summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authoraapostoliuk <a.apostoliuk@vyos.io>2024-01-24 15:50:01 +0200
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2024-02-02 08:39:26 +0000
commit52e868e1abfecf00aafc359adefcd3ca7c57b8bd (patch)
tree5941613c8f8cec2fc215b0055de60df862814862 /src
parentb5a907135ef1943b4dbf8d195cae38cfff360d65 (diff)
downloadvyos-1x-52e868e1abfecf00aafc359adefcd3ca7c57b8bd.tar.gz
vyos-1x-52e868e1abfecf00aafc359adefcd3ca7c57b8bd.zip
T5971: Rewritten ppp options in accel-ppp services
Rewritten 'ppp-options' to the same view in all accel-ppp services. Adding IPv6 support to PPTP. (cherry picked from commit d9e57fe65dd538c6ea80637f4f6f23cf11dc583d)
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/vpn_l2tp.py5
-rwxr-xr-xsrc/conf_mode/vpn_pptp.py30
-rwxr-xr-xsrc/conf_mode/vpn_sstp.py1
-rwxr-xr-xsrc/migration-scripts/l2tp/7-to-868
-rwxr-xr-xsrc/migration-scripts/pppoe-server/8-to-969
-rwxr-xr-xsrc/migration-scripts/pptp/3-to-451
6 files changed, 191 insertions, 33 deletions
diff --git a/src/conf_mode/vpn_l2tp.py b/src/conf_mode/vpn_l2tp.py
index b569ca140..36b3d2a30 100755
--- a/src/conf_mode/vpn_l2tp.py
+++ b/src/conf_mode/vpn_l2tp.py
@@ -51,11 +51,6 @@ def get_config(config=None):
# Multiple named pools require ordered values T5099
l2tp['ordered_named_pools'] = get_pools_in_order(
dict_search('client_ip_pool', l2tp))
- l2tp['ip6_column'] = []
- if dict_search('client_ipv6_pool.prefix', l2tp):
- l2tp['ip6_column'].append('ipv6')
- if dict_search('client_ipv6_pool.delegate', l2tp):
- l2tp['ip6_column'].append('ip6-db')
l2tp['server_type'] = 'l2tp'
return l2tp
diff --git a/src/conf_mode/vpn_pptp.py b/src/conf_mode/vpn_pptp.py
index 0629625bf..b1d5067d5 100755
--- a/src/conf_mode/vpn_pptp.py
+++ b/src/conf_mode/vpn_pptp.py
@@ -22,6 +22,7 @@ from vyos.config import Config
from vyos.template import render
from vyos.utils.process import call
from vyos.utils.dict import dict_search
+from vyos.accel_ppp_util import verify_accel_ppp_base_service
from vyos.accel_ppp_util import verify_accel_ppp_ip_pool
from vyos.accel_ppp_util import get_pools_in_order
from vyos import ConfigError
@@ -58,36 +59,10 @@ def get_config(config=None):
def verify(pptp):
if not pptp:
return None
- auth_mode = dict_search('authentication.mode', pptp)
- if auth_mode == 'local':
- if not dict_search('authentication.local_users', pptp):
- raise ConfigError(
- 'PPTP local auth mode requires local users to be configured!')
-
- for user in dict_search('authentication.local_users.username', pptp):
- user_config = pptp['authentication']['local_users']['username'][
- user]
- if 'password' not in user_config:
- raise ConfigError(f'Password required for local user "{user}"')
-
- elif auth_mode == 'radius':
- if not dict_search('authentication.radius.server', pptp):
- raise ConfigError(
- 'RADIUS authentication requires at least one server')
- for server in dict_search('authentication.radius.server', pptp):
- radius_config = pptp['authentication']['radius']['server'][server]
- if 'key' not in radius_config:
- raise ConfigError(
- f'Missing RADIUS secret key for server "{server}"')
+ verify_accel_ppp_base_service(pptp)
verify_accel_ppp_ip_pool(pptp)
- if 'name_server' in pptp:
- if len(pptp['name_server']) > 2:
- raise ConfigError(
- 'Not more then two IPv4 DNS name-servers can be configured'
- )
-
if 'wins_server' in pptp and len(pptp['wins_server']) > 2:
raise ConfigError(
'Not more then two WINS name-servers can be configured')
@@ -105,6 +80,7 @@ def generate(pptp):
return None
+
def apply(pptp):
if not pptp:
call('systemctl stop accel-ppp@pptp.service')
diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py
index a84513a0f..5c229fe62 100755
--- a/src/conf_mode/vpn_sstp.py
+++ b/src/conf_mode/vpn_sstp.py
@@ -20,7 +20,6 @@ from sys import exit
from vyos.config import Config
from vyos.configdict import get_accel_dict
-from vyos.configdict import dict_merge
from vyos.pki import wrap_certificate
from vyos.pki import wrap_private_key
from vyos.template import render
diff --git a/src/migration-scripts/l2tp/7-to-8 b/src/migration-scripts/l2tp/7-to-8
new file mode 100755
index 000000000..4956e1155
--- /dev/null
+++ b/src/migration-scripts/l2tp/7-to-8
@@ -0,0 +1,68 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2024 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# Migrate from 'ccp-disable' to 'ppp-options.disable-ccp'
+# Migration ipv6 options
+
+import os
+
+from sys import argv
+from sys import exit
+from vyos.configtree import ConfigTree
+
+
+if len(argv) < 2:
+ print("Must specify file name!")
