Merge branch 'current' of github.com:vyos/vyos-1x into equuleus

* 'current' of github.com:vyos/vyos-1x: bonding: T1614: do not overwrite interface description with interface name [openvpn] T1661 Adding additional check for tls_dh if it not need for ovpn client [openvpn] T1662 Defined default remote port if it not set in cli [openvpn] T1661 Fixing returned value on check function bonding: T1614: use proper (previously missing) miimon property Python/ifconfig: T1557: bonding: add miimon property Python/ifconfig: T1557: bonding: fix class name in comments bonding: T1660: bugfix for triggered OS permission denied exception Revert "[bonding] T1660 Adding additional check. Some bonding mode don't support arp_interval" [bonding] T1660 Adding additional check. Some bonding mode don't support arp_interval [l2tp] T834 Implementation advanced ppp-options/lcp. openvpn: T1548: fix missing sys import [l2tp] T834 fix cli reset commands for l2tp and pptp. Adding l2tp%d tunnel naming.
author: Christian Poessinger <christian@poessinger.com> 2019-09-15 20:13:07 +0200
committer: Christian Poessinger <christian@poessinger.com> 2019-09-15 20:13:07 +0200
commit: c4d0b9ed4736911d341efdebf34997e6cee8c5a8 (patch)
tree: 69a17499eb72a52b33cf5b92551316b879984694 /src/conf_mode
parent: a9a68a6f1086fd4c978deaf5ddace69c18443756 (diff)
parent: 6e169b011569bddd0c07d476528a3ecad56e6499 (diff)
download: vyos-1x-c4d0b9ed4736911d341efdebf34997e6cee8c5a8.tar.gz
vyos-1x-c4d0b9ed4736911d341efdebf34997e6cee8c5a8.zip
3 files changed, 37 insertions, 14 deletions
diff --git a/src/conf_mode/accel_l2tp.py b/src/conf_mode/accel_l2tp.py
index 3af8b7958..244a720db 100755
--- a/src/conf_mode/accel_l2tp.py
+++ b/src/conf_mode/accel_l2tp.py
@@ -94,6 +94,7 @@ wins2={{wins[1]}}
 
 [l2tp]
 verbose=1
+ifname=l2tp%d
 ppp-max-mtu={{mtu}}
 mppe={{authentication['mppe']}}
 {% if outside_addr %}
@@ -133,7 +134,16 @@ single-session=replace
 {% if idle_timeout %}
 lcp-echo-timeout={{idle_timeout}}
 {% endif %}
+{% if ppp_options['lcp-echo-interval'] %}
+lcp-echo-interval={{ppp_options['lcp-echo-interval']}}
+{% else %}
 lcp-echo-interval=30
+{% endif %}
+{% if ppp_options['lcp-echo-failure'] %}
+lcp-echo-failure={{ppp_options['lcp-echo-failure']}}
+{% else %}
+lcp-echo-failure=3
+{% endif %}
 {% if ccp_disable %}
 ccp=0
 {% endif %}
@@ -287,6 +297,7 @@ def get_config():
     'mtu'                 : '1436',
     'ip6_column'          : '',
     'ip6_dp_column'       : '',
+    'ppp_options'         : {},
   }
 
   ### general options ###
@@ -439,6 +450,17 @@ def get_config():
   if c.exists('ccp-disable'):
     config_data['ccp_disable'] = True
 
+  ### ppp_options
+  ppp_options = {}
+  if c.exists('ppp-options'):
+    if c.exists('ppp-options lcp-echo-failure'):
+      ppp_options['lcp-echo-failure'] = c.return_value('ppp-options lcp-echo-failure')
+    if c.exists('ppp-options lcp-echo-interval'):
+      ppp_options['lcp-echo-interval'] = c.return_value('ppp-options lcp-echo-interval')
+
+  if len(ppp_options) !=0:
+    config_data['ppp_options'] = ppp_options
+
   return config_data
 
 def verify(c):
diff --git a/src/conf_mode/interface-bonding.py b/src/conf_mode/interface-bonding.py
index dc0363fb7..f0a33beff 100755
--- a/src/conf_mode/interface-bonding.py
+++ b/src/conf_mode/interface-bonding.py
@@ -157,8 +157,6 @@ def get_config():
     # retrieve interface description
     if conf.exists('description'):
         bond['description'] = conf.return_value('description')
-    else:
-        bond['description'] = bond['intf']
 
