diff options
Diffstat (limited to 'src/conf_mode/vpn_sstp.py')
-rwxr-xr-x | src/conf_mode/vpn_sstp.py | 150 |
1 files changed, 11 insertions, 139 deletions
diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py index 070437443..2856ffafa 100755 --- a/src/conf_mode/vpn_sstp.py +++ b/src/conf_mode/vpn_sstp.py @@ -15,17 +15,18 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. import os -import jinja2 from time import sleep from sys import exit -from subprocess import Popen, PIPE, check_output +from subprocess import check_output from socket import socket, AF_INET, SOCK_STREAM from copy import deepcopy from stat import S_IRUSR, S_IWUSR, S_IRGRP +from jinja2 import FileSystemLoader, Environment from vyos.config import Config -from vyos.util import process_running +from vyos.defaults import directories as vyos_data_dir +from vyos.util import process_running, subprocess_cmd from vyos import ConfigError pidfile = r'/var/run/accel_sstp.pid' @@ -37,140 +38,6 @@ sstp_conf = sstp_cnf_dir + '/sstp.config' if not os.path.exists(sstp_cnf_dir): os.makedirs(sstp_cnf_dir) -sstp_config = """### generated by vpn_sstp.py ### -[modules] -log_syslog -sstp -shaper -{% if auth_mode == 'local' %} -chap-secrets -{% elif auth_mode == 'radius' %} -radius -{% endif -%} -ippool - -{% for proto in auth_proto %} -{{proto}} -{% endfor %} - -[core] -thread-count={{thread_cnt}} - -[common] -single-session=replace - -[log] -syslog=accel-sstp,daemon -copy=1 -level=5 - -[client-ip-range] -disable - -[sstp] -verbose=1 -accept=ssl -ssl-ca-file={{ ssl_ca }} -ssl-pemfile={{ ssl_cert }} -ssl-keyfile={{ ssl_key }} - -{% if client_ip_pool %} -[ip-pool] -gw-ip-address={{ client_gateway }} -{% for subnet in client_ip_pool %} -{{ subnet }} -{% endfor %} -{% endif %} - -{% if dnsv4 %} -[dns] -{% for dns in dnsv4 -%} -dns{{ loop.index }}={{ dns }} -{% endfor -%} -{% endif %} - -{% if auth_mode == 'local' %} -[chap-secrets] -chap-secrets=/etc/accel-ppp/sstp/chap-secrets -{% elif auth_mode == 'radius' %} -[radius] -verbose=1 -{% for r in radius_server %} -server={{ r.server }},{{ r.key }},auth-port={{ r.port }},req-limit=0,fail-time={{ r.fail_time }} -{% endfor -%} - -acct-timeout={{ radius_acct_tmo }} -timeout={{ radius_timeout }} -max-try={{ radius_max_try }} - -{% if radius_nas_id %} -nas-identifier={{ radius_nas_id }} -{% endif -%} -{% if radius_nas_ip %} -nas-ip-address={{ radius_nas_ip }} -{% endif -%} -{% if radius_source_address %} -bind={{ radius_source_address }} -{% endif -%} - - -{% if radius_dynamic_author %} -dae-server={{ radius_dynamic_author.server }}:{{ radius_dynamic_author.port }},{{ radius_dynamic_author.key }} -{% endif -%} -{% endif %} - -[ppp] -verbose=1 -check-ip=1 -{% if mtu %} -mtu={{ mtu }} -{% endif -%} - -{% if ppp_mppe %} -mppe={{ ppp_mppe }} -{% endif -%} -{% if ppp_echo_interval %} -lcp-echo-interval={{ ppp_echo_interval }} -{% endif -%} -{% if ppp_echo_failure %} -lcp-echo-failure={{ ppp_echo_failure }} -{% endif -%} -{% if ppp_echo_timeout %} -lcp-echo-timeout={{ ppp_echo_timeout }} -{% endif %} - -{% if radius_shaper_attr %} -[shaper] -verbose=1 -attr={{ radius_shaper_attr }} -{% if radius_shaper_vendor %} -vendor={{ radius_shaper_vendor }} -{% endif -%} -{% endif %} - -[cli] -tcp=127.0.0.1:2005 - -""" - -# sstp chap secrets -chap_secrets_conf = """ -# username server password acceptable local IP addresses shaper -{% for user in local_users %} -{% if user.state == 'enabled' %} -{% if user.upload and user.download %} -{{ "%-12s" | format(user.name) }} * {{ "%-16s" | format(user.password) }} {{ "%-16s" | format(user.ip) }} {{ user.download }} / {{ user.upload }} -{% else %} -{{ "%-12s" | format(user.name) }} * {{ "%-16s" | format(user.password) }} {{ "%-16s" | format(user.ip) }} -{% endif %} -{% endif %} -{% endfor %} -""" - -def subprocess_cmd(command): - p = Popen(command, stdout=PIPE, shell=True) - p.communicate() - def chk_con(): cnt = 0 s = socket(AF_INET, SOCK_STREAM) @@ -469,14 +336,19 @@ def generate(sstp): if sstp is None: return None + # Prepare Jinja2 template loader from files + tmpl_path = os.path.join(vyos_data_dir['data'], 'templates', 'sstp') + fs_loader = FileSystemLoader(tmpl_path) + env = Environment(loader=fs_loader) + # accel-cmd reload doesn't work so any change results in a restart of the daemon - tmpl = jinja2.Template(sstp_config, trim_blocks=True) + tmpl = env.get_template('sstp.config.tmpl') config_text = tmpl.render(sstp) with open(sstp_conf, 'w') as f: f.write(config_text) if sstp['local_users']: - tmpl = jinja2.Template(chap_secrets_conf, trim_blocks=True) + tmpl = env.get_template('chap-secrets.tmpl') config_text = tmpl.render(sstp) with open(chap_secrets, 'w') as f: f.write(config_text) |