From 422eb463d413da812eabc28706e507a9910d7b53 Mon Sep 17 00:00:00 2001 From: aapostoliuk Date: Mon, 13 Nov 2023 11:17:23 +0200 Subject: accel-ppp: T5688: Standardized pool configuration in accel-ppp Standardized pool configuration for all accel-ppp services. 1. Only named pools are used now. 2. Allows all services to use range in x.x.x.x/mask and x.x.x.x-x.x.x.y format 3. next-pool can be used in all services 2. Allows to use in ipoe gw-ip-address without pool configuration which allows to use Fraimed-IP-Address attribute by radius. 3. Default pool name should be explicidly configured with default-pool. 4. In ipoe netmask and range subnet can be different. --- .../accel-ppp/config_chap_secrets_radius.j2 | 11 ++++++- data/templates/accel-ppp/config_ip_pool.j2 | 32 +++++++++---------- data/templates/accel-ppp/ipoe.config.j2 | 36 +++++----------------- data/templates/accel-ppp/l2tp.config.j2 | 23 ++++---------- data/templates/accel-ppp/pppoe.config.j2 | 21 +++---------- data/templates/accel-ppp/pptp.config.j2 | 16 +++++----- data/templates/accel-ppp/sstp.config.j2 | 4 ++- 7 files changed, 53 insertions(+), 90 deletions(-) (limited to 'data/templates/accel-ppp') diff --git a/data/templates/accel-ppp/config_chap_secrets_radius.j2 b/data/templates/accel-ppp/config_chap_secrets_radius.j2 index a498d8186..595e3a565 100644 --- a/data/templates/accel-ppp/config_chap_secrets_radius.j2 +++ b/data/templates/accel-ppp/config_chap_secrets_radius.j2 @@ -30,7 +30,16 @@ dae-server={{ authentication.radius.dynamic_author.server }}:{{ authentication.r {% endif %} {% endif %} {# Both chap-secrets and radius block required the gw-ip-address #} -{% if gateway_address is vyos_defined %} +{% if authentication.mode is vyos_defined('local') or authentication.mode is vyos_defined('radius') %} +{% if gateway_address is vyos_defined %} +{% if server_type == 'ipoe' %} +{% for gw in gateway_address %} +{% set host_address, _ = gw.split('/') %} +gw-ip-address={{ host_address }} +{% endfor %} +{% else %} gw-ip-address={{ gateway_address }} +{% endif %} +{% endif %} {% endif %} diff --git a/data/templates/accel-ppp/config_ip_pool.j2 b/data/templates/accel-ppp/config_ip_pool.j2 index f7511e445..c567236a4 100644 --- a/data/templates/accel-ppp/config_ip_pool.j2 +++ b/data/templates/accel-ppp/config_ip_pool.j2 @@ -1,24 +1,22 @@ -{% if client_ip_pool is vyos_defined %} +{% if ordered_named_pools is vyos_defined %} [ip-pool] {% if gateway_address is vyos_defined %} +{% if server_type == 'ipoe' %} +{% for gw in gateway_address %} +{% set host_address, _ = gw.split('/') %} +gw-ip-address={{ host_address }} +{% endfor %} +{% else %} gw-ip-address={{ gateway_address }} +{% endif %} {% endif %} -{% if client_ip_pool.start is vyos_defined and client_ip_pool.stop is vyos_defined %} -{{ client_ip_pool.start }}-{{ client_ip_pool.stop.split('.')[3] }} -{% endif %} -{% if client_ip_pool.subnet is vyos_defined %} -{% for subnet in client_ip_pool.subnet %} -{{ subnet }} -{% endfor %} -{% endif %} -{% if client_ip_pool.name is vyos_defined %} -{% for pool, pool_config in client_ip_pool.name.items() %} -{% if pool_config.subnet is vyos_defined %} -{{ pool_config.subnet }},name={{ pool }} -{% endif %} -{% if pool_config.gateway_address is vyos_defined %} -gw-ip-address={{ pool_config.gateway_address }} +{% for pool in ordered_named_pools %} +{% for pool_name, pool_config in pool.items() %} +{% if pool_config.next_pool is vyos_defined %} +{{ pool_config.range }},name={{ pool_name }},next={{ pool_config.next_pool }} +{% else %} +{{ pool_config.range }},name={{ pool_name }} {% endif %} {% endfor %} -{% endif %} +{% endfor %} {% endif %} \ No newline at end of file diff --git a/data/templates/accel-ppp/ipoe.config.j2 b/data/templates/accel-ppp/ipoe.config.j2 index 555a033d3..588f3d462 100644 --- a/data/templates/accel-ppp/ipoe.config.j2 +++ b/data/templates/accel-ppp/ipoe.config.j2 @@ -55,38 +55,18 @@ noauth=1 username=ifname password=csid {% endif %} -{% if client_ip_pool.name is vyos_defined %} -{% if first_named_pool is vyos_defined %} -ip-pool={{ first_named_pool }} -{% else %} -{% for pool, pool_options in client_ip_pool.name.items() %} -{% if pool_options.subnet is vyos_defined %} -ip-pool={{ pool }} -{% endif %} -{% endfor %} -{% endif %} -{% for pool, pool_options in client_ip_pool.name.items() %} -{% if pool_options.gateway_address is vyos_defined %} -gw-ip-address={{ pool_options.gateway_address }}/{{ pool_options.subnet.split('/')[1] }} -{% endif %} +{% if default_pool is vyos_defined %} +ip-pool={{ default_pool }} +{% endif %} +{% if gateway_address is vyos_defined %} +{% for gw_addr in gateway_address %} +gw-ip-address={{ gw_addr }} {% endfor %} {% endif %} proxy-arp=1 -{% if ordered_named_pools is vyos_defined %} -[ip-pool] -{% for p in ordered_named_pools %} -{% for pool, pool_options in p.items() %} -{% set next_named_pool = ',next=' ~ pool_options.next_pool if pool_options.next_pool is vyos_defined else '' %} -{{ pool_options.subnet }},name={{ pool }}{{ next_named_pool }} -{% endfor %} -{% endfor %} -{% for p in ordered_named_pools %} -{% for pool, pool_options in p.items() %} -gw-ip-address={{ pool_options.gateway_address }}/{{ pool_options.subnet.split('/')[1] }} -{% endfor %} -{% endfor %} -{% endif %} +{# Common IP pool definitions #} +{% include 'accel-ppp/config_ip_pool.j2' %} {# Common IPv6 pool definitions #} {% include 'accel-ppp/config_ipv6_pool.j2' %} diff --git a/data/templates/accel-ppp/l2tp.config.j2 b/data/templates/accel-ppp/l2tp.config.j2 index b089d3e71..89cc0eae7 100644 --- a/data/templates/accel-ppp/l2tp.config.j2 +++ b/data/templates/accel-ppp/l2tp.config.j2 @@ -6,11 +6,9 @@ chap-secrets {% for proto in auth_proto %} {{ proto }} {% endfor %} - {% if auth_mode == 'radius' %} radius {% endif %} - ippool shaper ipv6pool @@ -65,24 +63,15 @@ secret={{ lns_shared_secret }} {% if lns_host_name %} host-name={{ lns_host_name }} {% endif %} +{% if default_pool is vyos_defined %} +ip-pool={{ default_pool }} +{% endif %} [client-ip-range] 0.0.0.0/0 -{% if client_ip_pool or client_ip_subnets %} -[ip-pool] -{% if client_ip_pool %} -{{ client_ip_pool }} -{% endif %} -{% if client_ip_subnets %} -{% for sn in client_ip_subnets %} -{{ sn }} -{% endfor %} -{% endif %} -{% endif %} -{% if gateway_address %} -gw-ip-address={{ gateway_address }} -{% endif %} +{# Common IP pool definitions #} +{% include 'accel-ppp/config_ip_pool.j2' %} {% if auth_mode == 'local' %} [chap-secrets] @@ -115,7 +104,7 @@ nas-ip-address={{ radius_nas_ip }} bind={{ radius_source_address }} {% endif %} {% endif %} -{% if gateway_address %} +{% if gateway_address is vyos_defined %} gw-ip-address={{ gateway_address }} {% endif %} diff --git a/data/templates/accel-ppp/pppoe.config.j2 b/data/templates/accel-ppp/pppoe.config.j2 index e1ae3660e..4bb1c4450 100644 --- a/data/templates/accel-ppp/pppoe.config.j2 +++ b/data/templates/accel-ppp/pppoe.config.j2 @@ -108,7 +108,6 @@ unit-cache={{ ppp_options.interface_cache }} [pppoe] verbose=1 ac-name={{ access_concentrator }} - {% if interface is vyos_defined %} {% for iface, iface_config in interface.items() %} {% if iface_config.vlan is not vyos_defined %} @@ -121,11 +120,9 @@ vlan-mon={{ iface }},{{ iface_config.vlan | join(',') }} {% endif %} {% endfor %} {% endif %} - {% if service_name %} service-name={{ service_name | join(',') }} {% endif %} - {% if pado_delay %} {% set pado_delay_param = namespace(value='0') %} {% for delay in pado_delay | sort(attribute='0') %} @@ -140,21 +137,11 @@ pado-delay={{ pado_delay_param.value }} {% if authentication.radius.called_sid_format is vyos_defined %} called-sid={{ authentication.radius.called_sid_format }} {% endif %} - -{% if authentication.mode is vyos_defined("local") or authentication.mode is vyos_defined("noauth") %} -{% if authentication.mode is vyos_defined("noauth") %} +{% if authentication.mode is vyos_defined("noauth") %} noauth=1 -{% endif %} -{% if client_ip_pool.name is vyos_defined %} -{% for pool, pool_config in client_ip_pool.name.items() %} -{% if pool_config.subnet is vyos_defined %} -ip-pool={{ pool }} -{% endif %} -{% if pool_config.gateway_address is vyos_defined %} -gw-ip-address={{ pool_config.gateway_address }}/{{ pool_config.subnet.split('/')[1] }} -{% endif %} -{% endfor %} -{% endif %} +{% endif %} +{% if default_pool is vyos_defined %} +ip-pool={{ default_pool }} {% endif %} {% if limits is vyos_defined %} diff --git a/data/templates/accel-ppp/pptp.config.j2 b/data/templates/accel-ppp/pptp.config.j2 index 46a9f933a..4e891777f 100644 --- a/data/templates/accel-ppp/pptp.config.j2 +++ b/data/templates/accel-ppp/pptp.config.j2 @@ -51,14 +51,15 @@ ppp-max-mtu={{ mtu }} mppe={{ ppp_mppe }} echo-interval=10 echo-failure=3 - +{% if default_pool is vyos_defined %} +ip-pool={{ default_pool }} +{% endif %} [client-ip-range] 0.0.0.0/0 -[ip-pool] -tunnel={{ client_ip_pool }} -gw-ip-address={{ gw_ip }} +{# Common IP pool definitions #} +{% include 'accel-ppp/config_ip_pool.j2' %} [ppp] verbose=5 @@ -74,18 +75,15 @@ verbose=1 {% for r in radius_server %} server={{ r.server }},{{ r.key }},auth-port={{ r.port }},acct-port={{ r.acct_port }},req-limit=0,fail-time={{ r.fail_time }} {% endfor %} - {% if radius_acct_interim_interval is vyos_defined %} acct-interim-interval={{ radius_acct_interim_interval }} {% endif %} {% if radius_acct_inter_jitter %} acct-interim-jitter={{ radius_acct_inter_jitter }} {% endif %} - acct-timeout={{ radius_acct_tmo }} timeout={{ radius_timeout }} max-try={{ radius_max_try }} - {% if radius_nas_id %} nas-identifier={{ radius_nas_id }} {% endif %} @@ -97,8 +95,8 @@ bind={{ radius_source_address }} {% endif %} {% endif %} {# Both chap-secrets and radius block required the gw-ip-address #} -{% if gw_ip is defined and gw_ip is not none %} -gw-ip-address={{ gw_ip }} +{% if gateway_address is vyos_defined %} +gw-ip-address={{ gateway_address }} {% endif %} {% if radius_shaper_enable %} diff --git a/data/templates/accel-ppp/sstp.config.j2 b/data/templates/accel-ppp/sstp.config.j2 index cf1d23f54..6117cea1b 100644 --- a/data/templates/accel-ppp/sstp.config.j2 +++ b/data/templates/accel-ppp/sstp.config.j2 @@ -36,6 +36,9 @@ accept=ssl ssl-ca-file=/run/accel-pppd/sstp-ca.pem ssl-pemfile=/run/accel-pppd/sstp-cert.pem ssl-keyfile=/run/accel-pppd/sstp-cert.key +{% if default_pool is vyos_defined %} +ip-pool={{ default_pool }} +{% endif %} {# Common IP pool definitions #} {% include 'accel-ppp/config_ip_pool.j2' %} @@ -56,7 +59,6 @@ check-ip=1 mtu={{ mtu }} ipv6={{ 'allow' if ppp_options.ipv6 is vyos_defined("deny") and client_ipv6_pool is vyos_defined else ppp_options.ipv6 }} ipv4={{ ppp_options.ipv4 }} - mppe={{ ppp_options.mppe }} lcp-echo-interval={{ ppp_options.lcp_echo_interval }} lcp-echo-timeout={{ ppp_options.lcp_echo_timeout }} -- cgit v1.2.3