6 files changed, 46 insertions, 20 deletions

diff --git a/src/conf_mode/container.py b/src/conf_mode/container.py
index 08861053d..90e5f84f2 100755
--- a/src/conf_mode/container.py
+++ b/src/conf_mode/container.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2021-2022 VyOS maintainers and contributors
+# Copyright (C) 2021-2023 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -84,16 +84,16 @@ def get_config(config=None):
             # tagNodes in place, it is better to blend in the defaults manually.
             if 'port' in container['name'][name]:
                 for port in container['name'][name]['port']:
-                    default_values = defaults(base + ['name', 'port'])
+                    default_values_port = defaults(base + ['name', 'port'])
                     container['name'][name]['port'][port] = dict_merge(
-                        default_values, container['name'][name]['port'][port])
+                        default_values_port, container['name'][name]['port'][port])
             # XXX: T2665: we can not safely rely on the defaults() when there are
             # tagNodes in place, it is better to blend in the defaults manually.
             if 'volume' in container['name'][name]:
                 for volume in container['name'][name]['volume']:
-                    default_values = defaults(base + ['name', 'volume'])
+                    default_values_volume = defaults(base + ['name', 'volume'])
                     container['name'][name]['volume'][volume] = dict_merge(
-                        default_values, container['name'][name]['volume'][volume])
+                        default_values_volume, container['name'][name]['volume'][volume])
 
     # Delete container network, delete containers
     tmp = node_changed(conf, base + ['network'])
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py
index 8263358ea..d207c63df 100755
--- a/src/conf_mode/vpn_ipsec.py
+++ b/src/conf_mode/vpn_ipsec.py
@@ -540,8 +540,7 @@ def generate(ipsec):
     cleanup_pki_files()
 
     if not ipsec:
-        for config_file in [ipsec_conf, ipsec_secrets, charon_dhcp_conf,
-                            charon_radius_conf, interface_conf, swanctl_conf]:
+        for config_file in [charon_dhcp_conf, charon_radius_conf, interface_conf, swanctl_conf]:
             if os.path.isfile(config_file):
                 os.unlink(config_file)
         render(charon_conf, 'ipsec/charon.j2', {'install_routes': default_install_routes})
diff --git a/src/conf_mode/vpn_openconnect.py b/src/conf_mode/vpn_openconnect.py
index 855eb99f9..bf5d3ac84 100755
--- a/src/conf_mode/vpn_openconnect.py
+++ b/src/conf_mode/vpn_openconnect.py
@@ -105,8 +105,11 @@ def T2665_default_dict_cleanup(origin: dict, default_values: dict) -> dict:
     return origin
 
 
-def get_config():
-    conf = Config()
+def get_config(config=None):
+    if config:
+        conf = config
+    else:
+        conf = Config()
     base = ['vpn', 'openconnect']
     if not conf.exists(base):
         return None
diff --git a/src/op_mode/accelppp.py b/src/op_mode/accelppp.py
index 2fd045dc3..87a25bb96 100755
--- a/src/op_mode/accelppp.py
+++ b/src/op_mode/accelppp.py
@@ -27,29 +27,51 @@ from vyos.util import rc_cmd
 accel_dict = {
     'ipoe': {
         'port': 2002,
-        'path': 'service ipoe-server'
+        'path': 'service ipoe-server',
+        'base_path': 'service ipoe-server'
     },
     'pppoe': {
         'port': 2001,
-        'path': 'service pppoe-server'
+        'path': 'service pppoe-server',
+        'base_path': 'service pppoe-server'
     },
     'pptp': {
         'port': 2003,
-        'path': 'vpn pptp'
+        'path': 'vpn pptp',
+        'base_path': 'vpn pptp'
     },
     'l2tp': {
         'port': 2004,
-        'path': 'vpn l2tp'
+        'path': 'vpn l2tp',
+        'base_path': 'vpn l2tp remote-access'
     },
     'sstp': {
         'port': 2005,
-        'path': 'vpn sstp'
+        'path': 'vpn sstp',
+        'base_path': 'vpn sstp'
     }
 }
 
 
-def _get_raw_statistics(accel_output, pattern):
-    return vyos.accel_ppp.get_server_statistics(accel_output, pattern, sep=':')
+def _get_config_settings(protocol):
+    '''Get config dict from VyOS configuration'''
+    conf = ConfigTreeQuery()
+    base_path = accel_dict[protocol]['base_path']
+    data = conf.get_config_dict(base_path,
+                                key_mangling=('-', '_'),
+                                get_first_key=True,
+                                no_tag_node_value_mangle=True)
+    if conf.exists(f'{base_path} authentication local-users'):
+        # Delete sensitive data
+        del data['authentication']['local_users']
+    return {'config_option': data}
+
+
+def _get_raw_statistics(accel_output, pattern, protocol):
+    return {
+        **vyos.accel_ppp.get_server_statistics(accel_output, pattern, sep=':'),
+        **_get_config_settings(protocol)
+    }
 
 
 def _get_raw_sessions(port):
@@ -103,7 +125,7 @@ def show_statistics(raw: bool, protocol: str):
     rc, output = rc_cmd(f'/usr/bin/accel-cmd -p {port} show stat')
 
     if raw:
-        return _get_raw_statistics(output, pattern)
+        return _get_raw_statistics(output, pattern, protocol)
 
     return output
 
diff --git a/src/op_mode/openvpn.py b/src/op_mode/openvpn.py
index 3797a7153..d957a1d01 100755
--- a/src/op_mode/openvpn.py
+++ b/src/op_mode/openvpn.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2022 VyOS maintainers and contributors
+# Copyright (C) 2022-2023 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -153,6 +153,8 @@ def _get_raw_data(mode: str) -> dict:
         d = data[intf]
         d['local_host'] = conf_dict[intf].get('local-host', '')
         d['local_port'] = conf_dict[intf].get('local-port', '')
+        if conf.exists(f'interfaces openvpn {intf} server client'):
+            d['configured_clients'] = conf.list_nodes(f'interfaces openvpn {intf} server client')
         if mode in ['client', 'site-to-site']:
             for client in d['clients']:
                 if 'shared-secret-key-file' in list(conf_dict[intf]):
diff --git a/src/validators/timezone b/src/validators/timezone
index baf5abca2..107571181 100755
--- a/src/validators/timezone
+++ b/src/validators/timezone
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2019 VyOS maintainers and contributors
+# Copyright (C) 2019-2023 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -25,7 +25,7 @@ if __name__ == '__main__':
     parser.add_argument("--validate", action="store", required=True, help="Check if timezone is valid")
     args = parser.parse_args()
 
-    tz_data = cmd('find /usr/share/zoneinfo/posix -type f -or -type l | sed -e s:/usr/share/zoneinfo/posix/::')
+    tz_data = cmd('timedatectl list-timezones')
     tz_data = tz_data.split('\n')
 
     if args.validate not in tz_data: