diff options
Diffstat (limited to 'src/conf_mode')
| -rwxr-xr-x | src/conf_mode/dynamic_dns.py | 13 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces-wireguard.py | 5 | ||||
| -rwxr-xr-x | src/conf_mode/ipsec-settings.py | 21 | ||||
| -rwxr-xr-x | src/conf_mode/system-syslog.py (renamed from src/conf_mode/syslog.py) | 18 |
4 files changed, 47 insertions, 10 deletions
diff --git a/src/conf_mode/dynamic_dns.py b/src/conf_mode/dynamic_dns.py index 7c3b9ff6a..9ba8659a1 100755 --- a/src/conf_mode/dynamic_dns.py +++ b/src/conf_mode/dynamic_dns.py @@ -95,6 +95,7 @@ default_service_protocol = { default_config_data = { 'interfaces': [], 'cache_file': cache_file, + 'deleted': False, 'pid_file': pid_file } @@ -102,7 +103,8 @@ def get_config(): dyndns = default_config_data conf = Config() if not conf.exists('service dns dynamic'): - return None + dyndns['deleted'] = True + return dyndns else: conf.set_level('service dns dynamic') @@ -194,7 +196,7 @@ def get_config(): def verify(dyndns): # bail out early - looks like removal from running config - if dyndns is None: + if dyndns['deleted']: return None # A 'node' corresponds to an interface @@ -239,7 +241,10 @@ def verify(dyndns): def generate(dyndns): # bail out early - looks like removal from running config - if dyndns is None: + if dyndns['deleted']: + if os.path.exists(config_file): + os.unlink(config_file) + return None dirname = os.path.dirname(dyndns['pid_file']) @@ -264,7 +269,7 @@ def apply(dyndns): if os.path.exists('/etc/ddclient.conf'): os.unlink('/etc/ddclient.conf') - if dyndns is None: + if dyndns['deleted']: os.system('/etc/init.d/ddclient stop') if os.path.exists(dyndns['pid_file']): os.unlink(dyndns['pid_file']) diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py index 013a07f32..cac911c8c 100755 --- a/src/conf_mode/interfaces-wireguard.py +++ b/src/conf_mode/interfaces-wireguard.py @@ -169,6 +169,10 @@ def get_config(): if key_eff != key_cfg and key_eff != None: wg['peer_remove'].append(key_cfg) + # if a peer is disabled, we have to exec a remove for it's pubkey + else: + peer_key = c.return_value('peer {peer} pubkey'.format(peer=p)) + wg['peer_remove'].append(peer_key) return wg @@ -191,6 +195,7 @@ def verify(c): if not c['peer'][p]['pubkey']: raise ConfigError("peer pubkey required for peer " + p) + def apply(c): # no wg configs left, remove all interface from system # maybe move it into ifconfig.py diff --git a/src/conf_mode/ipsec-settings.py b/src/conf_mode/ipsec-settings.py index 156bb2edd..331a62316 100755 --- a/src/conf_mode/ipsec-settings.py +++ b/src/conf_mode/ipsec-settings.py @@ -21,6 +21,7 @@ import re import os import jinja2 import syslog as sl +import time import vyos.config import vyos.defaults @@ -38,6 +39,7 @@ server_cert_path = '/etc/ipsec.d/certs' server_key_path = '/etc/ipsec.d/private' delim_ipsec_l2tp_begin = "### VyOS L2TP VPN Begin ###" delim_ipsec_l2tp_end = "### VyOS L2TP VPN End ###" +charon_pidfile = '/var/run/charon.pid' l2pt_ipsec_conf = ''' {{delim_ipsec_l2tp_begin}} @@ -243,11 +245,22 @@ def generate(data): remove_confs(delim_ipsec_l2tp_begin, delim_ipsec_l2tp_end, ipsec_secrets_flie) remove_confs(delim_ipsec_l2tp_begin, delim_ipsec_l2tp_end, ipsec_conf_flie) -def apply(data): - # Do nothing - # StrongSWAN should only be restarted when actual tunnels are configured - # Restart ipsec for l2tp +def restart_ipsec(): os.system("ipsec restart >&/dev/null") + # counter for apply swanctl config + counter = 10 + while counter <= 10: + if os.path.exists(charon_pidfile): + os.system("swanctl -q >&/dev/null") + break + counter -=1 + time.sleep(1) + if counter == 0: + raise ConfigError('VPN configuration error: IPSec is not running.') + +def apply(data): + # Restart IPSec daemon + restart_ipsec() if __name__ == '__main__': try: diff --git a/src/conf_mode/syslog.py b/src/conf_mode/system-syslog.py index c4f3d2c9c..4f0a54962 100755 --- a/src/conf_mode/syslog.py +++ b/src/conf_mode/system-syslog.py @@ -53,10 +53,18 @@ $outchannel {{file}},{{files[file]['log-file']}},{{files[file]['max-size']}},{{f ## remote logging {% for host in hosts %} {% if hosts[host]['proto'] == 'tcp' %} +{% if hosts[host]['port'] %} +{{hosts[host]['selectors']}} @@{{host}}:{{hosts[host]['port']}} +{% else %} {{hosts[host]['selectors']}} @@{{host}} +{% endif %} +{% else %} +{% if hosts[host]['port'] %} +{{hosts[host]['selectors']}} @{{host}}:{{hosts[host]['port']}} {% else %} {{hosts[host]['selectors']}} @{{host}} {% endif %} +{% endif %} {% endfor %} {% endif %} {% if user %} @@ -177,13 +185,14 @@ def get_config(): # set system syslog host if c.exists('host'): - proto = 'udp' rhosts = c.list_nodes('host') for rhost in rhosts: for fac in c.list_nodes('host ' + rhost + ' facility'): if c.exists('host ' + rhost + ' facility ' + fac + ' protocol'): proto = c.return_value( 'host ' + rhost + ' facility ' + fac + ' protocol') + else: + proto = 'udp' config_data['hosts'].update( { @@ -193,6 +202,9 @@ def get_config(): } } ) + if c.exists('host ' + rhost + ' port'): + config_data['hosts'][rhost][ + 'port'] = c.return_value(['host', rhost, 'port']) # set system syslog user if c.exists('user'): @@ -261,7 +273,8 @@ def generate(c): def verify(c): if c == None: return None - # + + # may be obsolete # /etc/rsyslog.conf is generated somewhere and copied over the original (exists in /opt/vyatta/etc/rsyslog.conf) # it interferes with the global logging, to make sure we are using a single base, template is enforced here # @@ -273,6 +286,7 @@ def verify(c): # /var/log/vyos-rsyslog were the old files, we may want to clean those up, but currently there # is a chance that someone still needs it, so I don't automatically remove # them + # if c == None: return None |