From 217f5d42e17ae5dd55adaab1114cacc7f5a2e280 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 18 Apr 2022 12:09:50 +0200 Subject: openvpn: T4353: fix Jinja2 linting errors --- data/templates/openvpn/auth.pw.j2 | 5 + data/templates/openvpn/auth.pw.tmpl | 5 - data/templates/openvpn/client.conf.j2 | 31 +++++ data/templates/openvpn/client.conf.tmpl | 31 ----- data/templates/openvpn/server.conf.j2 | 224 ++++++++++++++++++++++++++++++++ data/templates/openvpn/server.conf.tmpl | 224 -------------------------------- 6 files changed, 260 insertions(+), 260 deletions(-) create mode 100644 data/templates/openvpn/auth.pw.j2 delete mode 100644 data/templates/openvpn/auth.pw.tmpl create mode 100644 data/templates/openvpn/client.conf.j2 delete mode 100644 data/templates/openvpn/client.conf.tmpl create mode 100644 data/templates/openvpn/server.conf.j2 delete mode 100644 data/templates/openvpn/server.conf.tmpl (limited to 'data/templates') diff --git a/data/templates/openvpn/auth.pw.j2 b/data/templates/openvpn/auth.pw.j2 new file mode 100644 index 000000000..218121062 --- /dev/null +++ b/data/templates/openvpn/auth.pw.j2 @@ -0,0 +1,5 @@ +{# Autogenerated by interfaces-openvpn.py #} +{% if authentication is vyos_defined %} +{{ authentication.username }} +{{ authentication.password }} +{% endif %} diff --git a/data/templates/openvpn/auth.pw.tmpl b/data/templates/openvpn/auth.pw.tmpl deleted file mode 100644 index 218121062..000000000 --- a/data/templates/openvpn/auth.pw.tmpl +++ /dev/null @@ -1,5 +0,0 @@ -{# Autogenerated by interfaces-openvpn.py #} -{% if authentication is vyos_defined %} -{{ authentication.username }} -{{ authentication.password }} -{% endif %} diff --git a/data/templates/openvpn/client.conf.j2 b/data/templates/openvpn/client.conf.j2 new file mode 100644 index 000000000..2e327e4d3 --- /dev/null +++ b/data/templates/openvpn/client.conf.j2 @@ -0,0 +1,31 @@ +### Autogenerated by interfaces-openvpn.py ### + +{% if ip is vyos_defined %} +ifconfig-push {{ ip[0] }} {{ server_subnet[0] | netmask_from_cidr }} +{% endif %} +{% if push_route is vyos_defined %} +{% for route in push_route %} +push "route {{ route | address_from_cidr }} {{ route | netmask_from_cidr }}" +{% endfor %} +{% endif %} +{% if subnet is vyos_defined %} +{% for network in subnet %} +iroute {{ network | address_from_cidr }} {{ network | netmask_from_cidr }} +{% endfor %} +{% endif %} +{# ipv6_remote is only set when IPv6 server is enabled #} +{% if ipv6_remote is vyos_defined %} +# IPv6 +{% if ipv6_ip is vyos_defined %} +ifconfig-ipv6-push {{ ipv6_ip[0] }} {{ ipv6_remote }} +{% endif %} +{% for route6 in ipv6_push_route %} +push "route-ipv6 {{ route6 }}" +{% endfor %} +{% for net6 in ipv6_subnet %} +iroute-ipv6 {{ net6 }} +{% endfor %} +{% endif %} +{% if disable is vyos_defined %} +disable +{% endif %} diff --git a/data/templates/openvpn/client.conf.tmpl b/data/templates/openvpn/client.conf.tmpl deleted file mode 100644 index 98c8b0273..000000000 --- a/data/templates/openvpn/client.conf.tmpl +++ /dev/null @@ -1,31 +0,0 @@ -### Autogenerated by interfaces-openvpn.py ### - -{% if ip %} -ifconfig-push {{ ip[0] }} {{ server_subnet[0] | netmask_from_cidr }} -{% endif %} -{% if push_route is vyos_defined %} -{% for route in push_route %} -push "route {{ route | address_from_cidr }} {{ route | netmask_from_cidr }}" -{% endfor %} -{% endif %} -{% if subnet is vyos_defined %} -{% for network in subnet %} -iroute {{ network | address_from_cidr }} {{ network | netmask_from_cidr }} -{% endfor %} -{% endif %} -{# ipv6_remote is only set when IPv6 server is enabled #} -{% if ipv6_remote %} -# IPv6 -{% if ipv6_ip %} -ifconfig-ipv6-push {{ ipv6_ip[0] }} {{ ipv6_remote }} -{% endif %} -{% for route6 in ipv6_push_route %} -push "route-ipv6 {{ route6 }}" -{% endfor %} -{% for net6 in ipv6_subnet %} -iroute-ipv6 {{ net6 }} -{% endfor %} -{% endif %} -{% if disable is vyos_defined %} -disable -{% endif %} diff --git a/data/templates/openvpn/server.conf.j2 b/data/templates/openvpn/server.conf.j2 new file mode 100644 index 000000000..6dd4ef88d --- /dev/null +++ b/data/templates/openvpn/server.conf.j2 @@ -0,0 +1,224 @@ +### Autogenerated by interfaces-openvpn.py ### +# +# See https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage +# for individual keyword definition +# +# {{ description if description is vyos_defined }} +# + +verb 3 +dev-type {{ device_type }} +dev {{ ifname }} +persist-key +{% if protocol is vyos_defined('tcp-active') %} +proto tcp-client +{% elif protocol is vyos_defined('tcp-passive') %} +proto tcp-server +{% else %} +proto udp +{% endif %} +{% if local_host is vyos_defined %} +local {{ local_host }} +{% endif %} +{% if mode is vyos_defined('server') and protocol is vyos_defined('udp') and local_host is not vyos_defined %} +multihome +{% endif %} +{% if local_port is vyos_defined %} +lport {{ local_port }} +{% endif %} +{% if remote_port is vyos_defined %} +rport {{ remote_port }} +{% endif %} +{% if remote_host is vyos_defined %} +{% for remote in remote_host %} +remote {{ remote }} +{% endfor %} +{% endif %} +{% if shared_secret_key is vyos_defined %} +secret /run/openvpn/{{ ifname }}_shared.key +{% endif %} +{% if persistent_tunnel is vyos_defined %} +persist-tun +{% endif %} +{% if replace_default_route.local is vyos_defined %} +push "redirect-gateway local def1" +{% elif replace_default_route is vyos_defined %} +push "redirect-gateway def1" +{% endif %} +{% if use_lzo_compression is vyos_defined %} +compress lzo +{% endif %} + +{% if mode is vyos_defined('client') %} +# +# OpenVPN Client mode +# +client +nobind + +{% elif mode is vyos_defined('server') %} +# +# OpenVPN Server mode +# +mode server +tls-server +{% if server is vyos_defined %} +{% if server.subnet is vyos_defined %} +{% if server.topology is vyos_defined('point-to-point') %} +topology p2p +{% elif server.topology is vyos_defined %} +topology {{ server.topology }} +{% endif %} +{% for subnet in server.subnet %} +{% if subnet | is_ipv4 %} +server {{ subnet | address_from_cidr }} {{ subnet | netmask_from_cidr }} nopool +{# First ip address is used as gateway. It's allows to use metrics #} +{% if server.push_route is vyos_defined %} +{% for route, route_config in server.push_route.items() %} +{% if route | is_ipv4 %} +push "route {{ route | address_from_cidr }} {{ route | netmask_from_cidr }} {{ subnet | first_host_address ~ ' ' ~ route_config.metric if route_config.metric is vyos_defined }}" +{% elif route | is_ipv6 %} +push "route-ipv6 {{ route }}" +{% endif %} +{% endfor %} +{% endif %} +{# OpenVPN assigns the first IP address to its local interface so the pool used #} +{# in net30 topology - where each client receives a /30 must start from the second subnet #} +{% if server.topology is vyos_defined('net30') %} +ifconfig-pool {{ subnet | inc_ip('4') }} {{ subnet | last_host_address | dec_ip('1') }} {{ subnet | netmask_from_cidr if device_type == 'tap' else '' }} +{% else %} +{# OpenVPN assigns the first IP address to its local interface so the pool must #} +{# start from the second address and end on the last address #} +ifconfig-pool {{ subnet | first_host_address | inc_ip('1') }} {{ subnet | last_host_address | dec_ip('1') }} {{ subnet | netmask_from_cidr if device_type == 'tun' else '' }} +{% endif %} +{% elif subnet | is_ipv6 %} +server-ipv6 {{ subnet }} +{% endif %} +{% endfor %} +{% endif %} + +{% if server.client_ip_pool is vyos_defined and server.client_ip_pool.disable is not vyos_defined %} +ifconfig-pool {{ server.client_ip_pool.start }} {{ server.client_ip_pool.stop }}{{ server.client_ip_pool.subnet_mask if server.client_ip_pool.subnet_mask is vyos_defined }} +{% endif %} +{% if server.max_connections is vyos_defined %} +max-clients {{ server.max_connections }} +{% endif %} +{% if server.client is vyos_defined %} +client-config-dir /run/openvpn/ccd/{{ ifname }} +{% endif %} +{% endif %} +keepalive {{ keep_alive.interval }} {{ keep_alive.interval | int * keep_alive.failure_count | int }} +management /run/openvpn/openvpn-mgmt-intf unix +{% if server is vyos_defined %} +{% if server.reject_unconfigured_clients is vyos_defined %} +ccd-exclusive +{% endif %} + +{% if server.name_server is vyos_defined %} +{% for nameserver in server.name_server %} +{% if nameserver | is_ipv4 %} +push "dhcp-option DNS {{ nameserver }}" +{% elif nameserver | is_ipv6 %} +push "dhcp-option DNS6 {{ nameserver }}" +{% endif %} +{% endfor %} +{% endif %} +{% if server.domain_name is vyos_defined %} +push "dhcp-option DOMAIN {{ server.domain_name }}" +{% endif %} +{% if server.mfa.totp is vyos_defined %} +{% set totp_config = server.mfa.totp %} +plugin "{{ plugin_dir }}/openvpn-otp.so" "otp_secrets=/config/auth/openvpn/{{ ifname }}-otp-secrets otp_slop={{ totp_config.slop }} totp_t0={{ totp_config.drift }} totp_step={{ totp_config.step }} totp_digits={{ totp_config.digits }} password_is_cr={{ '1' if totp_config.challenge == 'enable' else '0' }}" +{% endif %} +{% endif %} +{% else %} +# +# OpenVPN site-2-site mode +# +ping {{ keep_alive.interval }} +ping-restart {{ keep_alive.failure_count }} + +{% if device_type == 'tap' %} +{% if local_address is vyos_defined %} +{% for laddr, laddr_conf in local_address.items() if laddr | is_ipv4 %} +{% if laddr_conf.subnet_mask is vyos_defined %} +ifconfig {{ laddr }} {{ laddr_conf.subnet_mask }} +{% endif %} +{% endfor %} +{% endif %} +{% else %} +{% for laddr in local_address if laddr | is_ipv4 %} +{% for raddr in remote_address if raddr | is_ipv4 %} +ifconfig {{ laddr }} {{ raddr }} +{% endfor %} +{% endfor %} +{% for laddr in