summaryrefslogtreecommitdiff
path: root/src/conf_mode/vpn_l2tp.py
AgeCommit message (Collapse)Author
2024-02-15T6029: Rewritten Accel-PPP services to an identical feature setaapostoliuk
Removed dhcp-interface option (l2tp) Added wins-server (sstp) Added description (ipoe, pppoe, sstp, pptp) Added exteded-script (l2tp, sstp, pptp) Added shaper (ipoe, pptp, sstp, l2tp) Added limits (ipoe, pptp, sstp, l2tp) Added snmp ( ipoe, pptp,sstp, l2tp) Refactoring and reformated code. (cherry picked from commit ac6a16f6c5ad7700789759e1ec093236c2e182a2)
2024-02-09T5960: Rewritten authentication node in PPTP to a single viewaapostoliuk
Rewritten authentication node in accel-ppp services to a single view. In particular - PPTP authentication. (cherry picked from commit 018110200c9a82815dd5d0510f0732d7159c0d59)
2024-02-07vpn: T3843: l2tp configuration not cleared after deletekhramshinr
vpn: T5926: IPSEC does not apply after l2tp configuration was changed added dependency between l2tp and ipsec conf added test for apply config to swanctl (cherry picked from commit e697ed1e7fd5c33f8082b2f4f96c42fc822ec9a5)
2024-02-02T5971: Rewritten ppp options in accel-ppp servicesaapostoliuk
Rewritten 'ppp-options' to the same view in all accel-ppp services. Adding IPv6 support to PPTP. (cherry picked from commit d9e57fe65dd538c6ea80637f4f6f23cf11dc583d)
2024-02-01T5865: Moved ipv6 pools to named ipv6 pools in accel-pppaapostoliuk
Moved ipv6 pools to named ipv6 pools in accel-ppp services (cherry picked from commit d187803c31175e471397dd4f77040ab56d2e1073)
2024-01-10T5688: Changed 'range' to multi in 'client-ip-pool' for accell-pppaapostoliuk
Changed node 'range' to multi in 'client-ip-pool' for accell-ppp services. Added completionHelp to default-pool and next-pool. Fixed verification in vpn l2tp config script. (cherry picked from commit 4ffec67d04670192d9b722353cbaef04cb0ba129)
2024-01-01T5801: Rewritten L2TP to get_config_dictaapostoliuk
Rewritten L2TP to get_config_dict Rewritten L2TP xml to accel-ppp patterns Migrated 'idle' to 'ppp-options.lcp-echo-timeout' Migrated 'authentication.mppe' to 'ppp-options.mppe' Migrated 'authentication.radius.dae-server' to 'authentication.radius.dynamic-author' Migrated 'authentication.require' to 'authentication.protocol' Added 'authentication.radius.acct-interim-jitter' Added 'authentication.radius.preallocate-vif' Added 'authentication.radius.server.<IP>.acct-port' Added 'ppp-options.ipv4' Added smoke-tests Fixed 'preallocate-vif' in SSTP (cherry picked from commit 09e0a2ca035ee39a68a510b28cc74560669d0420)
2023-12-28accel-ppp: T5688: Standardized pool configuration in accel-pppaapostoliuk
Standardized pool configuration for all accel-ppp services. 1. Only named pools are used now. 2. Allows all services to use range in x.x.x.x/mask and x.x.x.x-x.x.x.y format 3. next-pool can be used in all services 2. Allows to use in ipoe gw-ip-address without pool configuration which allows to use Fraimed-IP-Address attribute by radius. 3. Default pool name should be explicidly configured with default-pool. 4. In ipoe netmask and range subnet can be different. (cherry picked from commit 422eb463d413da812eabc28706e507a9910d7b53)
2023-07-15T5195: vyos.util -> vyos.utils package refactoring part #2Christian Breunig
2023-07-14T5195: vyos.util -> vyos.utils package refactoring (#2093)Christian Breunig
* T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process * T5195: use read_file and write_file implementation from vyos.utils.file Changed code automatically using: find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} + find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} + * T5195: move chmod* helpers to vyos.utils.permission * T5195: use colon_separated_to_dict from vyos.utils.dict * T5195: move is_systemd_service_* to vyos.utils.process * T5195: fix boot issues with missing imports * T5195: move dict_search_* helpers to vyos.utils.dict * T5195: move network helpers to vyos.utils.network * T5195: move commit_* helpers to vyos.utils.commit * T5195: move user I/O helpers to vyos.utils.io
2023-05-10T5213: Add accounting-interim-interval option for L2TP-serverViacheslav Hletenko
Add RADIUS accounting-interim-interval option for L2TP-server Specifies interval in seconds to send accounting information (may be overridden by radius Acct-Interim-Interval attribute) set vpn l2tp remote-access authentication radius accounting-interim-interval '120'
2022-12-30T4893: Add ppp-options ipv6-interface-id for L2TPViacheslav Hletenko
Add ppp-options IPv6 interface id for vpn L2TP - fixed or random interface identifier for IPv6 - peer interface identifier for IPv6 - whether to accept peer’s interface identifier set vpn l2tp remote-access ppp-options ipv6-accept-peer-intf-id set vpn l2tp remote-access ppp-options ipv6-intf-id 'random' set vpn l2tp remote-access ppp-options ipv6-peer-intf-id 'calling-sid'
2022-12-09T4868: Fix l2tp ppp IPv6 options in template and config get dictViacheslav Hletenko
L2TP 'ppp-options ipv6 x' can work without declaring IPv6 pool As we can get addresses via RADIUS attributes: - Framed-IPv6-Prefix - Delegated-IPv6-Prefix
2022-12-08T4117: Fix for L2TP DAE CoA server configurationViacheslav Hletenko
Fix l2tp dae server template and python config dict for correctlly handling Dynamic Authorization Extension server configuration
2022-05-01accel-ppp: T4353: fix Jinja2 linting errorsChristian Poessinger
2021-10-16l2tp: T3724: allow setting accel-ppp l2tp host-nameMarek Isalski
2021-07-13T3663: remove some unused sleep imports.Daniil Baturin
2020-11-27vyos.template: T2720: always enable Jinja2 trim_blocks featureChristian Poessinger
2020-11-13vyos.template: provide general is_ip(v4|v6) helpersChristian Poessinger
We had two places were the is_ip, is_ipv4 and is_ipv6 helpers had been defined. All places now have been converged into vyos.template as they are used both in the Jinja2 templates and also in our scripts.
