diff options
Diffstat (limited to 'data')
| -rw-r--r-- | data/configd-include.json | 1 | ||||
| -rw-r--r-- | data/templates/accel-ppp/config_ip_pool.j2 | 10 | ||||
| -rw-r--r-- | data/templates/accel-ppp/pptp.config.j2 | 89 | ||||
| -rw-r--r-- | data/templates/dhcp-server/10-override.conf.j2 | 2 | ||||
| -rw-r--r-- | data/templates/firewall/nftables-policy.j2 | 6 | ||||
| -rw-r--r-- | data/templates/frr/daemons.frr.tmpl | 2 | ||||
| -rw-r--r-- | data/templates/lldp/lldpd.j2 | 2 | ||||
| -rw-r--r-- | data/templates/ndppd/ndppd.conf.j2 | 71 |
8 files changed, 74 insertions, 109 deletions
diff --git a/data/configd-include.json b/data/configd-include.json index 92d3863ce..6d7261b73 100644 --- a/data/configd-include.json +++ b/data/configd-include.json @@ -63,6 +63,7 @@ "service_ipoe-server.py", "service_mdns-repeater.py", "service_monitoring_telegraf.py", +"service_ndp-proxy.py", "service_pppoe-server.py", "service_router-advert.py", "service_upnp.py", diff --git a/data/templates/accel-ppp/config_ip_pool.j2 b/data/templates/accel-ppp/config_ip_pool.j2 index c567236a4..6ac04e1a1 100644 --- a/data/templates/accel-ppp/config_ip_pool.j2 +++ b/data/templates/accel-ppp/config_ip_pool.j2 @@ -12,10 +12,16 @@ gw-ip-address={{ gateway_address }} {% endif %} {% for pool in ordered_named_pools %} {% for pool_name, pool_config in pool.items() %} +{% set iprange_str = pool_config.range %} +{% set iprange_list = pool_config.range.split('-') %} +{% if iprange_list | length == 2 %} +{% set last_ip_oct = iprange_list[1].split('.') %} +{% set iprange_str = iprange_list[0] + '-' + last_ip_oct[last_ip_oct | length - 1] %} +{% endif %} {% if pool_config.next_pool is vyos_defined %} -{{ pool_config.range }},name={{ pool_name }},next={{ pool_config.next_pool }} +{{ iprange_str }},name={{ pool_name }},next={{ pool_config.next_pool }} {% else %} -{{ pool_config.range }},name={{ pool_name }} +{{ iprange_str }},name={{ pool_name }} {% endif %} {% endfor %} {% endfor %} diff --git a/data/templates/accel-ppp/pptp.config.j2 b/data/templates/accel-ppp/pptp.config.j2 index 4e891777f..daafd6e92 100644 --- a/data/templates/accel-ppp/pptp.config.j2 +++ b/data/templates/accel-ppp/pptp.config.j2 @@ -3,18 +3,22 @@ log_syslog pptp shaper -{% if auth_mode == 'local' %} -chap-secrets -{% elif auth_mode == 'radius' %} -radius -{% endif %} +{# Common authentication backend definitions #} +{% include 'accel-ppp/config_modules_auth_mode.j2' %} ippool -{% for proto in auth_proto %} -{{ proto }} -{% endfor %} +{# Common authentication protocols (pap, chap ...) #} +{% if authentication.require is vyos_defined %} +{% if authentication.require == 'chap' %} +auth_chap_md5 +{% elif authentication.require == 'mschap' %} +auth_mschap_v1 +{% else %} +auth_{{ authentication.require.replace('-', '_') }} +{% endif %} +{% endif %} [core] -thread-count={{ thread_cnt }} +thread-count={{ thread_count }} [common] {% if max_concurrent_sessions is vyos_defined %} @@ -26,16 +30,12 @@ syslog=accel-pptp,daemon copy=1 level=5 -{% if dnsv4 %} -[dns] -{% for dns in dnsv4 %} -dns{{ loop.index }}={{ dns }} -{% endfor %} -{% endif %} +{# Common DNS name-server definition #} +{% include 'accel-ppp/config_name_server.j2' %} -{% if wins %} +{% if wins_server is vyos_defined %} [wins] -{% for server in wins %} +{% for server in wins_server %} wins{{ loop.index }}={{ server }} {% endfor %} {% endif %} @@ -43,12 +43,12 @@ wins{{ loop.index }}={{ server }} [pptp] ifname=pptp%d -{% if outside_addr %} -bind={{ outside_addr }} +{% if outside_address is vyos_defined %} +bind={{ outside_address }} {% endif %} verbose=1 ppp-max-mtu={{ mtu }} -mppe={{ ppp_mppe }} +mppe={{ authentication.mppe }} echo-interval=10 echo-failure=3 {% if default_pool is vyos_defined %} @@ -66,52 +66,11 @@ verbose=5 check-ip=1 single-session=replace -{% if auth_mode == 'local' %} -[chap-secrets] -chap-secrets={{ chap_secrets_file }} -{% elif auth_mode == 'radius' %} -[radius] -verbose=1 -{% for r in radius_server %} -server={{ r.server }},{{ r.key }},auth-port={{ r.port }},acct-port={{ r.acct_port }},req-limit=0,fail-time={{ r.fail_time }} -{% endfor %} -{% if radius_acct_interim_interval is vyos_defined %} -acct-interim-interval={{ radius_acct_interim_interval }} -{% endif %} -{% if radius_acct_inter_jitter %} -acct-interim-jitter={{ radius_acct_inter_jitter }} -{% endif %} -acct-timeout={{ radius_acct_tmo }} -timeout={{ radius_timeout }} -max-try={{ radius_max_try }} -{% if radius_nas_id %} -nas-identifier={{ radius_nas_id }} -{% endif %} -{% if radius_nas_ip %} -nas-ip-address={{ radius_nas_ip }} -{% endif %} -{% if radius_source_address %} -bind={{ radius_source_address }} -{% endif %} -{% endif %} -{# Both chap-secrets and radius block required the gw-ip-address #} -{% if gateway_address is vyos_defined %} -gw-ip-address={{ gateway_address }} -{% endif %} +{# Common chap-secrets and RADIUS server/option definitions #} +{% include 'accel-ppp/config_chap_secrets_radius.j2' %} -{% if radius_shaper_enable %} -[shaper] -verbose=1 -{% if radius_shaper_attr %} -attr={{ radius_shaper_attr }} -{% endif %} -{% if radius_shaper_multiplier %} -rate-multiplier={{ radius_shaper_multiplier }} -{% endif %} -{% if radius_shaper_vendor %} -vendor={{ radius_shaper_vendor }} -{% endif %} -{% endif %} +{# Common RADIUS shaper configuration #} +{% include 'accel-ppp/config_shaper_radius.j2' %} [cli] tcp=127.0.0.1:2003 diff --git a/data/templates/dhcp-server/10-override.conf.j2 b/data/templates/dhcp-server/10-override.conf.j2 new file mode 100644 index 000000000..6cf9e0a11 --- /dev/null +++ b/data/templates/dhcp-server/10-override.conf.j2 @@ -0,0 +1,2 @@ +[Unit] +ConditionFileNotEmpty= diff --git a/data/templates/firewall/nftables-policy.j2 b/data/templates/firewall/nftables-policy.j2 index d77e3f6e9..9e28899b0 100644 --- a/data/templates/firewall/nftables-policy.j2 +++ b/data/templates/firewall/nftables-policy.j2 @@ -28,6 +28,9 @@ table ip vyos_mangle { {{ rule_conf | nft_rule('route', route_text, rule_id, 'ip') }} {% endfor %} {% endif %} +{% if conf.default_log is vyos_defined %} + counter log prefix "[ipv4-{{ (route_text)[:19] }}-default]" +{% endif %} } {% endfor %} {% endif %} @@ -57,6 +60,9 @@ table ip6 vyos_mangle { {{ rule_conf | nft_rule('route6', route_text, rule_id, 'ip6') }} {% endfor %} {% endif %} +{% if conf.default_log is vyos_defined %} + counter log prefix "[ipv6-{{ (route_text)[:19] }}-default]" +{% endif %} } {% endfor %} {% endif %} diff --git a/data/templates/frr/daemons.frr.tmpl b/data/templates/frr/daemons.frr.tmpl index c637e18bc..339b4e52f 100644 --- a/data/templates/frr/daemons.frr.tmpl +++ b/data/templates/frr/daemons.frr.tmpl @@ -101,7 +101,7 @@ pathd_options=" --daemon -A 127.0.0.1" # vtysh_enable=yes -watchfrr_enable=no +watchfrr_enable=yes valgrind_enable=no #watchfrr_options="" diff --git a/data/templates/lldp/lldpd.j2 b/data/templates/lldp/lldpd.j2 index 3c499197d..6ae063c4b 100644 --- a/data/templates/lldp/lldpd.j2 +++ b/data/templates/lldp/lldpd.j2 @@ -1,2 +1,2 @@ ### Autogenerated by lldp.py ### -DAEMON_ARGS="-M 4 {{ '-x' if snmp.enable is vyos_defined }} {{ '-c' if legacy_protocols.cdp is vyos_defined }} {{ '-e' if legacy_protocols.edp is vyos_defined }} {{ '-f' if legacy_protocols.fdp is vyos_defined }} {{ '-s' if legacy_protocols.sonmp is vyos_defined }}" +DAEMON_ARGS="-M 4 {{ '-x' if snmp is vyos_defined }} {{ '-c' if legacy_protocols.cdp is vyos_defined }} {{ '-e' if legacy_protocols.edp is vyos_defined }} {{ '-f' if legacy_protocols.fdp is vyos_defined }} {{ '-s' if legacy_protocols.sonmp is vyos_defined }}" diff --git a/data/templates/ndppd/ndppd.conf.j2 b/data/templates/ndppd/ndppd.conf.j2 index 1297f36be..6369dbdeb 100644 --- a/data/templates/ndppd/ndppd.conf.j2 +++ b/data/templates/ndppd/ndppd.conf.j2 @@ -1,44 +1,35 @@ -######################################################## -# -# autogenerated by nat66.py -# -# The configuration file must define one upstream -# interface. -# -# For some services, such as nat66, because it runs -# stateless, it needs to rely on NDP Proxy to respond -# to NDP requests. -# -# When using nat66 source rules, NDP Proxy needs -# to be enabled -# -######################################################## +# autogenerated by service_ndp-proxy.py -{% set global = namespace(ndppd_interfaces = [],ndppd_prefixs = []) %} -{% if source.rule is vyos_defined %} -{% for rule, config in source.rule.items() if config.disable is not defined %} -{% if config.outbound_interface.name is vyos_defined %} -{% if config.outbound_interface.name not in global.ndppd_interfaces %} -{% set global.ndppd_interfaces = global.ndppd_interfaces + [config.outbound_interface.name] %} -{% endif %} -{% if config.translation.address is vyos_defined and config.translation.address | is_ip_network %} -{% set global.ndppd_prefixs = global.ndppd_prefixs + [{'interface':config.outbound_interface.name,'rule':config.translation.address}] %} -{% endif %} -{% endif %} -{% endfor %} -{% endif %} +# This tells 'ndppd' how often to reload the route file /proc/net/ipv6_route +route-ttl {{ route_refresh }} + +{% if interface is vyos_defined %} +# This sets up a listener, that will listen for any Neighbor Solicitation +# messages, and respond to them according to a set of rules +{% for iface, iface_config in interface.items() if iface_config.disable is not vyos_defined %} +proxy {{ iface }} { + # Turn on or off the router flag for Neighbor Advertisements + router {{ 'yes' if iface_config.enable_router_bit is vyos_defined else 'no' }} + # Control how long to wait for a Neighbor Advertisment message before invalidating the entry (milliseconds) + timeout {{ iface_config.timeout }} + # Control how long a valid or invalid entry remains in the cache (milliseconds) + ttl {{ iface_config.ttl }} -{% for interface in global.ndppd_interfaces %} -proxy {{ interface }} { - router yes - timeout 500 - ttl 30000 -{% for map in global.ndppd_prefixs %} -{% if map.interface == interface %} - rule {{ map.rule }} { - static +{% if iface_config.prefix is vyos_defined %} + # This is a rule that the target address is to match against. If no netmask + # is provided, /128 is assumed. You may have several rule sections, and the + # addresses may or may not overlap. +{% for prefix, prefix_config in iface_config.prefix.items() if prefix_config.disable is not vyos_defined %} + rule {{ prefix }} { +{% if prefix_config.mode is vyos_defined('interface') %} + iface {{ prefix_config.interface }} +{% else %} + {{ prefix_config.mode }} +{% endif %} } -{% endif %} -{% endfor %} +{% endfor %} +{% endif %} } -{% endfor %} + +{% endfor %} +{% endif %} |