From ee63d76964e3129e372e5c3fd8bc5bf028fc3874 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 18 Apr 2020 11:57:49 +0200 Subject: pppoe-server: T2314: migrate IPv4/IPv6 name-servers to common node Instead of having "dns-server server-1|server-2" nodes and the same for IPv6 all DNS nameservers are migrated to a common name-servers node. --- src/migration-scripts/pppoe-server/2-to-3 | 76 +++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100755 src/migration-scripts/pppoe-server/2-to-3 (limited to 'src/migration-scripts/pppoe-server') diff --git a/src/migration-scripts/pppoe-server/2-to-3 b/src/migration-scripts/pppoe-server/2-to-3 new file mode 100755 index 000000000..c85ada904 --- /dev/null +++ b/src/migration-scripts/pppoe-server/2-to-3 @@ -0,0 +1,76 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2020 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# - remove primary/secondary identifier from nameserver + +import os +import sys + +from sys import argv, exit +from vyos.configtree import ConfigTree + +if (len(argv) < 1): + print("Must specify file name!") + exit(1) + +file_name = argv[1] + +with open(file_name, 'r') as f: + config_file = f.read() + +config = ConfigTree(config_file) +base = ['service', 'pppoe-server'] +if not config.exists(base): + # Nothing to do + exit(0) +else: + + # Migrate IPv4 DNS servers + dns_base = base + ['dns-servers'] + if config.exists(dns_base): + for server in ['server-1', 'server-2']: + if config.exists(dns_base + [server]): + dns = config.return_value(dns_base + [server]) + config.set(base + ['name-server'], value=dns, replace=False) + + config.delete(dns_base) + + # Migrate IPv6 DNS servers + dns_base = base + ['dnsv6-servers'] + if config.exists(dns_base): + for server in ['server-1', 'server-2', 'server-3']: + if config.exists(dns_base + [server]): + dns = config.return_value(dns_base + [server]) + config.set(base + ['name-server'], value=dns, replace=False) + + config.delete(dns_base) + + # Migrate IPv4 WINS servers + wins_base = base + ['wins-servers'] + if config.exists(wins_base): + for server in ['server-1', 'server-2']: + if config.exists(wins_base + [server]): + wins = config.return_value(wins_base + [server]) + config.set(base + ['wins-server'], value=wins, replace=False) + + config.delete(wins_base) + + try: + with open(file_name, 'w') as f: + f.write(config.to_string()) + except OSError as e: + print("Failed to save the modified config: {}".format(e)) + exit(1) -- cgit v1.2.3 From cda566dfde944f705244f0b9a9293d1a47c55a50 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 18 Apr 2020 12:20:11 +0200 Subject: pppoe-server: T2314: migrate RADIUS configuration to common CLI syntax --- interface-definitions/service_pppoe-server.xml.in | 54 ++++++++--------------- src/conf_mode/service_pppoe-server.py | 12 +++-- src/migration-scripts/pppoe-server/2-to-3 | 7 +++ 3 files changed, 34 insertions(+), 39 deletions(-) (limited to 'src/migration-scripts/pppoe-server') diff --git a/interface-definitions/service_pppoe-server.xml.in b/interface-definitions/service_pppoe-server.xml.in index dced54b64..0d7c3568c 100644 --- a/interface-definitions/service_pppoe-server.xml.in +++ b/interface-definitions/service_pppoe-server.xml.in @@ -126,37 +126,26 @@ - - - IP address of RADIUS server - - ipv4 - IP address of RADIUS server - - - - - - Key for accessing the specified server - - - - - Maximum number of simultaneous requests to server (default: unlimited) - - - - - If server does not responds mark it as unavailable for this amount of time in seconds - - - - - - - RADIUS settings - + #include + + + + + + Mark server unavailable for <n> seconds on failure + + 0-600 + Fail time penalty + + + + + Fail time must be between 0 and 600 seconds + + + + Timeout to wait response from server (seconds) @@ -177,11 +166,6 @@ Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests. - - - Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address. - - IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA) diff --git a/src/conf_mode/service_pppoe-server.py b/src/conf_mode/service_pppoe-server.py index 238208eff..52be86b14 100755 --- a/src/conf_mode/service_pppoe-server.py +++ b/src/conf_mode/service_pppoe-server.py @@ -71,6 +71,7 @@ default_config_data = { 'radius_timeout': '3', 'radius_nas_id': '', 'radius_nas_ip': '', + 'radius_source_address': '', 'radius_shaper_attr': '', 'radius_shaper_vendor': '', 'radius_dynamic_author': '', @@ -198,7 +199,7 @@ def get_config(): # authentication mode radius servers and settings if conf.exists(['authentication', 'mode', 'radius']): - for server in conf.list_nodes(['authentication', 'radius-server']): + for server in conf.list_nodes(['authentication', 'radius', 'server']): radius = { 'server' : server, 'key' : '', @@ -214,15 +215,15 @@ def get_config(): if conf.exists(['port']): radius['port'] = conf.return_value(['port']) - if conf.exists(['secret']): - radius['key'] = conf.return_value(['secret']) + if conf.exists(['key']): + radius['key'] = conf.return_value(['key']) if not conf.exists(['disable']): pppoe['radius_server'].append(radius) # # advanced radius-setting - conf.set_level(base_path + ['authentication', 'radius-settings']) + conf.set_level(base_path + ['authentication', 'radius']) if conf.exists(['acct-timeout']): pppoe['radius_acct_tmo'] = conf.return_value(['acct-timeout']) @@ -239,6 +240,9 @@ def get_config(): if conf.exists(['nas-ip-address']): pppoe['radius_nas_ip'] = conf.return_value(['nas-ip-address']) + if conf.exists(['source-address']): + pppoe['radius_source_address'] = conf.return_value(['source-address']) + # Dynamic Authorization Extensions (DOA)/Change Of Authentication (COA) if conf.exists(['dynamic-author']): dae = { diff --git a/src/migration-scripts/pppoe-server/2-to-3 b/src/migration-scripts/pppoe-server/2-to-3 index c85ada904..977f1ef43 100755 --- a/src/migration-scripts/pppoe-server/2-to-3 +++ b/src/migration-scripts/pppoe-server/2-to-3 @@ -68,6 +68,13 @@ else: config.delete(wins_base) + # Remove RADIUS server req-limit node + radius_base = base + ['authentication', 'radius'] + if config.exists(radius_base): + for server in config.list_nodes(radius_base + ['server']): + if config.exists(radius_base + ['server', server, 'req-limit']): + config.delete(radius_base + ['server', server, 'req-limit']) + try: with open(file_name, 'w') as f: f.write(config.to_string()) -- cgit v1.2.3 From 901d5e89ec6e3fb0f3d13f90f0495a4dda592454 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 18 Apr 2020 12:35:10 +0200 Subject: pppoe-server: T2314: migrate IPv6 to common CLI nodes with embeeded validation --- data/templates/l2tp/l2tp.config.tmpl | 1 - data/templates/pppoe-server/pppoe.config.tmpl | 8 +-- .../include/accel-client-ipv6-pool.xml.in | 59 +++++++++++++++++++++ interface-definitions/service_pppoe-server.xml.in | 20 +------- interface-definitions/vpn_l2tp.xml.in | 60 +--------------------- src/conf_mode/service_pppoe-server.py | 32 ++++++++++-- src/conf_mode/vpn_l2tp.py | 2 +- src/migration-scripts/l2tp/2-to-3 | 6 +-- src/migration-scripts/pppoe-server/2-to-3 | 31 +++++++++++ 9 files changed, 128 insertions(+), 91 deletions(-) create mode 100644 interface-definitions/include/accel-client-ipv6-pool.xml.in (limited to 'src/migration-scripts/pppoe-server') diff --git a/data/templates/l2tp/l2tp.config.tmpl b/data/templates/l2tp/l2tp.config.tmpl index ba78cadcd..84f544203 100644 --- a/data/templates/l2tp/l2tp.config.tmpl +++ b/data/templates/l2tp/l2tp.config.tmpl @@ -124,7 +124,6 @@ ipv6=allow {% for p in client_ipv6_delegate_prefix %} delegate={{ p.prefix }},{{ p.mask }} {% endfor %} - {% endif %} {% if