diff options
Diffstat (limited to 'data/templates')
| -rw-r--r-- | data/templates/accel-ppp/config_chap_secrets_radius.j2 | 15 | ||||
| -rw-r--r-- | data/templates/accel-ppp/pppoe.config.j2 | 2 | ||||
| -rw-r--r-- | data/templates/accel-ppp/sstp.config.j2 | 3 | ||||
| -rw-r--r-- | data/templates/firewall/upnpd.conf.j2 | 227 | ||||
| -rw-r--r-- | data/templates/frr/zebra.vrf.route-map.frr.j2 | 6 | ||||
| -rw-r--r-- | data/templates/grub/grub_compat.j2 | 4 | ||||
| -rw-r--r-- | data/templates/grub/grub_options.j2 | 6 | ||||
| -rw-r--r-- | data/templates/load-balancing/haproxy.cfg.j2 | 10 | ||||
| -rw-r--r-- | data/templates/wifi/hostapd.conf.j2 | 7 |
9 files changed, 35 insertions, 245 deletions
diff --git a/data/templates/accel-ppp/config_chap_secrets_radius.j2 b/data/templates/accel-ppp/config_chap_secrets_radius.j2 index 595e3a565..e343ce461 100644 --- a/data/templates/accel-ppp/config_chap_secrets_radius.j2 +++ b/data/templates/accel-ppp/config_chap_secrets_radius.j2 @@ -5,7 +5,20 @@ chap-secrets={{ chap_secrets_file }} [radius] verbose=1 {% for server, options in authentication.radius.server.items() if not options.disable is vyos_defined %} -server={{ server }},{{ options.key }},auth-port={{ options.port }},acct-port={{ options.acct_port }},req-limit=0,fail-time={{ options.fail_time }} +{% set _server_cfg = "server=" %} +{% set _server_cfg = _server_cfg + server %} +{% set _server_cfg = _server_cfg + "," + options.key %} +{% set _server_cfg = _server_cfg + ",auth-port=" + options.port %} +{% set _server_cfg = _server_cfg + ",acct-port=" + options.acct_port %} +{% set _server_cfg = _server_cfg + ",req-limit=0" %} +{% set _server_cfg = _server_cfg + ",fail-time=" + options.fail_time %} +{% if options.priority is vyos_defined %} +{% set _server_cfg = _server_cfg + ",weight=" + options.priority %} +{% endif %} +{% if options.backup is vyos_defined %} +{% set _server_cfg = _server_cfg + ",backup" %} +{% endif %} +{{ _server_cfg }} {% endfor %} {% if authentication.radius.accounting_interim_interval is vyos_defined %} acct-interim-interval={{ authentication.radius.accounting_interim_interval }} diff --git a/data/templates/accel-ppp/pppoe.config.j2 b/data/templates/accel-ppp/pppoe.config.j2 index ddf0da518..42bc8440c 100644 --- a/data/templates/accel-ppp/pppoe.config.j2 +++ b/data/templates/accel-ppp/pppoe.config.j2 @@ -67,7 +67,7 @@ service-name={{ service_name | join(',') }} {% set delay_without_sessions = pado_delay.delays_without_sessions[0] | default('0') %} {% set pado_delay_param = namespace(value=delay_without_sessions) %} {% for delay, sessions in pado_delay.delays_with_sessions | sort(attribute='1') %} -{% if not loop.last %} +{% if not delay == 'disable' %} {% set pado_delay_param.value = pado_delay_param.value + ',' + delay + ':' + sessions | string %} {% else %} {% set pado_delay_param.value = pado_delay_param.value + ',-1:' + sessions | string %} diff --git a/data/templates/accel-ppp/sstp.config.j2 b/data/templates/accel-ppp/sstp.config.j2 index b624f83a3..22fb55506 100644 --- a/data/templates/accel-ppp/sstp.config.j2 +++ b/data/templates/accel-ppp/sstp.config.j2 @@ -42,6 +42,9 @@ accept=ssl ssl-ca-file=/run/accel-pppd/sstp-ca.pem ssl-pemfile=/run/accel-pppd/sstp-cert.pem ssl-keyfile=/run/accel-pppd/sstp-cert.key +{% if host_name is vyos_defined %} +host-name={{ host_name }} +{% endif %} {% if default_pool is vyos_defined %} ip-pool={{ default_pool }} {% endif %} diff --git a/data/templates/firewall/upnpd.conf.j2 b/data/templates/firewall/upnpd.conf.j2 deleted file mode 100644 index 616e8869f..000000000 --- a/data/templates/firewall/upnpd.conf.j2 +++ /dev/null @@ -1,227 +0,0 @@ -# This is the UPNP configuration file - -# WAN network interface -ext_ifname={{ wan_interface }} -{% if wan_ip is vyos_defined %} - -# if the WAN network interface for IPv6 is different than for IPv4, -# set ext_ifname6 -#ext_ifname6=eth2 - -# If the WAN interface has several IP