local_address if laddr | is_ipv6 %} +{% for raddr in remote_address if raddr | is_ipv6 %} +ifconfig-ipv6 {{ laddr }} {{ raddr }} +{% endfor %} +{% endfor %} +{% endif %} +{% endif %} + +{% if tls is vyos_defined %} +# TLS options +{% if tls.ca_certificate is vyos_defined %} +ca /run/openvpn/{{ ifname }}_ca.pem +{% endif %} +{% if tls.certificate is vyos_defined %} +cert /run/openvpn/{{ ifname }}_cert.pem +{% endif %} +{% if tls.private_key is vyos_defined %} +key /run/openvpn/{{ ifname }}_cert.key +{% endif %} +{% if tls.crypt_key is vyos_defined %} +tls-crypt /run/openvpn/{{ ifname }}_crypt.key +{% endif %} +{% if tls.crl is vyos_defined %} +crl-verify /run/openvpn/{{ ifname }}_crl.pem +{% endif %} +{% if tls.tls_version_min is vyos_defined %} +tls-version-min {{ tls.tls_version_min }} +{% endif %} +{% if tls.dh_params is vyos_defined %} +dh /run/openvpn/{{ ifname }}_dh.pem +{% elif mode is vyos_defined('server') and tls.private_key is vyos_defined %} +dh none +{% endif %} +{% if tls.auth_key is vyos_defined %} +{% if mode == 'client' %} +tls-auth /run/openvpn/{{ ifname }}_auth.key 1 +{% elif mode == 'server' %} +tls-auth /run/openvpn/{{ ifname }}_auth.key 0 +{% endif %} +{% endif %} +{% if tls.role is vyos_defined('active') %} +tls-client +{% elif tls.role is vyos_defined('passive') %} +tls-server +{% endif %} +{% endif %} + +# Encryption options +{% if encryption is vyos_defined %} +{% if encryption.cipher is vyos_defined %} +cipher {{ encryption.cipher | openvpn_cipher }} +{% if encryption.cipher is vyos_defined('bf128') %} +keysize 128 +{% elif encryption.cipher is vyos_defined('bf256') %} +keysize 256 +{% endif %} +{% endif %} +{% if encryption.ncp_ciphers is vyos_defined %} +data-ciphers {{ encryption.ncp_ciphers | openvpn_ncp_ciphers }} +{% endif %} +{% endif %} + +{% if hash is vyos_defined %} +auth {{ hash }} +{% endif %} + +{% if authentication is vyos_defined %} +auth-user-pass {{ auth_user_pass_file }} +auth-retry nointeract +{% endif %} diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl deleted file mode 100644 index f26680fa3..000000000 --- a/data/templates/openvpn/server.conf.tmpl +++ /dev/null @@ -1,224 +0,0 @@ -### Autogenerated by interfaces-openvpn.py ### -# -# See https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage -# for individual keyword definition -# -# {{ description if description is vyos_defined }} -# - -verb 3 -dev-type {{ device_type }} -dev {{ ifname }} -persist-key -{% if protocol == 'tcp-active' %} -proto tcp-client -{% elif protocol == 'tcp-passive' %} -proto tcp-server -{% else %} -proto udp -{% endif %} -{% if local_host is vyos_defined %} -local {{ local_host }} -{% endif %} -{% if mode is vyos_defined('server') and protocol is vyos_defined('udp') and local_host is not vyos_defined %} -multihome -{% endif %} -{% if local_port is vyos_defined %} -lport {{ local_port }} -{% endif %} -{% if remote_port is vyos_defined %} -rport {{ remote_port }} -{% endif %} -{% if remote_host is vyos_defined %} -{% for remote in remote_host %} -remote {{ remote }} -{% endfor %} -{% endif %} -{% if shared_secret_key is vyos_defined %} -secret /run/openvpn/{{ ifname }}_shared.key -{% endif %} -{% if