client_ipv6_delegate_prefix %} diff --git a/data/templates/pppoe-server/pppoe.config.tmpl b/data/templates/pppoe-server/pppoe.config.tmpl index 8bc6b5f4b..325b75adc 100644 --- a/data/templates/pppoe-server/pppoe.config.tmpl +++ b/data/templates/pppoe-server/pppoe.config.tmpl @@ -56,11 +56,11 @@ gw-ip-address={{ ppp_gw }} {% if client_ipv6_pool %} [ipv6-pool] -{% for prefix in client_ipv6_pool['prefix']: %} -{{ prefix }} +{% for p in client_ipv6_pool %} +{{ p.prefix }},{{ p.mask }} {% endfor %} -{% for prefix in client_ipv6_pool['delegate-prefix']: %} -delegate={{ prefix }} +{% for p in client_ipv6_delegate_prefix %} +delegate={{ p.prefix }},{{ p.mask }} {% endfor %} {% endif %} diff --git a/interface-definitions/include/accel-client-ipv6-pool.xml.in b/interface-definitions/include/accel-client-ipv6-pool.xml.in new file mode 100644 index 000000000..455ada6ef --- /dev/null +++ b/interface-definitions/include/accel-client-ipv6-pool.xml.in @@ -0,0 +1,59 @@ + + + Pool of client IPv6 addresses + + + + + Pool of addresses used to assign to clients + + ipv6net + IPv6 address and prefix length + + + + + + + + + Prefix length used for individual client + + <48-128> + Client prefix length (default: 64) + + + + + + + + + + + Subnet used to delegate prefix through DHCPv6-PD (RFC3633) + + ipv6net + IPv6 address and prefix length + + + + + + + + + Prefix length delegated to client + + <32-64> + Delegated prefix length + + + + + + + + + + diff --git a/interface-definitions/service_pppoe-server.xml.in b/interface-definitions/service_pppoe-server.xml.in index 0d7c3568c..e42de4f90 100644 --- a/interface-definitions/service_pppoe-server.xml.in +++ b/interface-definitions/service_pppoe-server.xml.in @@ -248,25 +248,7 @@ - - - Pool of client IPv6 addresses - - - - - Format: ipv6prefix/mask,prefix_len (e.g.: fc00:0:1::/48,64 - divides prefix into /64 subnets for clients) - - - - - - Format: ipv6prefix/mask,prefix_len (delegate to clients through DHCPv6 prefix delegation - rfc3633) - - - - - + #include Domain Name Server (DNS) propagated to client diff --git a/interface-definitions/vpn_l2tp.xml.in b/interface-definitions/vpn_l2tp.xml.in index d4286a810..d92817ca0 100644 --- a/interface-definitions/vpn_l2tp.xml.in +++ b/interface-definitions/vpn_l2tp.xml.in @@ -232,65 +232,7 @@ - - - Pool of client IPv6 addresses - - - - - Pool of addresses used to assign to clients - - ipv6net - IPv6 address and prefix length - - - - - - - - - Prefix length used for individual client - - <48-128> - Client prefix length (default: 64) - - - - - - - - - - - Subnet used to delegate prefix through DHCPv6-PD (RFC3633) - - ipv6net - IPv6 address and prefix length - - - - - - - - - Prefix length delegated to client - - <32-64> - Delegated prefix length - - - - - - - - - - + #include Description for L2TP remote-access settings diff --git a/src/conf_mode/service_pppoe-server.py b/src/conf_mode/service_pppoe-server.py index 52be86b14..aa8b9d141 100755 --- a/src/conf_mode/service_pppoe-server.py +++ b/src/conf_mode/service_pppoe-server.py @@ -35,7 +35,8 @@ default_config_data = { 'chap_secrets_file': pppoe_chap_secrets, # used in Jinja2 template 'client_ip_pool': '', 'client_ip_subnets': [], - 'client_ipv6_pool': {}, + 'client_ipv6_pool': [], + 'client_ipv6_delegate_prefix': [], 'concentrator': 'vyos-ac', 'interfaces': [], 'local_users' : [], @@ -130,6 +131,7 @@ def get_config(): if conf.exists(['wins-server']): pppoe['wins'] = conf.return_values(['wins-server']) + if conf.exists(['client-ip-pool']): if conf.exists(['client-ip-pool', 'start']) and conf.exists(['client-ip-pool', 'stop']): start = conf.return_value(['client-ip-pool', 'start']) @@ -139,10 +141,32 @@ def get_config(): if conf.exists(['client-ip-pool', 'subnet']): pppoe['client_ip_subnets'] = conf.return_values(['client-ip-pool', 'subnet']) + if