diff options
| -rw-r--r-- | Makefile | 1 | ||||
| -rw-r--r-- | op-mode-definitions/reset-vpn.xml | 84 | ||||
| -rwxr-xr-x | src/conf_mode/accel_l2tp.py | 1 | ||||
| -rwxr-xr-x | src/op_mode/reset_vpn.py | 85 |
4 files changed, 171 insertions, 0 deletions
@@ -43,6 +43,7 @@ op_mode_definitions: rm -f $(OP_TMPL_DIR)/show/vpn/node.def rm -f $(OP_TMPL_DIR)/show/system/node.def rm -f $(OP_TMPL_DIR)/delete/node.def + rm -f $(OP_TMPL_DIR)/reset/vpn/node.def .PHONY: all all: clean interface_definitions op_mode_definitions diff --git a/op-mode-definitions/reset-vpn.xml b/op-mode-definitions/reset-vpn.xml new file mode 100644 index 000000000..c0b0ddeb1 --- /dev/null +++ b/op-mode-definitions/reset-vpn.xml @@ -0,0 +1,84 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="reset"> + <properties> + <help>Reset a service</help> + </properties> + <children> + <node name="vpn"> + <properties> + <help>Reset Virtual Private Network (VPN) information</help> + </properties> + <children> + <node name="remote-access"> + <properties> + <help>Reset remote access VPN connections</help> + </properties> + <children> + <node name="all"> + <properties> + <help>Terminate all user's current remote access VPN session(s)</help> + </properties> + <children> + <node name="protocol"> + <properties> + <help>Terminate specified user's current remote access VPN session(s) with specified protocol</help> + </properties> + <children> + <leafNode name="l2tp"> + <properties> + <help>Terminate all user's current remote access VPN session(s) with L2TP protocol</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --username="all_users" --protocol="l2tp"</command> + </leafNode> + <leafNode name="pptp"> + <properties> + <help>Terminate all user's current remote access VPN session(s) with PPTP protocol</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --username="all_users" --protocol="pptp"</command> + </leafNode> + </children> + </node> + </children> + <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --username="all_users"</command> + </node> + <tagNode name="interface"> + <properties> + <help>Terminate a remote access VPN interface</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --interface="$5"</command> + </tagNode> + <tagNode name="user"> + <properties> + <help>Terminate specified user's current remote access VPN session(s)</help> + </properties> + <children> + <node name="protocol"> + <properties> + <help>Terminate specified user's current remote access VPN session(s) with specified protocol</help> + </properties> + <children> + <leafNode name="l2tp"> + <properties> + <help>Terminate all user's current remote access VPN session(s) with L2TP protocol</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --username="all_users" --protocol="l2tp"</command> + </leafNode> + <leafNode name="pptp"> + <properties> + <help>Terminate all user's current remote access VPN session(s) with PPTP protocol</help> + </properties> + <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --username="all_users" --protocol="pptp"</command> + </leafNode> + </children> + </node> + </children> + <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --username="$5"</command> + </tagNode> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/src/conf_mode/accel_l2tp.py b/src/conf_mode/accel_l2tp.py index 3af8b7958..fc60a8cd7 100755 --- a/src/conf_mode/accel_l2tp.py +++ b/src/conf_mode/accel_l2tp.py @@ -94,6 +94,7 @@ wins2={{wins[1]}} [l2tp] verbose=1 +ifname=l2tp%d ppp-max-mtu={{mtu}} mppe={{authentication['mppe']}} {% if outside_addr %} diff --git a/src/op_mode/reset_vpn.py b/src/op_mode/reset_vpn.py new file mode 100755 index 000000000..52677b58d --- /dev/null +++ b/src/op_mode/reset_vpn.py @@ -0,0 +1,85 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2019 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# import os +import sys +import subprocess +import argparse +#import re + +pptp_cmd = ["/usr/bin/accel-cmd", "-p 2003"] +l2tp_cmd = ["/usr/bin/accel-cmd", "-p 2004"] + +def terminate_sessions(username='', interface='', protocol=''): + if username: + if username == "all_users": + if protocol == "pptp": + pptp_cmd.append("terminate all") + subprocess.call(pptp_cmd, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) + return + elif protocol == "l2tp": + l2tp_cmd.append("terminate all") + subprocess.call(l2tp_cmd, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) + return + else: + pptp_cmd.append("terminate all") + subprocess.call(pptp_cmd, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) + l2tp_cmd.append("terminate all") + subprocess.call(l2tp_cmd, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) + return + + if protocol == "pptp": + pptp_cmd.append("terminate username {0}".format(username)) + subprocess.call(pptp_cmd, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) + return + elif protocol == "l2tp": + l2tp_cmd.append("terminate username {0}".format(username)) + subprocess.call(l2tp_cmd, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) + return + else: + pptp_cmd.append("terminate username {0}".format(username)) + subprocess.call(pptp_cmd, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) + l2tp_cmd.append("terminate username {0}".format(username)) + subprocess.call(l2tp_cmd, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) + return + + # rewrite `terminate by interface` if pptp will have pptp%d interface naming + if interface: + pptp_cmd.append("terminate if {0}".format(interface)) + subprocess.call(pptp_cmd, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) + l2tp_cmd.append("terminate if {0}".format(interface)) + subprocess.call(l2tp_cmd, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) + + +def main(): + #parese args + parser = argparse.ArgumentParser() + parser.add_argument('--username', help='Terminate by username (all_users used for disconnect all users)', required=False) + parser.add_argument('--interface', help='Terminate by interface', required=False) + parser.add_argument('--protocol', help='Set protocol (pptp|l2tp)', required=False) + args = parser.parse_args() + + if args.username or args.interface: + terminate_sessions(username=args.username, interface=args.interface, protocol=args.protocol) + else: + print("Param --username or --interface required") + sys.exit(1) + + terminate_sessions() + + +if __name__ == '__main__': + main() |