Merge pull request #2832 from aapostoliuk/T5865-circinus

T5865: Moved ipv6 pools to named ipv6 pools in accel-ppp

9 files changed, 250 insertions, 23 deletions

diff --git a/src/conf_mode/service_ipoe-server.py b/src/conf_mode/service_ipoe-server.py
index 36f00dec5..6df6f3dc7 100755
--- a/src/conf_mode/service_ipoe-server.py
+++ b/src/conf_mode/service_ipoe-server.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2018-2023 VyOS maintainers and contributors
+# Copyright (C) 2018-2024 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -79,9 +79,6 @@ def verify(ipoe):
             if 'key' not in radius_config:
                 raise ConfigError(f'Missing RADIUS secret key for server "{server}"')
 
-    if 'client_ipv6_pool' in ipoe:
-        if 'delegate' in ipoe['client_ipv6_pool'] and 'prefix' not in ipoe['client_ipv6_pool']:
-            raise ConfigError('IPoE IPv6 deletate-prefix requires IPv6 prefix to be configured!')
 
     return None
 
diff --git a/src/conf_mode/service_pppoe-server.py b/src/conf_mode/service_pppoe-server.py
index 7c624f034..31299a15c 100755
--- a/src/conf_mode/service_pppoe-server.py
+++ b/src/conf_mode/service_pppoe-server.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2018-2023 VyOS maintainers and contributors
+# Copyright (C) 2018-2024 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -85,6 +85,7 @@ def verify(pppoe):
         if not dict_search('authentication.radius.dynamic_author.key', pppoe):
             raise ConfigError('DA/CoE server key required!')
 
+
     return None
 
 
diff --git a/src/conf_mode/vpn_l2tp.py b/src/conf_mode/vpn_l2tp.py
index 1a91951b4..b569ca140 100755
--- a/src/conf_mode/vpn_l2tp.py
+++ b/src/conf_mode/vpn_l2tp.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2019-2023 VyOS maintainers and contributors
+# Copyright (C) 2019-2024 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -70,15 +70,9 @@ def verify(l2tp):
         if not dict_search('authentication.radius.dynamic_author.key', l2tp):
             raise ConfigError('DA/CoE server key required!')
 
-    if dict_search('authentication.mode', l2tp) in ['local', 'noauth']:
-        if not dict_search('client_ip_pool', l2tp) and not dict_search('client_ipv6_pool', l2tp):
-            raise ConfigError(
-                "L2TP local auth mode requires local client-ip-pool or client-ipv6-pool to be configured!")
-        if dict_search('client_ip_pool', l2tp) and not dict_search('default_pool', l2tp):
-            Warning("'default-pool' is not defined")
-
     verify_accel_ppp_ip_pool(l2tp)
 
+
     if 'wins_server' in l2tp and len(l2tp['wins_server']) > 2:
         raise ConfigError(
             'Not more then two WINS name-servers can be configured')
diff --git a/src/conf_mode/vpn_pptp.py b/src/conf_mode/vpn_pptp.py
index f769be39f..0629625bf 100755
--- a/src/conf_mode/vpn_pptp.py
+++ b/src/conf_mode/vpn_pptp.py
@@ -80,12 +80,6 @@ def verify(pptp):
                 raise ConfigError(
                     f'Missing RADIUS secret key for server "{server}"')
 
-    if auth_mode == 'local' or auth_mode == 'noauth':
-        if not dict_search('client_ip_pool', pptp):
-            raise ConfigError(
-                'PPTP local auth mode requires local client-ip-pool '
-                'to be configured!')
-
     verify_accel_ppp_ip_pool(pptp)
 
     if 'name_server' in pptp:
diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py
index 6bf9307e1..a84513a0f 100755
--- a/src/conf_mode/vpn_sstp.py
+++ b/src/conf_mode/vpn_sstp.py
@@ -74,11 +74,8 @@ def verify(sstp):
         raise ConfigError(f'"{proto}" port "{port}" is used by another service')
 
