accel-ppp: T5688: Standardized pool configuration in accel-ppp

Standardized pool configuration for all accel-ppp services.
1. Only named pools are used now.
2. Allows all services to use range in x.x.x.x/mask
   and x.x.x.x-x.x.x.y format
3. next-pool can be used in all services
2. Allows to use in ipoe gw-ip-address without pool configuration
   which allows to use Fraimed-IP-Address attribute by radius.
3. Default pool name should be explicidly configured
   with default-pool.
4. In ipoe netmask and range subnet can be different.

Author: aapostoliuk

data/templates/accel-ppp/config_chap_secrets_radius.j2

@@ -30,7 +30,16 @@ dae-server={{ authentication.radius.dynamic_author.server }}:{{ authentication.r
 {%     endif %}
 {% endif %}
 {# Both chap-secrets and radius block required the gw-ip-address #}
-{% if gateway_address is vyos_defined %}
+{% if authentication.mode is vyos_defined('local') or authentication.mode is vyos_defined('radius') %}
+{%     if gateway_address is vyos_defined %}
+{%         if server_type == 'ipoe' %}
+{%             for gw in gateway_address %}
+{%                 set host_address, _ = gw.split('/') %}
+gw-ip-address={{ host_address }}
+{%             endfor %}
+{%         else %}
 gw-ip-address={{ gateway_address }}
+{%         endif %}
+{%     endif %}
 {% endif %}
 

data/templates/accel-ppp/config_ip_pool.j2

@@ -1,24 +1,22 @@
-{% if client_ip_pool is vyos_defined %}
+{% if ordered_named_pools is vyos_defined %}
 [ip-pool]
 {%     if gateway_address is vyos_defined %}
+{%         if server_type == 'ipoe' %}
+{%             for gw in gateway_address %}
+{%                 set host_address, _ = gw.split('/') %}
+gw-ip-address={{ host_address }}
+{%             endfor %}
+{%         else %}
 gw-ip-address={{ gateway_address }}
+{%         endif %}
 {%     endif %}
-{%     if client_ip_pool.start is vyos_defined and client_ip_pool.stop is vyos_defined %}
-{{ client_ip_pool.start }}-{{ client_ip_pool.stop.split('.')[3] }}
-{%     endif %}
-{%     if client_ip_pool.subnet is vyos_defined %}
-{%         for subnet in client_ip_pool.subnet %}
-{{ subnet }}
-{%         endfor %}
-{%     endif %}
-{%     if client_ip_pool.name is vyos_defined %}
-{%         for pool, pool_config in client_ip_pool.name.items() %}
-{%             if pool_config.subnet is vyos_defined %}
-{{ pool_config.subnet }},name={{ pool }}
-{%             endif %}
-{%             if pool_config.gateway_address is vyos_defined %}
-gw-ip-address={{ pool_config.gateway_address }}
+{%     for pool in ordered_named_pools %}
+{%         for pool_name, pool_config in pool.items() %}
+{%             if pool_config.next_pool is vyos_defined %}
+{{ pool_config.range }},name={{ pool_name }},next={{ pool_config.next_pool }}
+{%             else %}
+{{ pool_config.range }},name={{ pool_name }}
 {%             endif %}
 {%         endfor %}
-{%     endif %}
+{%     endfor %}
 {% endif %}

data/templates/accel-ppp/ipoe.config.j2

@@ -55,38 +55,18 @@ noauth=1
 username=ifname
 password=csid
 {% endif %}
-{% if client_ip_pool.name is vyos_defined %}
-{%     if first_named_pool is vyos_defined %}
-ip-pool={{ first_named_pool }}
-{%     else %}
-{%         for pool, pool_options in client_ip_pool.name.items() %}
-{%             if pool_options.subnet is vyos_defined %}
-ip-pool={{ pool }}
-{%             endif %}
-{%         endfor %}
-{%     endif %}
-{%     for pool, pool_options in client_ip_pool.name.items() %}
-{%         if pool_options.gateway_address is vyos_defined %}
-gw-ip-address={{ pool_options.gateway_address }}/{{ pool_options.subnet.split('/')[1] }}
-{%         endif %}
+{% if default_pool is vyos_defined %}
+ip-pool={{ default_pool }}
+{% endif %}
+{% if gateway_address is vyos_defined %}
+{%     for gw_addr in gateway_address %}
+gw-ip-address={{ gw_addr }}
 {%     endfor %}
 {% endif %}
 proxy-arp=1
 
