diff options
-rw-r--r-- | data/config-mode-dependencies/vyos-1x.json | 3 | ||||
-rw-r--r-- | interface-definitions/system_frr.xml.in | 2 | ||||
-rw-r--r-- | op-mode-definitions/show-system.xml.in | 4 | ||||
-rw-r--r-- | op-mode-definitions/show-version.xml.in | 2 | ||||
-rw-r--r-- | python/vyos/qos/trafficshaper.py | 2 | ||||
-rw-r--r-- | python/vyos/utils/config.py | 9 | ||||
-rwxr-xr-x | smoketest/scripts/cli/test_vpn_l2tp.py | 41 | ||||
-rwxr-xr-x | src/conf_mode/vpn_l2tp.py | 10 | ||||
-rwxr-xr-x | src/init/vyos-router | 6 |
9 files changed, 67 insertions, 12 deletions
diff --git a/data/config-mode-dependencies/vyos-1x.json b/data/config-mode-dependencies/vyos-1x.json index 4fd94d895..b62603e34 100644 --- a/data/config-mode-dependencies/vyos-1x.json +++ b/data/config-mode-dependencies/vyos-1x.json @@ -29,6 +29,9 @@ "openconnect": ["vpn_openconnect"], "sstp": ["vpn_sstp"] }, + "vpn_l2tp": { + "ipsec": ["vpn_ipsec"] + }, "qos": { "bonding": ["interfaces_bonding"], "bridge": ["interfaces_bridge"], diff --git a/interface-definitions/system_frr.xml.in b/interface-definitions/system_frr.xml.in index 76001b392..28242dfe4 100644 --- a/interface-definitions/system_frr.xml.in +++ b/interface-definitions/system_frr.xml.in @@ -4,7 +4,7 @@ <children> <node name="frr" owner="${vyos_conf_scripts_dir}/system_frr.py"> <properties> - <help>Configure FRR parameters</help> + <help>Configure FRRouting parameters</help> <!-- Before components that use FRR --> <priority>150</priority> </properties> diff --git a/op-mode-definitions/show-system.xml.in b/op-mode-definitions/show-system.xml.in index 116c7460f..6873b816b 100644 --- a/op-mode-definitions/show-system.xml.in +++ b/op-mode-definitions/show-system.xml.in @@ -150,7 +150,7 @@ </children> </tagNode> </children> - </node> + </node> <node name="users"> <properties> <help>Show user account information</help> @@ -239,7 +239,7 @@ </node> <leafNode name="routing-daemons"> <properties> - <help>Show Quagga routing daemons</help> + <help>Show FRRouting daemons</help> </properties> <command>vtysh -c "show daemons"</command> </leafNode> diff --git a/op-mode-definitions/show-version.xml.in b/op-mode-definitions/show-version.xml.in index d9c4738af..36e68ff79 100644 --- a/op-mode-definitions/show-version.xml.in +++ b/op-mode-definitions/show-version.xml.in @@ -22,7 +22,7 @@ </leafNode> <leafNode name="frr"> <properties> - <help>Show Quagga version information</help> + <help>Show FRRouting version information</help> </properties> <command>vtysh -c "show version"</command> </leafNode> diff --git a/python/vyos/qos/trafficshaper.py b/python/vyos/qos/trafficshaper.py index d6705cc77..7d580baa2 100644 --- a/python/vyos/qos/trafficshaper.py +++ b/python/vyos/qos/trafficshaper.py @@ -39,7 +39,7 @@ class TrafficShaper(QoSBase): # need a bigger r2q if going fast than 16 mbits/sec if (speed_bps // r2q) >= MAXQUANTUM: # integer division - r2q = ceil(speed_bps // MAXQUANTUM) + r2q = ceil(speed_bps / MAXQUANTUM) else: # if there is a slow class then may need smaller value if 'class' in config: diff --git a/python/vyos/utils/config.py b/python/vyos/utils/config.py index bd363ce46..33047010b 100644 --- a/python/vyos/utils/config.py +++ b/python/vyos/utils/config.py @@ -1,4 +1,4 @@ -# Copyright 2023 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2023-2024 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -31,4 +31,9 @@ def read_saved_value(path: list): if not ct.exists(path): return '' res = ct.return_values(path) - return res[0] if len(res) == 1 else res + if len(res) == 1: + return res[0] + res = ct.list_nodes(path) + if len(res) == 1: + return ' '.join(res) + return