addresses, you -# can specify the one to use below. -# Setting ext_ip is also useful in double NAT setup, you can declare here -# the public IP address. -{% for addr in wan_ip %} -ext_ip={{ addr }} -{% endfor %} -{% endif %} - -{% if stun is vyos_defined %} -# WAN interface must have public IP address. Otherwise it is behind NAT -# and port forwarding is impossible. In some cases WAN interface can be -# behind unrestricted full-cone NAT 1:1 when all incoming traffic is NAT-ed and -# routed to WAN interfaces without any filtering. In this cases miniupnpd -# needs to know public IP address and it can be learnt by asking external -# server via STUN protocol. Following option enable retrieving external -# public IP address from STUN server and detection of NAT type. You need -# to specify also external STUN server in stun_host option below. -# This option is disabled by default. -ext_perform_stun=yes -# Specify STUN server, either hostname or IP address -# Some public STUN servers: -# stun.stunprotocol.org -# stun.sipgate.net -# stun.xten.com -# stun.l.google.com (on non standard port 19302) -ext_stun_host={{ stun.host }} -# Specify STUN UDP port, by default it is standard port 3478. -ext_stun_port={{ stun.port }} -{% endif %} - -# LAN network interfaces IPs / networks -{% if listen is vyos_defined %} -# There can be multiple listening IPs for SSDP traffic, in that case -# use multiple 'listening_ip=...' lines, one for each network interface. -# It can be IP address or network interface name (ie. "eth0") -# It is mandatory to use the network interface name in order to enable IPv6 -# HTTP is available on all interfaces. -# When MULTIPLE_EXTERNAL_IP is enabled, the external IP -# address associated with the subnet follows. For example: -# listening_ip=192.168.0.1/24 88.22.44.13 -# When MULTIPLE_EXTERNAL_IP is disabled, you can list associated network -# interfaces (for bridges) -# listening_ip=bridge0 em0 wlan0 -{% for addr in listen %} -{% if addr | is_ipv4 %} -listening_ip={{ addr }} -{% elif addr | is_ipv6 %} -ipv6_listening_ip={{ addr }} -{% else %} -listening_ip={{ addr }} -{% endif %} -{% endfor %} -{% endif %} - -# CAUTION: mixing up WAN and LAN interfaces may introduce security risks! -# Be sure to assign the correct interfaces to LAN and WAN and consider -# implementing UPnP permission rules at the bottom of this configuration file - -# Port for HTTP (descriptions and SOAP) traffic. Set to 0 for autoselect. -#http_port=0 -# Port for HTTPS. Set to 0 for autoselect (default) -#https_port=0 - -# Path to the UNIX socket used to communicate with MiniSSDPd -# If running, MiniSSDPd will manage M-SEARCH answering. -# default is /var/run/minissdpd.sock -#minissdpdsocket=/var/run/minissdpd.sock - -{% if nat_pmp is vyos_defined %} -# Enable NAT-PMP support (default is no) -enable_natpmp=yes -{% endif %} - -# Enable UPNP support (default is yes) -enable_upnp=yes - -{% if pcp_lifetime is vyos_defined %} -# PCP -# Configure the minimum and maximum lifetime of a port mapping in seconds -# 120s and 86400s (24h) are suggested values from PCP-base -{% if pcp_lifetime.max is vyos_defined %} -max_lifetime={{ pcp_lifetime.max }} -{% endif %} -{% if pcp_lifetime.min is vyos_defined %} -min_lifetime={{ pcp_lifetime.min }} -{% endif %} -{% endif %} - -# table names for netfilter nft. Default is "filter" for both -#upnp_table_name= -#upnp_nat_table_name= -# chain names for netfilter and netfilter nft -# netfilter : default are MINIUPNPD, MINIUPNPD, MINIUPNPD-POSTROUTING -# netfilter nft : default are miniupnpd, prerouting_miniupnpd, postrouting_miniupnpd -#upnp_forward_chain=forwardUPnP -#upnp_nat_chain=UPnP -#upnp_nat_postrouting_chain=UPnP-Postrouting - -# Lease file location -lease_file=/config/upnp.leases - -# To enable the next few runtime options, see compile time -# ENABLE_MANUFACTURER_INFO_CONFIGURATION (config.h) - -{% if friendly_name is vyos_defined %} -# Name of this service, default