summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/service_ipoe-server.py8
-rwxr-xr-xsrc/conf_mode/service_pppoe-server.py10
-rwxr-xr-xsrc/conf_mode/vpn_l2tp.py12
-rwxr-xr-xsrc/conf_mode/vpn_pptp.py12
-rwxr-xr-xsrc/conf_mode/vpn_sstp.py88
-rwxr-xr-xsrc/migration-scripts/l2tp/8-to-949
6 files changed, 122 insertions, 57 deletions
diff --git a/src/conf_mode/service_ipoe-server.py b/src/conf_mode/service_ipoe-server.py
index 5f72b983c..852b714eb 100755
--- a/src/conf_mode/service_ipoe-server.py
+++ b/src/conf_mode/service_ipoe-server.py
@@ -25,8 +25,10 @@ from vyos.template import render
from vyos.utils.process import call
from vyos.utils.dict import dict_search
from vyos.accel_ppp_util import get_pools_in_order
+from vyos.accel_ppp_util import verify_accel_ppp_name_servers
+from vyos.accel_ppp_util import verify_accel_ppp_wins_servers
from vyos.accel_ppp_util import verify_accel_ppp_ip_pool
-from vyos.accel_ppp_util import verify_accel_ppp_base_service
+from vyos.accel_ppp_util import verify_accel_ppp_authentication
from vyos import ConfigError
from vyos import airbag
airbag.enable()
@@ -69,8 +71,10 @@ def verify(ipoe):
raise ConfigError('Option "client-subnet" incompatible with "vlan"!'
'Use "ipoe client-ip-pool" instead.')
- verify_accel_ppp_base_service(ipoe, local_users=False)
+ verify_accel_ppp_authentication(ipoe, local_users=False)
verify_accel_ppp_ip_pool(ipoe)
+ verify_accel_ppp_name_servers(ipoe)
+ verify_accel_ppp_wins_servers(ipoe)
return None
diff --git a/src/conf_mode/service_pppoe-server.py b/src/conf_mode/service_pppoe-server.py
index c2dfbdb44..c9d1e805f 100755
--- a/src/conf_mode/service_pppoe-server.py
+++ b/src/conf_mode/service_pppoe-server.py
@@ -25,7 +25,9 @@ from vyos.configverify import verify_interface_exists
from vyos.template import render
from vyos.utils.process import call
from vyos.utils.dict import dict_search
-from vyos.accel_ppp_util import verify_accel_ppp_base_service
+from vyos.accel_ppp_util import verify_accel_ppp_name_servers
+from vyos.accel_ppp_util import verify_accel_ppp_wins_servers
+from vyos.accel_ppp_util import verify_accel_ppp_authentication
from vyos.accel_ppp_util import verify_accel_ppp_ip_pool
from vyos.accel_ppp_util import get_pools_in_order
from vyos import ConfigError
@@ -67,11 +69,11 @@ def verify(pppoe):
if not pppoe:
return None
- verify_accel_ppp_base_service(pppoe)
+ verify_accel_ppp_authentication(pppoe)
verify_accel_ppp_ip_pool(pppoe)
+ verify_accel_ppp_name_servers(pppoe)
+ verify_accel_ppp_wins_servers(pppoe)
- if 'wins_server' in pppoe and len(pppoe['wins_server']) > 2:
- raise ConfigError('Not more then two WINS name-servers can be configured')
if 'interface' not in pppoe:
raise ConfigError('At least one listen interface must be defined!')
diff --git a/src/conf_mode/vpn_l2tp.py b/src/conf_mode/vpn_l2tp.py
index 266381754..04ccbcec3 100755
--- a/src/conf_mode/vpn_l2tp.py
+++ b/src/conf_mode/vpn_l2tp.py
@@ -24,7 +24,9 @@ from vyos.configdict import get_accel_dict
from vyos.template import render
from vyos.utils.process import call
from vyos.utils.dict import dict_search
-from vyos.accel_ppp_util import verify_accel_ppp_base_service
+from vyos.accel_ppp_util import verify_accel_ppp_name_servers
+from vyos.accel_ppp_util import verify_accel_ppp_wins_servers
+from vyos.accel_ppp_util import verify_accel_ppp_authentication
from vyos.accel_ppp_util import verify_accel_ppp_ip_pool
from vyos.accel_ppp_util import get_pools_in_order
from vyos import ConfigError
@@ -62,12 +64,10 @@ def verify(l2tp):
if not l2tp:
return None
- verify_accel_ppp_base_service(l2tp)
+ verify_accel_ppp_authentication(l2tp)
verify_accel_ppp_ip_pool(l2tp)
-
- if 'wins_server' in l2tp and len(l2tp['wins_server']) > 2:
- raise ConfigError(
- 'Not more then two WINS name-servers can be configured')
+ verify_accel_ppp_name_servers(l2tp)
+ verify_accel_ppp_wins_servers(l2tp)
return None
diff --git a/src/conf_mode/vpn_pptp.py b/src/conf_mode/vpn_pptp.py
index b1d5067d5..c0d8330bd 100755
--- a/src/conf_mode/vpn_pptp.py
+++ b/src/conf_mode/vpn_pptp.py
@@ -22,7 +22,9 @@ from vyos.config import Config
from vyos.template import render
from vyos.utils.process import call
from vyos.utils.dict import dict_search
-from vyos.accel_ppp_util import verify_accel_ppp_base_service
+from vyos.accel_ppp_util import verify_accel_ppp_name_servers
+from vyos.accel_ppp_util import verify_accel_ppp_wins_servers
+from vyos.accel_ppp_util import verify_accel_ppp_authentication
from vyos.accel_ppp_util import verify_accel_ppp_ip_pool
from vyos.accel_ppp_util import get_pools_in_order
from vyos import ConfigError
@@ -60,12 +62,10 @@ def verify(pptp):
if not pptp:
return None
- verify_accel_ppp_base_service(pptp)
+ verify_accel_ppp_authentication(pptp)
verify_accel_ppp_ip_pool(pptp)
-
- if 'wins_server' in pptp and len(pptp['wins_server']) > 2:
- raise ConfigError(
- 'Not more then two WINS name-servers can be configured')
+ verify_accel_ppp_name_servers(pptp)
+ verify_accel_ppp_wins_servers(pptp)
def generate(pptp):
diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py
index 5c229fe62..8661a8aff 100755
--- a/src/conf_mode/vpn_sstp.py
+++ b/src/conf_mode/vpn_sstp.py
@@ -26,7 +26,9 @@ from vyos.template import render
from vyos.utils.process import call
from vyos.utils.network import check_port_availability
from vyos.utils.dict import dict_search
-from vyos.accel_ppp_util import verify_accel_ppp_base_service
+from vyos.accel_ppp_util import verify_accel_ppp_name_servers
+from vyos.accel_ppp_util import verify_accel_ppp_wins_servers
+from vyos.accel_ppp_util import verify_accel_ppp_authentication
from vyos.accel_ppp_util import verify_accel_ppp_ip_pool
from vyos.accel_ppp_util import get_pools_in_order
from vyos.utils.network import is_listen_port_bind_service
@@ -43,48 +45,18 @@ cert_file_path = os.path.join(cfg_dir, 'sstp-cert.pem')
cert_key_path = os.path.join(cfg_dir, 'sstp-cert.key')
ca_cert_file_path = os.path.join(cfg_dir, 'sstp-ca.pem')
-def get_config(config=None):
- if config:
- conf = config
- else:
- conf = Config()
- base = ['vpn', 'sstp']
- if not conf.exists(base):
- return None
-
- # retrieve common dictionary keys
- sstp = get_accel_dict(conf, base, sstp_chap_secrets, with_pki=True)
- if dict_search('client_ip_pool', sstp):
- # Multiple named pools require ordered values T5099
- sstp['ordered_named_pools'] = get_pools_in_order(dict_search('client_ip_pool', sstp))
-
- sstp['server_type'] = 'sstp'
- return sstp
-
-
-def verify(sstp):
- if not sstp:
- return None
-
- port = sstp.get('port')
- proto = 'tcp'
