7 files changed, 74 insertions, 125 deletions

diff --git a/data/templates/accel-ppp/chap-secrets.ipoe.j2 b/data/templates/accel-ppp/chap-secrets.ipoe.j2
index a1430ec22..43083e22e 100644
--- a/data/templates/accel-ppp/chap-secrets.ipoe.j2
+++ b/data/templates/accel-ppp/chap-secrets.ipoe.j2
@@ -1,18 +1,13 @@
 # username  server  password  acceptable local IP addresses   shaper
-{% for interface in auth_interfaces %}
-{%     for mac in interface.mac %}
-{%         if mac.rate_upload and mac.rate_download %}
-{%             if mac.vlan_id %}
-{{ interface.name }}.{{ mac.vlan_id }} * {{ mac.address | lower }} * {{ mac.rate_download }}/{{ mac.rate_upload }}
-{%             else %}
-{{ interface.name }} * {{ mac.address | lower }}  * {{ mac.rate_download }}/{{ mac.rate_upload }}
-{%             endif %}
-{%         else %}
-{%             if mac.vlan_id %}
-{{ interface.name }}.{{ mac.vlan_id }} * {{ mac.address | lower }} *
-{%             else %}
-{{ interface.name }} * {{ mac.address | lower }}  *
-{%             endif %}
+{% if authentication.interface is vyos_defined %}
+{%     for iface, iface_config in authentication.interface.items() %}
+{%         if iface_config.mac is vyos_defined %}
+{%             for mac, mac_config in iface_config.mac.items() %}
+{%                 if mac_config.vlan is vyos_defined %}
+{%                     set iface = iface ~ '.' ~ mac_config.vlan %}
+{%                 endif %}
+{{ "%-11s" | format(iface) }} * {{ mac | lower }} * {{ mac_config.rate_limit.download ~ '/' ~ mac_config.rate_limit.upload if mac_config.rate_limit.download is vyos_defined and mac_config.rate_limit.upload is vyos_defined }}
+{%             endfor %}
 {%         endif %}
 {%     endfor %}
-{% endfor %}
+{% endif %}
diff --git a/data/templates/accel-ppp/config_ipv6_pool.j2 b/data/templates/accel-ppp/config_ipv6_pool.j2
index 953469577..a1562a1eb 100644
--- a/data/templates/accel-ppp/config_ipv6_pool.j2
+++ b/data/templates/accel-ppp/config_ipv6_pool.j2
@@ -1,6 +1,7 @@
 {% if client_ipv6_pool is vyos_defined %}
 [ipv6-nd]
 AdvAutonomousFlag=1
+verbose=1
 
 {%     if client_ipv6_pool.prefix is vyos_defined %}
 [ipv6-pool]
@@ -13,6 +14,7 @@ delegate={{ prefix }},{{ options.delegation_prefix }}
 {%             endfor %}
 {%         endif %}
 {%     endif %}
+
 {%     if client_ipv6_pool.delegate is vyos_defined %}
 [ipv6-dhcp]
 verbose=1
diff --git a/data/templates/accel-ppp/ipoe.config.j2 b/data/templates/accel-ppp/ipoe.config.j2
index 3c0d47b27..99227ea33 100644
--- a/data/templates/accel-ppp/ipoe.config.j2
+++ b/data/templates/accel-ppp/ipoe.config.j2
@@ -4,18 +4,15 @@
 log_syslog
 ipoe
 shaper
+{# Common authentication backend definitions #}
+{% include 'accel-ppp/config_modules_auth_mode.j2' %}
 ipv6pool
 ipv6_nd
 ipv6_dhcp
 ippool
-{% if auth_mode == 'radius' %}
-radius
-{% elif auth_mode == 'local' %}
-chap-secrets
-{% endif %}
 