     # get DHCP client identifier
     if conf.exists('dhcp-options client-id'):
@@ -354,12 +352,12 @@ def apply(bond):
         for intf in b.get_slaves():
             b.del_port(intf)
 
-        # ARP link monitoring frequency
-        b.arp_interval = bond['arp_mon_intvl']
-        # reset miimon on arp-montior deletion
+        # ARP link monitoring frequency, reset miimon when arp-montior is inactive
         if bond['arp_mon_intvl'] == 0:
             # reset miimon to default
-            b.bond_miimon = 250
+            b.miimon = 250
+        else:
+            b.arp_interval = bond['arp_mon_intvl']
 
         # ARP monitor targets need to be synchronized between sysfs and CLI.
         # Unfortunately an address can't be send twice to sysfs as this will
diff --git a/src/conf_mode/interface-openvpn.py b/src/conf_mode/interface-openvpn.py
index 548c78535..34c094862 100755
--- a/src/conf_mode/interface-openvpn.py
+++ b/src/conf_mode/interface-openvpn.py
@@ -326,14 +326,14 @@ def checkCertHeader(header, filename):
     Returns True on success or on file not found to not trigger the exceptions
     """
     if not os.path.isfile(filename):
-        return True
+        return False
 
     with open(filename, 'r') as f:
         for line in f:
             if re.match(header, line):
                 return True
 
-    return False
+    return True
 
 def get_config():
     openvpn = deepcopy(default_config_data)
@@ -696,8 +696,9 @@ def verify(openvpn):
     #
     # TLS/encryption
     #
-    if not checkCertHeader('-----BEGIN OpenVPN Static key V1-----', openvpn['shared_secret_file']):
-        raise ConfigError('Specified shared-secret-key-file "{}" is not valid'.format(openvpn['shared_secret_file']))
+    if openvpn['shared_secret_file']:
+        if not checkCertHeader('-----BEGIN OpenVPN Static key V1-----', openvpn['shared_secret_file']):
+            raise ConfigError('Specified shared-secret-key-file "{}" is not valid'.format(openvpn['shared_secret_file']))
 
     if openvpn['tls']:
         if not openvpn['tls_ca_cert']:
@@ -719,11 +720,13 @@ def verify(openvpn):
         if not checkCertHeader('-----BEGIN (?:RSA )?PRIVATE KEY-----', openvpn['tls_key']):
             raise ConfigError('Specified key-file "{}" is not valid'.format(openvpn['tls_key']))
 
-        if not checkCertHeader('-----BEGIN X509 CRL-----', openvpn['tls_crl']):
-            raise ConfigError('Specified crl-file "{} not valid'.format(openvpn['tls_crl']))
+        if openvpn['tls_crl']:
+            if not checkCertHeader('-----BEGIN X509 CRL-----', openvpn['tls_crl']):
+                raise ConfigError('Specified crl-file "{} not valid'.format(openvpn['tls_crl']))
 
-        if not checkCertHeader('-----BEGIN DH PARAMETERS-----', openvpn['tls_dh']):
-            raise ConfigError('Specified dh-file "{}" is not valid'.format(openvpn['tls_dh']))
+        if openvpn['tls_dh']:
+            if not checkCertHeader('-----BEGIN DH PARAMETERS-----', openvpn['tls_dh']):
+                raise ConfigError('Specified dh-file "{}" is not valid'.format(openvpn['tls_dh']))
 
         if openvpn['tls_role']:
             if openvpn['mode'] in ['client', 'server']:
author	Christian Poessinger <christian@poessinger.com>	2019-09-15 20:13:07 +0200
committer	Christian Poessinger <christian@poessinger.com>	2019-09-15 20:13:07 +0200
commit	c4d0b9ed4736911d341efdebf34997e6cee8c5a8 (patch)
tree	69a17499eb72a52b33cf5b92551316b879984694 /src/conf_mode
parent	a9a68a6f1086fd4c978deaf5ddace69c18443756 (diff)
parent	6e169b011569bddd0c07d476528a3ecad56e6499 (diff)
download	vyos-1x-c4d0b9ed4736911d341efdebf34997e6cee8c5a8.tar.gz vyos-1x-c4d0b9ed4736911d341efdebf34997e6cee8c5a8.zip