- if check_port_availability('0.0.0.0', int(port), proto) is not True and \
- not is_listen_port_bind_service(int(port), 'accel-pppd'):
- raise ConfigError(f'"{proto}" port "{port}" is used by another service')
-
- verify_accel_ppp_base_service(sstp)
- verify_accel_ppp_ip_pool(sstp)
+def verify_certificate(config):
#
# SSL certificate checks
#
- if not sstp['pki']:
+ if not config['pki']:
raise ConfigError('PKI is not configured')
- if 'ssl' not in sstp:
+ if 'ssl' not in config:
raise ConfigError('SSL missing on SSTP config')
- ssl = sstp['ssl']
+ ssl = config['ssl']
# CA
if 'ca_certificate' not in ssl:
@@ -92,10 +64,10 @@ def verify(sstp):
ca_name = ssl['ca_certificate']
- if ca_name not in sstp['pki']['ca']:
+ if ca_name not in config['pki']['ca']:
raise ConfigError('Invalid CA certificate on SSTP config')
- if 'certificate' not in sstp['pki']['ca'][ca_name]:
+ if 'certificate' not in config['pki']['ca'][ca_name]:
raise ConfigError('Missing certificate data for CA certificate on SSTP config')
# Certificate
@@ -104,10 +76,10 @@ def verify(sstp):
cert_name = ssl['certificate']
- if cert_name not in sstp['pki']['certificate']:
+ if cert_name not in config['pki']['certificate']:
raise ConfigError('Invalid certificate on SSTP config')
- pki_cert = sstp['pki']['certificate'][cert_name]
+ pki_cert = config['pki']['certificate'][cert_name]
if 'certificate' not in pki_cert:
raise ConfigError('Missing certificate data for certificate on SSTP config')
@@ -118,6 +90,43 @@ def verify(sstp):
if 'password_protected' in pki_cert['private']:
raise ConfigError('Encrypted private key is not supported on SSTP config')
+
+def get_config(config=None):
+ if config:
+ conf = config
+ else:
+ conf = Config()
+ base = ['vpn', 'sstp']
+ if not conf.exists(base):
+ return None
+
+ # retrieve common dictionary keys
+ sstp = get_accel_dict(conf, base, sstp_chap_secrets, with_pki=True)
+ if dict_search('client_ip_pool', sstp):
+ # Multiple named pools require ordered values T5099
+ sstp['ordered_named_pools'] = get_pools_in_order(dict_search('client_ip_pool', sstp))
+
+ sstp['server_type'] = 'sstp'
+ return sstp
+
+
+def verify(sstp):
+ if not sstp:
+ return None
+
+ port = sstp.get('port')
+ proto = 'tcp'
+ if check_port_availability('0.0.0.0', int(port), proto) is not True and \
+ not is_listen_port_bind_service(int(port), 'accel-pppd'):
+ raise ConfigError(f'"{proto}" port "{port}" is used by another service')
+
+ verify_accel_ppp_authentication(sstp)
+ verify_accel_ppp_ip_pool(sstp)
+ verify_accel_ppp_name_servers(sstp)
+ verify_accel_ppp_wins_servers(sstp)
+ verify_certificate(sstp)
+
+
def generate(sstp):
if not sstp:
return None
@@ -143,6 +152,7 @@ def generate(sstp):
return sstp
+
def apply(sstp):
if not sstp:
call('systemctl stop accel-ppp@sstp.service')
diff --git a/src/migration-scripts/l2tp/8-to-9 b/src/migration-scripts/l2tp/8-to-9
new file mode 100755
index 000000000..e85a3892b
--- /dev/null
+++ b/src/migration-scripts/l2tp/8-to-9
@@ -0,0 +1,49 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2024 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# Deleted 'dhcp-interface' from l2tp
+
+import os
+
+from sys import argv
+from sys import exit
+from vyos.configtree import ConfigTree
+
+
+if len(argv) < 2:
+ print("Must specify file name!")
+ exit(1)
+
+file_name = argv[1]
+
+with open(file_name, 'r') as f:
+ config_file = f.read()
+
+config = ConfigTree(config_file)
+base = ['vpn', 'l2tp', 'remote-access']
+if not config.exists(base):
+ exit(0)
+
+#deleting unused dhcp-interface
+if config.exists(base + ['dhcp-interface']):
+ config.delete(base + ['dhcp-interface'])
+
+try:
+ with open(file_name, 'w') as f:
+ f.write(config.to_string())
+except OSError as e:
+ print("Failed to save the modified config: {}".format(e))
+ exit(1)
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-31 22:15:35 +0000