is "`uname -s` router" -friendly_name={{ friendly_name }} -{% endif %} - -# Manufacturer name, default is "`uname -s`" -manufacturer_name=VyOS - -# Manufacturer URL, default is URL of OS vendor -manufacturer_url=https://vyos.io/ - -# Model name, default is "`uname -s` router" -model_name=VyOS Router Model - -# Model description, default is "`uname -s` router" -model_description=Vyos open source enterprise router/firewall operating system - -# Model URL, default is URL of OS vendor -model_url=https://vyos.io/ - -# Bitrates reported by daemon in bits per second -# by default miniupnpd tries to get WAN interface speed -#bitrate_up=1000000 -#bitrate_down=10000000 - -{% if secure_mode is vyos_defined %} -# Secure Mode, UPnP clients can only add mappings to their own IP -secure_mode=yes -{% else %} -# Secure Mode, UPnP clients can only add mappings to their own IP -secure_mode=no -{% endif %} - -{% if presentation_url is vyos_defined %} -# Default presentation URL is HTTP address on port 80 -# If set to an empty string, no presentationURL element will appear -# in the XML description of the device, which prevents MS Windows -# from displaying an icon in the "Network Connections" panel. -#presentation_url= {{ presentation_url }} -{% endif %} - -# Report system uptime instead of daemon uptime -system_uptime=yes - -# Notify interval in seconds. default is 30 seconds. -#notify_interval=240 -notify_interval=60 - -# Unused rules cleaning. -# never remove any rule before this threshold for the number -# of redirections is exceeded. default to 20 -clean_ruleset_threshold=10 -# Clean process work interval in seconds. default to 0 (disabled). -# a 600 seconds (10 minutes) interval makes sense -clean_ruleset_interval=600 - -############################################################################ -## The next 5 config parameters (packet_log, anchor, queue, tag, quickrules) -## are specific to BSD's pf(4) packet filter and hence cannot be enabled in -## VyOS. -# Log packets in pf (default is no) -#packet_log=no - -# Anchor name in pf (default is miniupnpd) -#anchor=miniupnpd - -# ALTQ queue in pf -# Filter rules must be used for this to be used. -# compile with PF_ENABLE_FILTER_RULES (see config.h file) -#queue=queue_name1 - -# Tag name in pf -#tag=tag_name1 - -# Make filter rules in pf quick or not. default is yes -# active when compiled with PF_ENABLE_FILTER_RULES (see config.h file) -#quickrules=no -## -## End of pf(4)-specific configuration not to be set in VyOS. -############################################################################ - -# UUID, generate your own UUID with "make genuuid" -uuid={{ uuid }} - -# Daemon's serial and model number when reporting to clients -# (in XML description) -#serial=12345678 -#model_number=1 - -# If compiled with IGD_V2 defined, force reporting IGDv1 in rootDesc (default -# is no) -#force_igd_desc_v1=no - -{% if rule is vyos_defined %} -# UPnP permission rules (also enforced for NAT-PMP and PCP) -# (allow|deny) (external port range) IP/mask (internal port range) (optional regex filter) -# A port range is <min port>-<max port> or <port> if there is only -# one port in the range. -# IP/mask format must be nnn.nnn.nnn.nnn/nn -# It is advised to only allow redirection of port >= 1024 -# and end the rule set with "deny 0-65535 0.0.0.0/0 0-65535" -# The following default ruleset allows specific LAN side IP addresses -# to request only ephemeral ports. It is recommended that users -# modify the IP ranges to match their own internal networks, and -# also consider implementing network-specific restrictions -# CAUTION: failure to enforce any rules may permit insecure requests to be made! -{% for rule, config in rule.items() %} -{% if config.disable is not vyos_defined %} -{{ config.action }} {{ config.external_port_range }} {{ config.ip }}{{ '/32' if '/' not in config.ip else '' }} {{ config.internal_port_range }} -{% endif %} -{% endfor %} -{% endif %} diff --git a/data/templates/frr/zebra.vrf.route-map.frr.j2 b/data/templates/frr/zebra.vrf.route-map.frr.j2 index f1cc6fe66..8ebb82511 100644 --- a/data/templates/frr/zebra.vrf.route-map.frr.j2 +++ b/data/templates/frr/zebra.vrf.route-map.frr.j2 @@ -1,10 +1,6 @@ ! {% if name is vyos_defined %} {% for vrf, vrf_config in name.items() %} -{# code path required for vrf_vni.py as we will only render the required VR configuration and not all of them #} -{% if only_vrf is vyos_defined and vrf is not vyos_defined(only_vrf) %} -{% continue %} -{% endif %} vrf {{ vrf }} {% if vrf_config.ip.nht.no_resolve_via_default is vyos_defined %} no ip nht resolve-via-default @@ -25,7 +21,7 @@ vrf {{ vrf }} ipv6 protocol {{ protocol_name }} route-map {{ protocol_config.route_map }} {% endfor %} {% endif %} -{% if vrf_config.vni is vyos_defined and no_vni is not vyos_defined %} +{% if vrf_config.vni is vyos_defined %} vni {{ vrf_config.vni }} {% endif %} exit-vrf diff --git a/data/templates/grub/grub_compat.j2 b/data/templates/grub/grub_compat.j2 index d1085eec8..8fb4f71dc 100644 --- a/data/templates/grub/grub_compat.j2 +++ b/data/templates/grub/grub_compat.j2 @@ -14,8 +14,6 @@ KVM {%- elif type == 'ttyS' -%} Serial -{%- elif type == 'ttyUSB' -%} - USB {%- else -%} Unknown {%- endif %} @@ -25,8 +23,6 @@ console=ttyS0,{{ console_speed }} console=tty0 {%- elif type == 'ttyS' -%} console=tty0 console=ttyS0,{{ console_speed }} -{%- elif type == 'ttyUSB' -%} - console=tty0 console=ttyUSB0,115200 {%- else -%} console=tty0 console=ttyS0,{{ console_speed }} {%- endif %} diff --git a/data/templates/grub/grub_options.j2 b/data/templates/grub/grub_options.j2 index c8a1472e1..a00bf4e37 100644 --- a/data/templates/grub/grub_options.j2 +++ b/data/templates/grub/grub_options.j2 @@ -33,12 +33,6 @@ submenu "Boot options" { setup_serial configfile ${prefix}/grub.cfg.d/*vyos-menu*.cfg } - menuentry "ttyUSB (USB serial)" { - set console_type="ttyUSB" - export console_type - setup_serial - configfile ${prefix}/grub.cfg.d/*vyos-menu*.cfg - } } menuentry "Enter console number" { read console_num diff --git a/data/templates/load-balancing/haproxy.cfg.j2 b/data/templates/load-balancing/haproxy.cfg.j2 index 7917c8257..797bf17e7 100644 --- a/data/templates/load-balancing/haproxy.cfg.j2 +++ b/data/templates/load-balancing/haproxy.cfg.j2 @@ -81,6 +81,11 @@ frontend {{ front }} {% endif %} {% endfor %} {% endif %} +{% if front_config.http_response_headers is vyos_defined %} +{% for header, header_config in front_config.http_response_headers.items() %} + http-response set-header {{ header }} '{{ header_config['value'] }}' +{% endfor %} +{% endif %} {% endif %} {% if front_config.rule is vyos_defined %} {% for rule, rule_config in front_config.rule.items() %} @@ -158,6 +163,11 @@ backend {{ back }} {% endif %} {% if back_config.mode is vyos_defined %} mode {{ back_config.mode }} +{% if back_config.http_response_headers is vyos_defined %} +{% for header, header_config in back_config.http_response_headers.items() %} + http-response set-header {{ header }} '{{ header_config['value'] }}' +{% endfor %} +{% endif %} {% endif %} {% if back_config.rule is vyos_defined %} {% for rule, rule_config in back_config.rule.items() %} diff --git a/data/templates/wifi/hostapd.conf.j2 b/data/templates/wifi/hostapd.conf.j2 index 83009242b..769325b49 100644 --- a/data/templates/wifi/hostapd.conf.j2 +++ b/data/templates/wifi/hostapd.conf.j2 @@ -28,6 +28,12 @@ interface={{ ifname }} {% for bridge in is_bridge_member %} bridge={{ bridge }} {% endfor %} + +# WDS (4-address frame) mode with per-station virtual interfaces +# (only supported with driver=nl80211) +# This mode allows associated stations to use 4-address frames to allow layer 2 +# bridging to be used. +wds_sta=1 {% endif %} # Driver interface type (hostap/wired/none/nl80211/bsd); @@ -739,4 +745,3 @@ wmm_ac_vo_cwmin=2 wmm_ac_vo_cwmax=3 wmm_ac_vo_txop_limit=47 wmm_ac_vo_acm=0 - |