 [core]
-thread-count={{ thread_cnt }}
+thread-count={{ thread_count }}
 
 [log]
 syslog=accel-ipoe,daemon
@@ -24,28 +21,34 @@ level=5
 
 [ipoe]
 verbose=1
-{% for interface in interfaces %}
-{%     set tmp = 'interface=' %}
-{%     if interface.vlan_mon %}
-{%         set tmp = tmp ~ 're:' ~ interface.name ~ '\.\d+' %}
-{%     else %}
-{%         set tmp = tmp ~ interface.name %}
-{%     endif %}
-{{ tmp }},shared={{ interface.shared }},mode={{ interface.mode }},ifcfg={{ interface.ifcfg }}{{ ',range=' ~ interface.range if interface.range is defined and interface.range is not none }},start={{ interface.sess_start }},ipv6=1
-{% endfor %}
-{% if auth_mode == 'noauth' %}
+{% if interface is vyos_defined %}
+{%     for iface, iface_config in interface.items() %}
+{%         set tmp = 'interface=' %}
+{%         if iface_config.vlan is vyos_defined %}
+{%             set tmp = tmp ~ 're:' ~ iface ~ '\.\d+' %}
+{%         else %}
+{%             set tmp = tmp ~ iface %}
+{%         endif %}
+{%         set shared = '' %}
+{%         if iface_config.network is vyos_defined('shared') %}
+{%             set shared = 'shared=1,' %}
+{%         elif iface_config.network is vyos_defined('vlan') %}
+{%             set shared = 'shared=0,' %}
+{%         endif %}
+{{ tmp }},{{ shared }}mode={{ iface_config.mode | upper }},ifcfg=1,range={{ iface_config.client_subnet }},start=dhcpv4,ipv6=1
+{%     endfor %}
+{% endif %}
+{% if authentication.mode is vyos_defined('noauth') %}
 noauth=1
-{%     if client_named_ip_pool %}
-{%         for pool in client_named_ip_pool %}
-{%             if pool.subnet is defined  %}
-ip-pool={{ pool.name }}
-{%             endif %}
-{%             if pool.gateway_address is defined %}
-gw-ip-address={{ pool.gateway_address }}/{{ pool.subnet.split('/')[1] }}
+{%     if client_ip_pool.name is vyos_defined %}
+{%         for pool, pool_options in client_ip_pool.name.items() %}
+{%             if pool_options.subnet is vyos_defined and pool_options.gateway_address is vyos_defined %}
+ip-pool={{ pool }}
+gw-ip-address={{ pool_options.gateway_address }}/{{ pool_options.subnet.split('/')[1] }}
 {%             endif %}
 {%         endfor %}
 {%     endif %}
-{% elif auth_mode == 'local' %}
+{% elif authentication.mode is vyos_defined('local') %}
 username=ifname
 password=csid
 {% endif %}
@@ -57,86 +60,27 @@ vlan-mon={{ interface.name }},{{ interface.vlan_mon | join(',') }}
 {%     endif %}
 {% endfor %}
 
-{% if dnsv4 %}
-[dns]
-{%     for dns in dnsv4 %}
-dns{{ loop.index }}={{ dns }}
-{%     endfor %}
-{% endif %}
-
-{% if dnsv6 %}
-[ipv6-dns]
-{%     for dns in dnsv6 %}
-{{ dns }}
-{%     endfor %}
-{% endif %}
-
-[ipv6-nd]
-verbose=1
-
-[ipv6-dhcp]
-verbose=1
-
-{% if client_named_ip_pool %}
+{% if client_ip_pool.name is vyos_defined %}
 [ip-pool]
-{%     for pool in client_named_ip_pool %}
-{%         if pool.subnet is defined  %}
-{{ pool.subnet }},name={{ pool.name }}
-{%         endif %}
-{%         if pool.gateway_address is defined %}
-gw-ip-address={{ pool.gateway_address }}/{{ pool.subnet.split('/')[1] }}
+{%     for pool, pool_options in client_ip_pool.name.items() %}
+{%         if pool_options.subnet is vyos_defined and pool_options.gateway_address is vyos_defined %}
+{{ pool_options.subnet }},name={{ pool }}
+gw-ip-address={{ pool_options.gateway_address }}/{{ pool_options.subnet.split('/')[1] }}
 {%         endif %}
 {%     endfor %}
 {% endif %}
 
-{% if client_ipv6_pool %}
-[ipv6-pool]
-{%     for p in client_ipv6_pool %}
-{{ p.prefix }},{{ p.mask }}
-{%     endfor %}
-{%     for p in client_ipv6_delegate_prefix %}
-delegate={{ p.prefix }},{{ p.mask }}
-{%     endfor %}
-{% endif %}
+{# Common IPv6 pool definitions #}
+{% include 'accel-ppp/config_ipv6_pool.j2' %}
 
-{% if auth_mode == 'local' %}
-[chap-secrets]
-chap-secrets={{ chap_secrets_file }}
-{% elif auth_mode == 'radius' %}
-[radius]
-verbose=1
-{%     for r in radius_server %}
-server={{ r.server }},{{ r.key }},auth-port={{ r.port }},acct-port={{ r.acct_port }},req-limit=0,fail-time={{ r.fail_time }}
-{%     endfor %}
+{# Common DNS name-server definition #}
+{% include 'accel-ppp/config_name_server.j2' %}
 
-{%     if radius_acct_inter_jitter %}
-acct-interim-jitter={{ radius_acct_inter_jitter }}
-{%     endif %}
+{# Common chap-secrets and RADIUS server/option definitions #}
+{% include 'accel-ppp/config_chap_secrets_radius.j2' %}
 
-acct-timeout={{ radius_acct_tmo }}
-timeout={{ radius_timeout }}
-max-try={{ radius_max_try }}
-{%     if radius_nas_id %}
-nas-identifier={{ radius_nas_id }}
-{%     endif %}
-{%     if radius_nas_ip %}
-nas-ip-address={{ radius_nas_ip }}
-{%     endif %}
-{%     if radius_source_address %}
-bind={{ radius_source_address }}
-{%     endif %}
-{%     if radius_dynamic_author %}
-dae-server={{ radius_dynamic_author.server }}:{{ radius_dynamic_author.port }},{{ radius_dynamic_author.key }}
-{%     endif %}
-{%     if radius_shaper_attr %}
-[shaper]
-verbose=1
-attr={{ radius_shaper_attr }}
-{%         if radius_shaper_vendor %}
-vendor={{ radius_shaper_vendor }}
-{%         endif %}
-{%     endif %}
-{% endif %}
+{# Common RADIUS shaper configuration #}
+{% include 'accel-ppp/config_shaper_radius.j2' %}
 