-{% if ordered_named_pools is vyos_defined %}
-[ip-pool]
-{%     for p in ordered_named_pools %}
-{%         for pool, pool_options in p.items() %}
-{%             set next_named_pool = ',next=' ~ pool_options.next_pool if pool_options.next_pool is vyos_defined else '' %}
-{{ pool_options.subnet }},name={{ pool }}{{ next_named_pool }}
-{%         endfor %}
-{%     endfor %}
-{%     for p in ordered_named_pools %}
-{%         for pool, pool_options in p.items() %}
-gw-ip-address={{ pool_options.gateway_address }}/{{ pool_options.subnet.split('/')[1] }}
-{%         endfor %}
-{%     endfor %}
-{% endif %}
+{# Common IP pool definitions #}
+{% include 'accel-ppp/config_ip_pool.j2' %}
 
 {# Common IPv6 pool definitions #}
 {% include 'accel-ppp/config_ipv6_pool.j2' %}

data/templates/accel-ppp/l2tp.config.j2

@@ -6,11 +6,9 @@ chap-secrets
 {% for proto in auth_proto %}
 {{ proto }}
 {% endfor %}
-
 {% if auth_mode == 'radius' %}
 radius
 {% endif %}
-
 ippool
 shaper
 ipv6pool
@@ -65,24 +63,15 @@ secret={{ lns_shared_secret }}
 {% if lns_host_name %}
 host-name={{ lns_host_name }}
 {% endif %}
+{% if default_pool is vyos_defined %}
+ip-pool={{ default_pool }}
+{% endif %}
 
 [client-ip-range]
 0.0.0.0/0
 
-{% if client_ip_pool or client_ip_subnets %}
-[ip-pool]
-{%     if client_ip_pool %}
-{{ client_ip_pool }}
-{%     endif %}
-{%     if client_ip_subnets %}
-{%         for sn in client_ip_subnets %}
-{{ sn }}
-{%         endfor %}
-{%     endif %}
-{% endif %}
-{% if gateway_address %}
-gw-ip-address={{ gateway_address }}
-{% endif %}
+{# Common IP pool definitions #}
+{% include 'accel-ppp/config_ip_pool.j2' %}
 
 {% if auth_mode == 'local' %}
 [chap-secrets]
@@ -115,7 +104,7 @@ nas-ip-address={{ radius_nas_ip }}
 bind={{ radius_source_address }}
 {%     endif %}
 {% endif %}
-{% if gateway_address %}
+{% if gateway_address is vyos_defined %}
 gw-ip-address={{ gateway_address }}
 {% endif %}
 

data/templates/accel-ppp/pppoe.config.j2

@@ -108,7 +108,6 @@ unit-cache={{ ppp_options.interface_cache }}
 [pppoe]
 verbose=1
 ac-name={{ access_concentrator }}
-
 {% if interface is vyos_defined %}
 {%     for iface, iface_config in interface.items() %}
 {%         if iface_config.vlan is not vyos_defined %}
@@ -121,11 +120,9 @@ vlan-mon={{ iface }},{{ iface_config.vlan | join(',') }}
 {%         endif %}
 {%     endfor %}
 {% endif %}
-
 {% if service_name %}
 service-name={{ service_name | join(',') }}
 {% endif %}
-
 {% if pado_delay %}
 {%     set pado_delay_param = namespace(value='0') %}
 {%     for delay in pado_delay | sort(attribute='0') %}
@@ -140,21 +137,11 @@ pado-delay={{ pado_delay_param.value }}
 {% if authentication.radius.called_sid_format is vyos_defined %}
 called-sid={{ authentication.radius.called_sid_format }}
 {% endif %}
-
-{% if authentication.mode is vyos_defined("local") or authentication.mode is vyos_defined("noauth") %}
-{%     if authentication.mode is vyos_defined("noauth") %}
+{% if authentication.mode is vyos_defined("noauth") %}
 noauth=1
-{%     endif %}
-{%     if client_ip_pool.name is vyos_defined %}
-{%         for pool, pool_config in client_ip_pool.name.items() %}
-{%             if pool_config.subnet is vyos_defined %}
-ip-pool={{ pool }}
-{%             endif %}
-{%             if pool_config.gateway_address is vyos_defined %}
-gw-ip-address={{ pool_config.gateway_address }}/{{ pool_config.subnet.split('/')[1] }}
-{%             endif %}
-{%         endfor %}
-{%     endif %}
+{% endif %}
+{% if default_pool is vyos_defined %}
+ip-pool={{ default_pool }}
 {% endif %}
 