+ exit(1)
+
+file_name = argv[1]
+
+with open(file_name, 'r') as f:
+ config_file = f.read()
+
+config = ConfigTree(config_file)
+base = ['vpn', 'l2tp', 'remote-access']
+if not config.exists(base):
+ exit(0)
+
+#CCP migration
+if config.exists(base + ['ccp-disable']):
+ config.delete(base + ['ccp-disable'])
+ config.set(base + ['ppp-options', 'disable-ccp'])
+
+#IPV6 options migrations
+if config.exists(base + ['ppp-options','ipv6-peer-intf-id']):
+ intf_peer_id = config.return_value(base + ['ppp-options','ipv6-peer-intf-id'])
+ if intf_peer_id == 'ipv4':
+ intf_peer_id = 'ipv4-addr'
+ config.set(base + ['ppp-options','ipv6-peer-interface-id'], value=intf_peer_id, replace=True)
+ config.delete(base + ['ppp-options','ipv6-peer-intf-id'])
+
+if config.exists(base + ['ppp-options','ipv6-intf-id']):
+ intf_id = config.return_value(base + ['ppp-options','ipv6-intf-id'])
+ config.set(base + ['ppp-options','ipv6-interface-id'], value=intf_id, replace=True)
+ config.delete(base + ['ppp-options','ipv6-intf-id'])
+
+if config.exists(base + ['ppp-options','ipv6-accept-peer-intf-id']):
+ config.set(base + ['ppp-options','ipv6-accept-peer-interface-id'])
+ config.delete(base + ['ppp-options','ipv6-accept-peer-intf-id'])
+
+try:
+ with open(file_name, 'w') as f:
+ f.write(config.to_string())
+except OSError as e:
+ print("Failed to save the modified config: {}".format(e))
+ exit(1)
diff --git a/src/migration-scripts/pppoe-server/8-to-9 b/src/migration-scripts/pppoe-server/8-to-9
new file mode 100755
index 000000000..ad75c28a1
--- /dev/null
+++ b/src/migration-scripts/pppoe-server/8-to-9
@@ -0,0 +1,69 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2024 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# Change from 'ccp' to 'disable-ccp' in ppp-option section
+# Migration ipv6 options
+
+import os
+
+from sys import argv
+from sys import exit
+from vyos.configtree import ConfigTree
+
+
+if len(argv) < 2:
+ print("Must specify file name!")
+ exit(1)
+
+file_name = argv[1]
+
+with open(file_name, 'r') as f:
+ config_file = f.read()
+
+config = ConfigTree(config_file)
+base = ['service', 'pppoe-server']
+if not config.exists(base):
+ exit(0)
+
+#CCP migration
+if config.exists(base + ['ppp-options', 'ccp']):
+ config.delete(base + ['ppp-options', 'ccp'])
+else:
+ config.set(base + ['ppp-options', 'disable-ccp'])
+
+#IPV6 options migrations
+if config.exists(base + ['ppp-options','ipv6-peer-intf-id']):
+ intf_peer_id = config.return_value(base + ['ppp-options','ipv6-peer-intf-id'])
+ if intf_peer_id == 'ipv4':
+ intf_peer_id = 'ipv4-addr'
+ config.set(base + ['ppp-options','ipv6-peer-interface-id'], value=intf_peer_id, replace=True)
+ config.delete(base + ['ppp-options','ipv6-peer-intf-id'])
+
+if config.exists(base + ['ppp-options','ipv6-intf-id']):
+ intf_id = config.return_value(base + ['ppp-options','ipv6-intf-id'])
+ config.set(base + ['ppp-options','ipv6-interface-id'], value=intf_id, replace=True)
+ config.delete(base + ['ppp-options','ipv6-intf-id'])
+
+if config.exists(base + ['ppp-options','ipv6-accept-peer-intf-id']):
+ config.set(base + ['ppp-options','ipv6-accept-peer-interface-id'])
+ config.delete(base + ['ppp-options','ipv6-accept-peer-intf-id'])
+
+try:
+ with open(file_name, 'w') as f:
+ f.write(config.to_string())
+except OSError as e:
+ print("Failed to save the modified config: {}".format(e))
+ exit(1)
diff --git a/src/migration-scripts/pptp/3-to-4 b/src/migration-scripts/pptp/3-to-4
new file mode 100755
index 000000000..0a8dad2f4
--- /dev/null
+++ b/src/migration-scripts/pptp/3-to-4
@@ -0,0 +1,51 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2024 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# - Move 'mppe' from 'authentication' node to 'ppp-options'
+
+import os
+
+from sys import argv
+from sys import exit
+from vyos.configtree import ConfigTree
+
+
+if len(argv) < 2:
+ print("Must specify file name!")
+ exit(1)
+
+file_name = argv[1]
+
+with open(file_name, 'r') as f:
+ config_file = f.read()
+
+config = ConfigTree(config_file)
+base = ['vpn', 'pptp', 'remote-access']
+
+if not config.exists(base):
+ exit(0)
+
+if config.exists(base + ['authentication','mppe']):
+ mppe = config.return_value(base + ['authentication','mppe'])
+ config.set(base + ['ppp-options', 'mppe'], value=mppe, replace=True)
+ config.delete(base + ['authentication','mppe'])
+
+try:
+ with open(file_name, 'w') as f:
+ f.write(config.to_string())
+except OSError as e:
+ print("Failed to save the modified config: {}".format(e))
+ exit(1)