 [cli]
 tcp=127.0.0.1:2002
diff --git a/data/templates/accel-ppp/l2tp.config.j2 b/data/templates/accel-ppp/l2tp.config.j2
index 9eeaf7622..3d1e835a9 100644
--- a/data/templates/accel-ppp/l2tp.config.j2
+++ b/data/templates/accel-ppp/l2tp.config.j2
@@ -88,6 +88,9 @@ verbose=1
 {%     for r in radius_server %}
 server={{ r.server }},{{ r.key }},auth-port={{ r.port }},acct-port={{ r.acct_port }},req-limit=0,fail-time={{ r.fail_time }}
 {%     endfor %}
+{%     if radius_dynamic_author.server is vyos_defined %}
+dae-server={{ radius_dynamic_author.server }}:{{ radius_dynamic_author.port }},{{ radius_dynamic_author.key }}
+{%     endif %}
 {%     if radius_acct_inter_jitter %}
 acct-interim-jitter={{ radius_acct_inter_jitter }}
 {%     endif %}
@@ -118,8 +121,10 @@ lcp-echo-failure={{ ppp_echo_failure }}
 {% if ccp_disable %}
 ccp=0
 {% endif %}
-{% if client_ipv6_pool %}
-ipv6=allow
+{% if ppp_ipv6 is vyos_defined %}
+ipv6={{ ppp_ipv6 }}
+{% else %}
+{{ 'ipv6=allow' if client_ipv6_pool_configured else '' }}
 {% endif %}
 
 
diff --git a/data/templates/accel-ppp/pppoe.config.j2 b/data/templates/accel-ppp/pppoe.config.j2
index 0a92e2d54..f4129d3e2 100644
--- a/data/templates/accel-ppp/pppoe.config.j2
+++ b/data/templates/accel-ppp/pppoe.config.j2
@@ -105,20 +105,13 @@ ac-name={{ access_concentrator }}
 
 {% if interface is vyos_defined %}
 {%     for iface, iface_config in interface.items() %}
-{%         if iface_config.vlan_id is not vyos_defined and iface_config.vlan_range is not vyos_defined %}
+{%         if iface_config.vlan is not vyos_defined %}
 interface={{ iface }}
-{%         endif %}
-{%         if iface_config.vlan_range is vyos_defined %}
-{%             for regex in iface_config.regex %}
-interface=re:^{{ iface | replace('.', '\\.') }}\.({{ regex }})$
-{%             endfor %}
-vlan-mon={{ iface }},{{ iface_config.vlan_range | join(',') }}
-{%         endif %}
-{%         if iface_config.vlan_id is vyos_defined %}
-{%             for vlan in iface_config.vlan_id %}
-vlan-mon={{ iface }},{{ vlan }}
-interface=re:^{{ iface | replace('.', '\\.') }}\.{{ vlan }}$
+{%         else %}
+{%             for vlan in iface_config.vlan %}
+interface=re:^{{ iface }}\.{{ vlan | range_to_regex }}$
 {%             endfor %}
+vlan-mon={{ iface }},{{ iface_config.vlan | join(',') }}
 {%         endif %}
 {%     endfor %}
 {% endif %}
diff --git a/data/templates/accel-ppp/pptp.config.j2 b/data/templates/accel-ppp/pptp.config.j2
index cc1a45d6b..442830b6b 100644
--- a/data/templates/accel-ppp/pptp.config.j2
+++ b/data/templates/accel-ppp/pptp.config.j2
@@ -93,6 +93,15 @@ bind={{ radius_source_address }}
 gw-ip-address={{ gw_ip }}
 {% endif %}
 
+{% if radius_shaper_attr %}
+[shaper]
+verbose=1
+attr={{ radius_shaper_attr }}
+{%     if radius_shaper_vendor %}
+vendor={{ radius_shaper_vendor }}
+{%     endif %}
+{% endif %}
+
 [cli]
 tcp=127.0.0.1:2003
 
diff --git a/data/templates/accel-ppp/sstp.config.j2 b/data/templates/accel-ppp/sstp.config.j2
index 5c6f19306..7ee28dd21 100644
--- a/data/templates/accel-ppp/sstp.config.j2
+++ b/data/templates/accel-ppp/sstp.config.j2
@@ -28,6 +28,7 @@ disable
 [sstp]
 verbose=1
 ifname=sstp%d
+port={{ port }}
 accept=ssl
 ssl-ca-file=/run/accel-pppd/sstp-ca.pem
 ssl-pemfile=/run/accel-pppd/sstp-cert.pem