From b4a675c551523029ae89b61c841f54c1f2c02855 Mon Sep 17 00:00:00 2001
From: DmitriyEshenko <snooppy@mail.ua>
Date: Wed, 7 Aug 2019 20:26:45 +0000
Subject: [l2tp] T1566 ipv6 implementation

---
 interface-definitions/l2tp-server.xml | 40 +++++++++++++++++++++++++++
 src/conf_mode/accel_l2tp.py           | 52 ++++++++++++++++++++++++++++++++++-
 2 files changed, 91 insertions(+), 1 deletion(-)

diff --git a/interface-definitions/l2tp-server.xml b/interface-definitions/l2tp-server.xml
index d5b6a921b..721913dfe 100644
--- a/interface-definitions/l2tp-server.xml
+++ b/interface-definitions/l2tp-server.xml
@@ -67,6 +67,19 @@
                   </leafNode>
                 </children>
               </node>
+              <leafNode name="dnsv6-servers">
+                <properties>
+                  <help>IPv6 Domain Name Service (DNS) server</help>
+                  <valueHelp>
+                  <format>ipv6</format>
+                    <description>IPv6 DNS address</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="ipv6-address"/>
+                  </constraint>
+                  <multi />
+                </properties>
+              </leafNode>
               <node name="lns">
                 <properties>
                   <help>L2TP Network Server (LNS)</help>
@@ -255,6 +268,33 @@
                   </leafNode>
                 </children>
               </node>
+              <node name="client-ipv6-pool">
+                <properties>
+                  <help>Pool of client IPv6 addresses</help>
+                </properties>
+                <children>
+                  <leafNode name="prefix">
+                    <properties>
+                      <help>IPV6 prefix delegation</help>
+                      <valueHelp>
+                        <format>ipv6prefix/mask,prefix_len</format>
+                        <description>e.g.: fc00:0:1::/48,64 - divides prefix into /64 subnets for clients</description>
+                      </valueHelp>
+                      <multi />
+                    </properties>
+                  </leafNode>
+                  <leafNode name="delegate-prefix">
+                    <properties>
+                      <help>DHCPv6 prefix delegation - rfc3633</help>
+                      <valueHelp>
+                        <format>ipv6prefix/mask,prefix_len</format>
+                        <description>Delegate to clients through DHCPv6 prefix delegation - rfc3633</description>
+                      </valueHelp>
+                      <multi />
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
               <leafNode name="description">
                 <properties>
                   <help>Description for L2TP remote-access settings</help>
diff --git a/src/conf_mode/accel_l2tp.py b/src/conf_mode/accel_l2tp.py
index 3a224974e..3af8b7958 100755
--- a/src/conf_mode/accel_l2tp.py
+++ b/src/conf_mode/accel_l2tp.py
@@ -53,6 +53,9 @@ radius
 {% endif -%}
 ippool
 shaper
+ipv6pool
+ipv6_nd
+ipv6_dhcp
 
 [core]
 thread-count={{thread_cnt}}
@@ -72,6 +75,13 @@ dns2={{dns[1]}}
 {% endif %}
 {% endif -%}
 
+{% if dnsv6 %}
+[ipv6-dns]
+{% for srv in dnsv6: %}
+{{srv}}
+{% endfor %}
+{% endif %}
+
 {% if wins %}
 [wins]
 {% if wins[0] %}
@@ -127,6 +137,9 @@ lcp-echo-interval=30
 {% if ccp_disable %}
 ccp=0
 {% endif %}
+{% if client_ipv6_pool %}
+ipv6=allow
+{% endif %}
 
 {% if authentication['mode'] == 'radius' %}
 [radius]
@@ -159,6 +172,21 @@ gw-ip-address={{outside_nexthop}}
 verbose=1
 {% endif -%}
 
+{% if client_ipv6_pool %}
+[ipv6-pool]
+{% for prfx in client_ipv6_pool.prefix: %}
+{{prfx}}
+{% endfor %}
+{% for prfx in client_ipv6_pool.delegate_prefix: %}
+delegate={{prfx}}
+{% endfor %}
+{% endif %}
+
+{% if client_ipv6_pool['delegate_prefix'] %}
+[ipv6-dhcp]
+verbose=1
+{% endif %}
+
 {% if authentication['radiusopt']['shaper'] %}
 [shaper]
 verbose=1
@@ -170,6 +198,7 @@ vendor={{authentication['radiusopt']['shaper']['vendor']}}
 
 [cli]
 tcp=127.0.0.1:2004
+sessions-columns=ifname,username,calling-sid,ip,{{ip6_column}}{{ip6_dp_column}}rate-limit,type,comp,state,rx-bytes,tx-bytes,uptime
 
 '''
 
@@ -250,10 +279,14 @@ def get_config():
     'outside_addr'        : '',
     'outside_nexthop'     : '',
     'dns'                 : [],
+    'dnsv6'               : [],
     'wins'                : [],
     'client_ip_pool'      : None,
     'client_ip_subnets'   : [],
-    'mtu'              : '1436',
+    'client_ipv6_pool'    : {},
+    'mtu'                 : '1436',
+    'ip6_column'          : '',
+    'ip6_dp_column'       : '',
   }
 
   ### general options ###
@@ -262,6 +295,9 @@ def get_config():
     config_data['dns'].append( c.return_value('dns-servers server-1'))
   if c.exists('dns-servers server-2'):
     config_data['dns'].append( c.return_value('dns-servers server-2'))
+  if c.exists('dnsv6-servers'):
+    for dns6_server in c.return_values('dnsv6-servers'):
+      config_data['dnsv6'].append(dns6_server)
   if c.exists('wins-servers server-1'):
     config_data['wins'].append( c.return_value('wins-servers server-1'))
   if c.exists('wins-servers server-2'):
@@ -369,6 +405,13 @@ def get_config():
   if c.exists('client-ip-pool subnet'):
     config_data['client_ip_subnets'] = c.return_values('client-ip-pool subnet')
 
+  if c.exists('client-ipv6-pool prefix'):
+    config_data['client_ipv6_pool']['prefix'] = c.return_values('client-ipv6-pool prefix')
+    config_data['ip6_column'] = 'ip6,'
+  if c.exists('client-ipv6-pool delegate-prefix'):
+    config_data['client_ipv6_pool']['delegate_prefix'] = c.return_values('client-ipv6-pool delegate-prefix')
+    config_data['ip6_dp_column'] = 'ip6-dp,'
+
   if c.exists('mtu'):
     config_data['mtu'] = c.return_value('mtu')
 
@@ -424,6 +467,13 @@ def verify(c):
     #raise ConfigError('set vpn l2tp remote-access outside-nexthop required')
     print ("WARMING: set vpn l2tp remote-access outside-nexthop required")
 
+  ## check ipv6
+  if 'delegate_prefix' in c['client_ipv6_pool'] and not 'prefix' in c['client_ipv6_pool']:
+    raise ConfigError("\"set vpn l2tp remote-access client-ipv6-pool prefix\" required for delegate-prefix ")
+
+  if len(c['dnsv6']) > 3:
+    raise ConfigError("Maximum allowed dnsv6-servers addresses is 3")
+
 def generate(c):
   if c == None:
     return None
-- 
cgit v1.2.3