2020-10-27Merge pull request #581 from sever-sever/T2631Christian Poessinger
accel: T2631: Add option for radius disable-accounting
2020-10-27accel: T2631: Add option for radius disable-accountingsever-sever
2020-10-24vpn: l2tp: T3009: fix non effective "authentication require" optionChristian Poessinger
The CLI node was read in incorrect (wrong path). In addtition the list was not reset to [] when authentication was specified on the CLI.
2020-09-26accel-ppp: T2918: Add accounting interim jitter optionsever-sever
2020-08-31configd: T2582: add scripts to include list for daemonJohn Estabrook
2020-08-02accel-ppp: T2756: make RADIUS accounting port configurableChristian Poessinger
Make the port used for RADIUS accounting user configurable. This is now valid for the following services which are based on Accel-PPP: * ipoe-server * pppoe-server * l2tp * pptp * sstp
2020-06-22vpn: l2tp: T2264: fix improper use of fail-time dictionary keyChristian Poessinger
2020-06-16l2tp: T2602: Delete excess charactersDmitriyEshenko
2020-05-29airbag: T2088: explicit enabling of the featureThomas Mangin
airbag must now be explicitly installed. the patch also allow to fully disables the installation of the logging code at setup (and not just installing and doing nothing)
2020-04-27template: T2388: move mkdir/chmod/chown within render()Thomas Mangin
2020-04-22accel-ppp: fix wrong reference in verify() on missing attributesChristian Poessinger
2020-04-21vyos.util: migrate all cpu_count() occurances to common get_half_cpus()Christian Poessinger
2020-04-21vpn: l2tp: T2314: pass proper content variable to render()Christian Poessinger
2020-04-18accel-ppp: T2314: use common tempplate for chap-secretsChristian Poessinger
2020-04-18pppoe-server: T2314: migrate IPv6 to common CLI nodes with embeeded validationChristian Poessinger
2020-04-18vpn: l2tp: sstp: ease unlinking of configuration filesChristian Poessinger
2020-04-12template: T2230: use render to generate templatesThomas Mangin
convert all call to jinja to use template.render
2020-04-12vpn: l2tp: T2185: move generated files to volatile /run/accel-ppp directoryChristian Poessinger
2020-04-11vpn: l2tp: sstp: T2264: create config dir on demandChristian Poessinger
2020-04-11vpn: l2tp: T2264: migrate IPv6 prefix node to common CLI styleChristian Poessinger
Combining multiple options into a single CLI node is considered bad practice. IPv6 prefixes consited of the prefix itself and a mask send to the client in one node only. The following CLI parts have been migrated from client-ipv6-pool { delegate-prefix fc00:0:1::/48,64 prefix 2001:db8::/64,64 } to client-ipv6-pool { delegate fc00:0:1::/48 { delegation-prefix 48 } prefix 2001:db8::/48 { mask 64 } } Thus regular validation steps from the VyOS CLI can be used when a prefix is configured.
2020-04-11vpn: l2tp: T2264: simplify IPv6 config dictionary elementsChristian Poessinger
2020-04-11vpn: l2tp: T2264: migrate from SysVinit -> systemdChristian Poessinger
2020-04-11vpn: l2tp: T2264: remove debug pprintChristian Poessinger
2020-04-11vpn: l2tp: T2264: proper set PPP default values to ease Jinja2 templateChristian Poessinger
2020-04-11vpn: l2tp: T2264: migrate to new dictionary keys for radius authChristian Poessinger
2020-04-11vpn: l2tp: T2264: use "with open()" when writing configChristian Poessinger
2020-04-11vpn: l2tp: T2264: migrate to new dictionary keys for local authChristian Poessinger
2020-04-11vpn: l2tp: T2264: cleanup thread_cnt generationChristian Poessinger
2020-04-11vpn: l2tp: T2264: combine WINS CLI syntaxChristian Poessinger
There is no reason to distinguish between WINS servers in terms of priority. This is solely a task which can be done in the underlaying Python scripts.
2020-04-11vpn: l2tp: T2264: combine IPv4/IPv6 name-server CLI syntaxChristian Poessinger
There is no reason to distinguish between an IPv4 and IPv6 name-server node on the CLI - this can be done in the underlaying Python scripts.
2020-04-11vpn: l2tp: T2264: comment cleanup on chk_con()Christian Poessinger