5 files changed, 14 insertions, 45 deletions

diff --git a/src/conf_mode/qos.py b/src/conf_mode/qos.py
index 40d7a6c16..4a0b4d0c5 100755
--- a/src/conf_mode/qos.py
+++ b/src/conf_mode/qos.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2023 VyOS maintainers and contributors
+# Copyright (C) 2023-2024 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -36,7 +36,7 @@ from vyos.qos import RateLimiter
 from vyos.qos import RoundRobin
 from vyos.qos import TrafficShaper
 from vyos.qos import TrafficShaperHFSC
-from vyos.utils.process import call
+from vyos.utils.process import run
 from vyos.utils.dict import dict_search_recursive
 from vyos import ConfigError
 from vyos import airbag
@@ -205,8 +205,8 @@ def apply(qos):
     # Always delete "old" shapers first
     for interface in interfaces():
         # Ignore errors (may have no qdisc)
-        call(f'tc qdisc del dev {interface} parent ffff:')
-        call(f'tc qdisc del dev {interface} root')
+        run(f'tc qdisc del dev {interface} parent ffff:')
+        run(f'tc qdisc del dev {interface} root')
 
     call_dependents()
 
diff --git a/src/conf_mode/service_ipoe-server.py b/src/conf_mode/service_ipoe-server.py
index 6df6f3dc7..5f72b983c 100755
--- a/src/conf_mode/service_ipoe-server.py
+++ b/src/conf_mode/service_ipoe-server.py
@@ -26,6 +26,7 @@ from vyos.utils.process import call
 from vyos.utils.dict import dict_search
 from vyos.accel_ppp_util import get_pools_in_order
 from vyos.accel_ppp_util import verify_accel_ppp_ip_pool
+from vyos.accel_ppp_util import verify_accel_ppp_base_service
 from vyos import ConfigError
 from vyos import airbag
 airbag.enable()
@@ -68,18 +69,9 @@ def verify(ipoe):
             raise ConfigError('Option "client-subnet" incompatible with "vlan"!'
                               'Use "ipoe client-ip-pool" instead.')
 
+    verify_accel_ppp_base_service(ipoe, local_users=False)
     verify_accel_ppp_ip_pool(ipoe)
 
-    if dict_search('authentication.mode', ipoe) == 'radius':
-        if not dict_search('authentication.radius.server', ipoe):
-            raise ConfigError('RADIUS authentication requires at least one server')
-
-        for server in dict_search('authentication.radius.server', ipoe):
-            radius_config = ipoe['authentication']['radius']['server'][server]
-            if 'key' not in radius_config:
-                raise ConfigError(f'Missing RADIUS secret key for server "{server}"')
-
-
     return None
 
 
diff --git a/src/conf_mode/service_pppoe-server.py b/src/conf_mode/service_pppoe-server.py
index 31299a15c..c2dfbdb44 100755
--- a/src/conf_mode/service_pppoe-server.py
+++ b/src/conf_mode/service_pppoe-server.py
@@ -68,6 +68,7 @@ def verify(pppoe):
         return None
 
     verify_accel_ppp_base_service(pppoe)
+    verify_accel_ppp_ip_pool(pppoe)
 
     if 'wins_server' in pppoe and len(pppoe['wins_server']) > 2:
         raise ConfigError('Not more then two WINS name-servers can be configured')
@@ -79,13 +80,6 @@ def verify(pppoe):
     for interface in pppoe['interface']:
         verify_interface_exists(interface)
 
-    verify_accel_ppp_ip_pool(pppoe)
-
-    if dict_search('authentication.radius.dynamic_author.server', pppoe):
-        if not dict_search('authentication.radius.dynamic_author.key', pppoe):
-            raise ConfigError('DA/CoE server key required!')
-
-
     return None
 
 
diff --git a/src/conf_mode/vpn_l2tp.py b/src/conf_mode/vpn_l2tp.py
index 36b3d2a30..266381754 100755
--- a/src/conf_mode/vpn_l2tp.py
+++ b/src/conf_mode/vpn_l2tp.py
@@ -19,6 +19,7 @@ import os
 from sys import exit
 
 from vyos.config import Config
+from vyos.configdep import call_dependents, set_dependents
 from vyos.configdict import get_accel_dict
 from vyos.template import render
 from vyos.utils.process import call
@@ -26,7 +27,6 @@ from vyos.utils.dict import dict_search
 from vyos.accel_ppp_util import verify_accel_ppp_base_service
 from vyos.accel_ppp_util import verify_accel_ppp_ip_pool
 from vyos.accel_ppp_util import get_pools_in_order
-from vyos.base import Warning
 from vyos import ConfigError
 
 from vyos import airbag
@@ -42,6 +42,9 @@ def get_config(config=None):
     else:
         conf = Config()
     base = ['vpn', 'l2tp', 'remote-access']
+
+    set_dependents('ipsec', conf)
+
     if not conf.exists(base):
         return None
 
@@ -60,14 +63,8 @@ def verify(l2tp):
         return None
 
     verify_accel_ppp_base_service(l2tp)
-
-    if dict_search('authentication.radius.dynamic_author.server', l2tp):
-        if not dict_search('authentication.radius.dynamic_author.key', l2tp):
-            raise ConfigError('DA/CoE server key required!')
-
     verify_accel_ppp_ip_pool(l2tp)
 
-
     if 'wins_server' in l2tp and len(l2tp['wins_server']) > 2:
         raise ConfigError(
             'Not more then two WINS name-servers can be configured')
@@ -94,10 +91,10 @@ def apply(l2tp):
         for file in [l2tp_chap_secrets, l2tp_conf]:
             if os.path.exists(file):
                 os.unlink(file)
+    else:
+        call('systemctl restart accel-ppp@l2tp.service')
 
-        return None
-
-    call('systemctl restart accel-ppp@l2tp.service')
+    call_dependents()
 
 
 if __name__ == '__main__':
diff --git a/src/conf_mode/vrf.py b/src/conf_mode/vrf.py
index f2c544aa6..a2f4956be 100755
--- a/src/conf_mode/vrf.py
+++ b/src/conf_mode/vrf.py
@@ -27,7 +27,6 @@ from vyos.ifconfig import Interface
 from vyos.template import render
 from vyos.template import render_to_string
 from vyos.utils.dict import dict_search
-from vyos.utils.kernel import check_kmod
 from vyos.utils.network import get_interface_config
 from vyos.utils.network import get_vrf_members
 from vyos.utils.network import interface_exists
@@ -223,18 +222,6 @@ def apply(vrf):
             # Delete the VRF Kernel interface
             call(f'ip link delete dev {tmp}')
 
-    # Enable/Disable VRF strict mode
-    # When net.vrf.strict_mode=0 (default) it is possible to associate multiple
-    # VRF devices to the same table. Conversely, when net.vrf.strict_mode=1 a
-    # table can be associated to a single VRF device.
-    #
-    # A VRF table can be used by the VyOS CLI only once (ensured by verify()),
-    # this simply adds an additional Kernel safety net
-    strict_mode = '0'
-    # Set to 1 if any VRF is defined
-    if 'name' in vrf: strict_mode = '1'
-    sysctl_write('net.vrf.strict_mode', strict_mode)
-
     if 'name' in vrf:
         # Linux routing uses rules to find tables - routing targets are then
         # looked up in those tables. If the lookup got a matching route, the
@@ -323,7 +310,6 @@ def apply(vrf):
 
 if __name__ == '__main__':
     try:
-        check_kmod(k_mod)
         c = get_config()
         verify(c)
         generate(c)