 {% if limits is vyos_defined %}

data/templates/accel-ppp/pptp.config.j2

@@ -51,14 +51,15 @@ ppp-max-mtu={{ mtu }}
 mppe={{ ppp_mppe }}
 echo-interval=10
 echo-failure=3
-
+{% if default_pool is vyos_defined %}
+ip-pool={{ default_pool }}
+{% endif %}
 
 [client-ip-range]
 0.0.0.0/0
 
-[ip-pool]
-tunnel={{ client_ip_pool }}
-gw-ip-address={{ gw_ip }}
+{# Common IP pool definitions #}
+{% include 'accel-ppp/config_ip_pool.j2' %}
 
 [ppp]
 verbose=5
@@ -74,18 +75,15 @@ verbose=1
 {%     for r in radius_server %}
 server={{ r.server }},{{ r.key }},auth-port={{ r.port }},acct-port={{ r.acct_port }},req-limit=0,fail-time={{ r.fail_time }}
 {%     endfor %}
-
 {%     if radius_acct_interim_interval is vyos_defined %}
 acct-interim-interval={{ radius_acct_interim_interval }}
 {%     endif %}
 {%     if radius_acct_inter_jitter %}
 acct-interim-jitter={{ radius_acct_inter_jitter }}
 {%     endif %}
-
 acct-timeout={{ radius_acct_tmo }}
 timeout={{ radius_timeout }}
 max-try={{ radius_max_try }}
-
 {%     if radius_nas_id %}
 nas-identifier={{ radius_nas_id }}
 {%     endif %}
@@ -97,8 +95,8 @@ bind={{ radius_source_address }}
 {%     endif %}
 {% endif %}
 {# Both chap-secrets and radius block required the gw-ip-address #}
-{% if gw_ip is defined and gw_ip is not none %}
-gw-ip-address={{ gw_ip }}
+{% if gateway_address is vyos_defined %}
+gw-ip-address={{ gateway_address }}
 {% endif %}
 
 {% if radius_shaper_enable %}

data/templates/accel-ppp/sstp.config.j2

@@ -36,6 +36,9 @@ accept=ssl
 ssl-ca-file=/run/accel-pppd/sstp-ca.pem
 ssl-pemfile=/run/accel-pppd/sstp-cert.pem
 ssl-keyfile=/run/accel-pppd/sstp-cert.key
+{% if default_pool is vyos_defined %}
+ip-pool={{ default_pool }}
+{% endif %}
 
 {# Common IP pool definitions #}
 {% include 'accel-ppp/config_ip_pool.j2' %}
@@ -56,7 +59,6 @@ check-ip=1
 mtu={{ mtu }}
 ipv6={{ 'allow' if ppp_options.ipv6 is vyos_defined("deny") and client_ipv6_pool is vyos_defined else ppp_options.ipv6 }}
 ipv4={{ ppp_options.ipv4 }}
-
 mppe={{ ppp_options.mppe }}
 lcp-echo-interval={{ ppp_options.lcp_echo_interval }}
 lcp-echo-timeout={{ ppp_options.lcp_echo_timeout }}