persistent_tunnel is vyos_defined %} -persist-tun -{% endif %} -{% if replace_default_route.local is vyos_defined %} -push "redirect-gateway local def1" -{% elif replace_default_route is vyos_defined %} -push "redirect-gateway def1" -{% endif %} -{% if use_lzo_compression is vyos_defined %} -compress lzo -{% endif %} - -{% if mode == 'client' %} -# -# OpenVPN Client mode -# -client -nobind - -{% elif mode == 'server' %} -# -# OpenVPN Server mode -# -mode server -tls-server -{% if server is vyos_defined %} -{% if server.subnet is vyos_defined %} -{% if server.topology is vyos_defined('point-to-point') %} -topology p2p -{% elif server.topology is vyos_defined %} -topology {{ server.topology }} -{% endif %} -{% for subnet in server.subnet %} -{% if subnet | is_ipv4 %} -server {{ subnet | address_from_cidr }} {{ subnet | netmask_from_cidr }} nopool -{# First ip address is used as gateway. It's allows to use metrics #} -{% if server.push_route is vyos_defined %} -{% for route, route_config in server.push_route.items() %} -{% if route | is_ipv4 %} -push "route {{ route | address_from_cidr }} {{ route | netmask_from_cidr }}{% if route_config.metric is vyos_defined %} {{ subnet | first_host_address }} {{ route_config.metric }}{% endif %}" -{% elif route | is_ipv6 %} -push "route-ipv6 {{ route }}" -{% endif %} -{% endfor %} -{% endif %} -{# OpenVPN assigns the first IP address to its local interface so the pool used #} -{# in net30 topology - where each client receives a /30 must start from the second subnet #} -{% if server.topology is vyos_defined('net30') %} -ifconfig-pool {{ subnet | inc_ip('4') }} {{ subnet | last_host_address | dec_ip('1') }} {{ subnet | netmask_from_cidr if device_type == 'tap' else '' }} -{% else %} -{# OpenVPN assigns the first IP address to its local interface so the pool must #} -{# start from the second address and end on the last address #} -ifconfig-pool {{ subnet | first_host_address | inc_ip('1') }} {{ subnet | last_host_address | dec_ip('1') }} {{ subnet | netmask_from_cidr if device_type == 'tun' else '' }} -{% endif %} -{% elif subnet | is_ipv6 %} -server-ipv6 {{ subnet }} -{% endif %} -{% endfor %} -{% endif %} - -{% if server.client_ip_pool is vyos_defined and server.client_ip_pool.disable is not vyos_defined %} -ifconfig-pool {{ server.client_ip_pool.start }} {{ server.client_ip_pool.stop }}{{ server.client_ip_pool.subnet_mask if server.client_ip_pool.subnet_mask is vyos_defined }} -{% endif %} -{% if server.max_connections is vyos_defined %} -max-clients {{ server.max_connections }} -{% endif %} -{% if server.client is vyos_defined %} -client-config-dir /run/openvpn/ccd/{{ ifname }} -{% endif %} -{% endif %} -keepalive {{ keep_alive.interval }} {{ keep_alive.interval|int * keep_alive.failure_count|int }} -management /run/openvpn/openvpn-mgmt-intf unix -{% if server is vyos_defined %} -{% if server.reject_unconfigured_clients is vyos_defined %} -ccd-exclusive -{% endif %} - -{% if server.name_server is vyos_defined %} -{% for nameserver in server.name_server %} -{% if nameserver | is_ipv4 %} -push "dhcp-option DNS {{ nameserver }}" -{% elif nameserver | is_ipv6 %} -push "dhcp-option DNS6 {{ nameserver }}" -{% endif %} -{% endfor %} -{% endif %} -{% if server.domain_name is vyos_defined %} -push "dhcp-option DOMAIN {{ server.domain_name }}" -{% endif %} -{% if server.mfa.totp is vyos_defined %} -{% set totp_config = server.mfa.totp %} -plugin "{{ plugin_dir}}/openvpn-otp.so" "otp_secrets=/config/auth/openvpn/{{ ifname }}-otp-secrets {{ 'otp_slop=' ~ totp_config.slop }} {{ 'totp_t0=' ~ totp_config.drift }} {{ 'totp_step=' ~ totp_config.step }} {{ 'totp_digits=' ~ totp_config.digits }} password_is_cr={{ '1' if totp_config.challenge == 'enable' else '0' }}" -{% endif %} -{% endif %} -{% else %} -# -# OpenVPN site-2-site mode -# -ping {{ keep_alive.interval }} -ping-restart {{ keep_alive.failure_count }} - -{% if device_type == 'tap' %} -{% if local_address is vyos_defined %} -{% for laddr, laddr_conf in local_address.items() if laddr | is_ipv4 %} -{% if laddr_conf.subnet_mask is vyos_defined %} -ifconfig {{ laddr }} {{ laddr_conf.subnet_mask }} -{% endif %} -{% endfor %} -{% endif %} -{% else %} -{% for laddr in local_address if laddr | is_ipv4 %} -{% for raddr in remote_address if raddr | is_ipv4 %} -ifconfig {{ laddr }} {{ raddr }} -{% endfor %} -{% endfor %} -{% for laddr in local_address if laddr | is_ipv6 %} -{% for raddr in remote_address if raddr | is_ipv6 %} -ifconfig-ipv6 {{ laddr }} {{ raddr }} -{% endfor %} -{% endfor %} -{% endif %} -{% endif %} - -{% if tls is vyos_defined %} -# TLS options -{% if tls.ca_certificate is vyos_defined %} -ca /run/openvpn/{{ ifname }}_ca.pem -{% endif %} -{% if tls.certificate is vyos_defined %} -cert /run/openvpn/{{ ifname }}_cert.pem -{% endif %} -{% if tls.private_key is vyos_defined %} -key /run/openvpn/{{ ifname }}_cert.key -{% endif %} -{% if tls.crypt_key is vyos_defined %} -tls-crypt /run/openvpn/{{ ifname }}_crypt.key -{% endif %} -{% if tls.crl is vyos_defined %} -crl-verify /run/openvpn/{{ ifname }}_crl.pem -{% endif %} -{% if tls.tls_version_min is vyos_defined %} -tls-version-min {{ tls.tls_version_min }} -{% endif %} -{% if tls.dh_params is vyos_defined %} -dh /run/openvpn/{{ ifname }}_dh.pem -{% elif mode is vyos_defined('server') and tls.private_key is vyos_defined %} -dh none -{% endif %} -{% if tls.auth_key is vyos_defined %} -{% if mode == 'client' %} -tls-auth /run/openvpn/{{ ifname }}_auth.key 1 -{% elif mode == 'server' %} -tls-auth /run/openvpn/{{ ifname }}_auth.key 0 -{% endif %} -{% endif %} -{% if tls.role is vyos_defined('active') %} -tls-client -{% elif tls.role is vyos_defined('passive') %} -tls-server -{% endif %} -{% endif %} - -# Encryption options -{% if encryption is vyos_defined %} -{% if encryption.cipher is vyos_defined %} -cipher {{ encryption.cipher | openvpn_cipher }} -{% if encryption.cipher is vyos_defined('bf128') %} -keysize 128 -{% elif encryption.cipher is vyos_defined('bf256') %} -keysize 256 -{% endif %} -{% endif %} -{% if encryption.ncp_ciphers is vyos_defined %} -data-ciphers {{ encryption.ncp_ciphers | openvpn_ncp_ciphers }} -{% endif %} -{% endif %} - -{% if hash is vyos_defined %} -auth {{ hash }} -{% endif %} - -{% if authentication is vyos_defined %} -auth-user-pass {{ auth_user_pass_file }} -auth-retry nointeract -{% endif %} -- cgit v1.2.3