     verify_accel_ppp_base_service(sstp)
-
-    if 'client_ip_pool' not in sstp and 'client_ipv6_pool' not in sstp:
-        raise ConfigError('Client IP subnet required')
-
     verify_accel_ppp_ip_pool(sstp)
+
     #
     # SSL certificate checks
     #
diff --git a/src/migration-scripts/ipoe-server/2-to-3 b/src/migration-scripts/ipoe-server/2-to-3
new file mode 100755
index 000000000..d4ae0a7ba
--- /dev/null
+++ b/src/migration-scripts/ipoe-server/2-to-3
@@ -0,0 +1,61 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2024 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# Migrating to named ipv6 pools
+
+import os
+
+from sys import argv
+from sys import exit
+from vyos.configtree import ConfigTree
+
+
+if len(argv) < 2:
+    print("Must specify file name!")
+    exit(1)
+
+file_name = argv[1]
+
+with open(file_name, 'r') as f:
+    config_file = f.read()
+
+config = ConfigTree(config_file)
+base = ['service', 'ipoe-server']
+pool_base = base + ['client-ipv6-pool']
+if not config.exists(base):
+    exit(0)
+
+if not config.exists(pool_base):
+    exit(0)
+
+ipv6_pool_name = 'ipv6-pool'
+config.copy(pool_base, pool_base + [ipv6_pool_name])
+
+if config.exists(pool_base + ['prefix']):
+    config.delete(pool_base + ['prefix'])
+    config.set(base + ['default-ipv6-pool'], value=ipv6_pool_name)
+if config.exists(pool_base + ['delegate']):
+    config.delete(pool_base + ['delegate'])
+
+# format as tag node
+config.set_tag(pool_base)
+
+try:
+    with open(file_name, 'w') as f:
+        f.write(config.to_string())
+except OSError as e:
+    print("Failed to save the modified config: {}".format(e))
+    exit(1)
diff --git a/src/migration-scripts/l2tp/6-to-7 b/src/migration-scripts/l2tp/6-to-7
new file mode 100755
index 000000000..f49c4ab08
--- /dev/null
+++ b/src/migration-scripts/l2tp/6-to-7
@@ -0,0 +1,60 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2024 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# Migrating to named ipv6 pools
+
+import os
+
+from sys import argv
+from sys import exit
+from vyos.configtree import ConfigTree
+
+
+if len(argv) < 2:
+    print("Must specify file name!")
+    exit(1)
+
+file_name = argv[1]
+
+with open(file_name, 'r') as f:
+    config_file = f.read()
+
+config = ConfigTree(config_file)
+base = ['vpn', 'l2tp', 'remote-access']
+pool_base = base + ['client-ipv6-pool']
+if not config.exists(base):
+    exit(0)
+
+if not config.exists(pool_base):
+    exit(0)
+
+ipv6_pool_name = 'ipv6-pool'
+config.copy(pool_base, pool_base + [ipv6_pool_name])
+
+if config.exists(pool_base + ['prefix']):
+    config.delete(pool_base + ['prefix'])
+    config.set(base + ['default-ipv6-pool'], value=ipv6_pool_name)
+if config.exists(pool_base + ['delegate']):
+    config.delete(pool_base + ['delegate'])
+# format as tag node
+config.set_tag(pool_base)
+
+try:
+    with open(file_name, 'w') as f:
+        f.write(config.to_string())
+except OSError as e:
+    print("Failed to save the modified config: {}".format(e))
+    exit(1)
diff --git a/src/migration-scripts/pppoe-server/7-to-8 b/src/migration-scripts/pppoe-server/7-to-8
new file mode 100755
index 000000000..b0d9bb464
--- /dev/null
+++ b/src/migration-scripts/pppoe-server/7-to-8
@@ -0,0 +1,61 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2023 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# Migrating to named ipv6 pools
+
+import os
+
+from sys import argv
+from sys import exit
+from vyos.configtree import ConfigTree
+
+
+if len(argv) < 2:
+    print("Must specify file name!")
+    exit(1)
+
+file_name = argv[1]
+
+with open(file_name, 'r') as f:
+    config_file = f.read()
+
+config = ConfigTree(config_file)
+base = ['service', 'pppoe-server']
+pool_base = base + ['client-ipv6-pool']
+if not config.exists(base):
+    exit(0)
+
+if not config.exists(pool_base):
+    exit(0)
+
+ipv6_pool_name = 'ipv6-pool'
+config.copy(pool_base, pool_base + [ipv6_pool_name])
+
+if config.exists(pool_base + ['prefix']):
+    config.delete(pool_base + ['prefix'])
+    config.set(base + ['default-ipv6-pool'], value=ipv6_pool_name)
+if config.exists(pool_base + ['delegate']):
+    config.delete(pool_base + ['delegate'])
+
+# format as tag node
+config.set_tag(pool_base)
+
+try:
+    with open(file_name, 'w') as f:
+        f.write(config.to_string())
+except OSError as e:
+    print("Failed to save the modified config: {}".format(e))
+    exit(1)
diff --git a/src/migration-scripts/sstp/5-to-6 b/src/migration-scripts/sstp/5-to-6
new file mode 100755
index 000000000..bac9975b2
--- /dev/null
+++ b/src/migration-scripts/sstp/5-to-6
@@ -0,0 +1,62 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2024 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# Migrating to named ipv6 pools
+
+import os
+import pprint
+
+from sys import argv
+from sys import exit
+from vyos.configtree import ConfigTree
+
+
+if len(argv) < 2:
+    print("Must specify file name!")
+    exit(1)
+
+file_name = argv[1]
+
+with open(file_name, 'r') as f:
+    config_file = f.read()
+
+config = ConfigTree(config_file)
+base = ['vpn', 'sstp']
+pool_base = base + ['client-ipv6-pool']
+if not config.exists(base):
+    exit(0)
+
+if not config.exists(pool_base):
+    exit(0)
+
+ipv6_pool_name = 'ipv6-pool'
+config.copy(pool_base, pool_base + [ipv6_pool_name])
+
+if config.exists(pool_base + ['prefix']):
+    config.delete(pool_base + ['prefix'])
+    config.set(base + ['default-ipv6-pool'], value=ipv6_pool_name)
+if config.exists(pool_base + ['delegate']):
+    config.delete(pool_base + ['delegate'])
+
+# format as tag node
+config.set_tag(pool_base)
+
+try:
+    with open(file_name, 'w') as f:
+        f.write(config.to_string())
+except OSError as e:
+    print("Failed to save the modified config: {}".format(e))
+    exit(1)