
 def verify(c):
     if c == None:
         return None
-    #
+
+    # may be obsolete
     # /etc/rsyslog.conf is generated somewhere and copied over the original (exists in /opt/vyatta/etc/rsyslog.conf)
     # it interferes with the global logging, to make sure we are using a single base, template is enforced here
     #
@@ -273,6 +286,7 @@ def verify(c):
     # /var/log/vyos-rsyslog were the old files, we may want to clean those up, but currently there
     # is a chance that someone still needs it, so I don't automatically remove
     # them
+    #
 
     if c == None:
         return None