res diff --git a/smoketest/scripts/cli/test_vpn_l2tp.py b/smoketest/scripts/cli/test_vpn_l2tp.py index 3d9d94f52..e253f0e49 100755 --- a/smoketest/scripts/cli/test_vpn_l2tp.py +++ b/smoketest/scripts/cli/test_vpn_l2tp.py @@ -54,6 +54,47 @@ class TestVPNL2TPServer(BasicAccelPPPTest.TestCase): self.assertEqual(conf['modules']['auth_mschap_v2'], None) + def test_vpn_l2tp_dependence_ipsec_swanctl(self): + # Test config vpn for tasks T3843 and T5926 + + base_path = ['vpn', 'l2tp', 'remote-access'] + # make precondition + self.cli_set(['interfaces', 'dummy', 'dum0', 'address', '203.0.113.1/32']) + self.cli_set(['vpn', 'ipsec', 'interface', 'dum0']) + + self.cli_commit() + # check ipsec apply to swanctl + self.assertEqual('', cmd('echo vyos | sudo -S swanctl -L ')) + + self.cli_set(base_path + ['authentication', 'local-users', 'username', 'foo', 'password', 'bar']) + self.cli_set(base_path + ['authentication', 'mode', 'local']) + self.cli_set(base_path + ['authentication', 'protocols', 'chap']) + self.cli_set(base_path + ['client-ip-pool', 'first', 'range', '10.200.100.100-10.200.100.110']) + self.cli_set(base_path + ['description', 'VPN - REMOTE']) + self.cli_set(base_path + ['name-server', '1.1.1.1']) + self.cli_set(base_path + ['ipsec-settings', 'authentication', 'mode', 'pre-shared-secret']) + self.cli_set(base_path + ['ipsec-settings', 'authentication', 'pre-shared-secret', 'SeCret']) + self.cli_set(base_path + ['ipsec-settings', 'ike-lifetime', '8600']) + self.cli_set(base_path + ['ipsec-settings', 'lifetime', '3600']) + self.cli_set(base_path + ['outside-address', '203.0.113.1']) + self.cli_set(base_path + ['gateway-address', '203.0.113.1']) + + self.cli_commit() + + # check l2tp apply to swanctl + self.assertTrue('l2tp_remote_access:' in cmd('echo vyos | sudo -S swanctl -L ')) + + self.cli_delete(['vpn', 'l2tp']) + self.cli_commit() + + # check l2tp apply to swanctl after delete config + self.assertEqual('', cmd('echo vyos | sudo -S swanctl -L ')) + + # need to correct tearDown test + self.basic_config() + self.cli_set(base_path + ['authentication', 'protocols', 'chap']) + self.cli_commit() + if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/src/conf_mode/vpn_l2tp.py b/src/conf_mode/vpn_l2tp.py index 36b3d2a30..4ca717814 100755 --- a/src/conf_mode/vpn_l2tp.py +++ b/src/conf_mode/vpn_l2tp.py @@ -19,6 +19,7 @@ import os from sys import exit from vyos.config import Config +from vyos.configdep import call_dependents, set_dependents from vyos.configdict import get_accel_dict from vyos.template import render from vyos.utils.process import call @@ -42,6 +43,9 @@ def get_config(config=None): else: conf = Config() base = ['vpn', 'l2tp', 'remote-access'] + + set_dependents('ipsec', conf) + if not conf.exists(base): return None @@ -94,10 +98,10 @@ def apply(l2tp): for file in [l2tp_chap_secrets, l2tp_conf]: if os.path.exists(file): os.unlink(file) + else: + call('systemctl restart accel-ppp@l2tp.service') - return None - - call('systemctl restart accel-ppp@l2tp.service') + call_dependents() if __name__ == '__main__': diff --git a/src/init/vyos-router b/src/init/vyos-router index ac1cf249e..2b4fac5ef 100755 --- a/src/init/vyos-router +++ b/src/init/vyos-router @@ -448,14 +448,16 @@ start () restore_if_missing_postconfig_script run_postconfig_scripts - vtysh -c "rpki start" + tmp=$(${vyos_libexec_dir}/read-saved-value.py --path "protocols rpki cache") + if [ ! -z $tmp ]; then + vtysh -c "rpki start" + fi } stop() { local -i status=0 log_daemon_msg "Stopping VyOS router" - vtysh -c "rpki stop" for ((i=${#sub_inits[@]} - 1; i >= 0; i--)) ; do s=${subinit[$i]} log_progress_msg $s |