conf.exists(['client-ipv6-pool', 'prefix']): - pppoe['client_ipv6_pool']['prefix'] = conf.return_values(['client-ipv6-pool', 'prefix']) - if conf.exists(['client-ipv6-pool', 'delegate-prefix']): - pppoe['client_ipv6_pool']['delegate-prefix'] = conf.return_values(['client-ipv6-pool', 'delegate-prefix']) + for prefix in conf.list_nodes(['client-ipv6-pool', 'prefix']): + tmp = { + 'prefix': prefix, + 'mask': '64' + } + + if conf.exists(['client-ipv6-pool', 'prefix', prefix, 'mask']): + tmp['mask'] = conf.return_value(['client-ipv6-pool', 'prefix', prefix, 'mask']) + + pppoe['client_ipv6_pool'].append(tmp) + + + if conf.exists(['client-ipv6-pool', 'delegate']): + for prefix in conf.list_nodes(['client-ipv6-pool', 'delegate']): + tmp = { + 'prefix': prefix, + 'mask': '' + } + + if conf.exists(['client-ipv6-pool', 'delegate', prefix, 'delegation-prefix']): + tmp['mask'] = conf.return_value(['client-ipv6-pool', 'delegate', prefix, 'delegation-prefix']) + + pppoe['client_ipv6_delegate_prefix'].append(tmp) + if conf.exists(['limits']): if conf.exists(['limits', 'burst']): diff --git a/src/conf_mode/vpn_l2tp.py b/src/conf_mode/vpn_l2tp.py index 06803e7e0..331f22465 100755 --- a/src/conf_mode/vpn_l2tp.py +++ b/src/conf_mode/vpn_l2tp.py @@ -252,7 +252,7 @@ def get_config(): 'mask': '' } - if conf.exists(['client-ipv6-pool', 'delegate', prefix, 'mask']): + if conf.exists(['client-ipv6-pool', 'delegate', prefix, 'delegation-prefix']): tmp['mask'] = conf.return_value(['client-ipv6-pool', 'delegate', prefix, 'delegation-prefix']) l2tp['client_ipv6_delegate_prefix'].append(tmp) diff --git a/src/migration-scripts/l2tp/2-to-3 b/src/migration-scripts/l2tp/2-to-3 index bd0839e03..3472ee3ed 100755 --- a/src/migration-scripts/l2tp/2-to-3 +++ b/src/migration-scripts/l2tp/2-to-3 @@ -95,13 +95,13 @@ else: # delete old delegate prefix CLI nodes config.delete(ipv6_base + ['delegate-prefix']) # create ned delegation tag node - config.set(ipv6_base + ['delegate ']) - config.set_tag(ipv6_base + ['delegate ']) + config.set(ipv6_base + ['delegate']) + config.set_tag(ipv6_base + ['delegate']) for p in prefix_old: prefix = p.split(',')[0] mask = p.split(',')[1] - config.set(ipv6_base + ['delegate', prefix, 'mask'], value=mask) + config.set(ipv6_base + ['delegate', prefix, 'delegate-prefix'], value=mask) try: with open(file_name, 'w') as f: diff --git a/src/migration-scripts/pppoe-server/2-to-3 b/src/migration-scripts/pppoe-server/2-to-3 index 977f1ef43..eb3e00b8b 100755 --- a/src/migration-scripts/pppoe-server/2-to-3 +++ b/src/migration-scripts/pppoe-server/2-to-3 @@ -75,6 +75,37 @@ else: if config.exists(radius_base + ['server', server, 'req-limit']): config.delete(radius_base + ['server', server, 'req-limit']) + # Migrate IPv6 prefixes + ipv6_base = base + ['client-ipv6-pool'] + if config.exists(ipv6_base + ['prefix']): + prefix_old = config.return_values(ipv6_base + ['prefix']) + # delete old prefix CLI nodes + config.delete(ipv6_base + ['prefix']) + # create ned prefix tag node + config.set(ipv6_base + ['prefix']) + config.set_tag(ipv6_base + ['prefix']) + + for p in prefix_old: + prefix = p.split(',')[0] + mask = p.split(',')[1] + config.set(ipv6_base + ['prefix', prefix, 'mask'], value=mask) + + if config.exists(ipv6_base + ['delegate-prefix']): + prefix_old = config.return_values(ipv6_base + ['delegate-prefix']) + # delete old delegate prefix CLI nodes + config.delete(ipv6_base + ['delegate-prefix']) + # create ned delegation tag node + config.set(ipv6_base + ['delegate']) + config.set_tag(ipv6_base + ['delegate']) + + for p in prefix_old: + prefix = p.split(',')[0] + mask = p.split(',')[1] + config.set(ipv6_base + ['delegate', prefix, 'delegation-prefix'], value=mask) + + print(config.to_string()) + exit(1) + try: with open(file_name, 'w') as f: f.write(config.to_string()) -- cgit v1.2.3