Skip to content

Commit bfec382

Browse files
authored
Merge pull request #3460 from vyos/mergify/bp/sagitta/pr-3450
T5756: L2TP RADIUS backup and weight settings (backport #3450)
2 parents d9f1c7c + 2d5bb02 commit bfec382

File tree

6 files changed

+82
-11
lines changed

6 files changed

+82
-11
lines changed

data/templates/accel-ppp/config_chap_secrets_radius.j2

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,20 @@ chap-secrets={{ chap_secrets_file }}
55
[radius]
66
verbose=1
77
{% for server, options in authentication.radius.server.items() if not options.disable is vyos_defined %}
8-
server={{ server }},{{ options.key }},auth-port={{ options.port }},acct-port={{ options.acct_port }},req-limit=0,fail-time={{ options.fail_time }}
8+
{% set _server_cfg = "server=" %}
9+
{% set _server_cfg = _server_cfg + server %}
10+
{% set _server_cfg = _server_cfg + "," + options.key %}
11+
{% set _server_cfg = _server_cfg + ",auth-port=" + options.port %}
12+
{% set _server_cfg = _server_cfg + ",acct-port=" + options.acct_port %}
13+
{% set _server_cfg = _server_cfg + ",req-limit=0" %}
14+
{% set _server_cfg = _server_cfg + ",fail-time=" + options.fail_time %}
15+
{% if options.priority is vyos_defined %}
16+
{% set _server_cfg = _server_cfg + ",weight=" + options.priority %}
17+
{% endif %}
18+
{% if options.backup is vyos_defined %}
19+
{% set _server_cfg = _server_cfg + ",backup" %}
20+
{% endif %}
21+
{{ _server_cfg }}
922
{% endfor %}
1023
{% if authentication.radius.accounting_interim_interval is vyos_defined %}
1124
acct-interim-interval={{ authentication.radius.accounting_interim_interval }}

interface-definitions/include/accel-ppp/radius-additions.xml.i

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,13 @@
5757
</properties>
5858
<defaultValue>0</defaultValue>
5959
</leafNode>
60+
#include <include/radius-priority.xml.i>
61+
<leafNode name="backup">
62+
<properties>
63+
<help>Use backup server if other servers are not available</help>
64+
<valueless/>
65+
</properties>
66+
</leafNode>
6067
</children>
6168
</tagNode>
6269
<leafNode name="timeout">
Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
<!-- include start from radius-priority.xml.i -->
2+
<leafNode name="priority">
3+
<properties>
4+
<help>Server priority</help>
5+
<valueHelp>
6+
<format>u32:1-255</format>
7+
<description>Server priority</description>
8+
</valueHelp>
9+
<constraint>
10+
<validator name="numeric" argument="--range 1-255"/>
11+
</constraint>
12+
</properties>
13+
</leafNode>
14+
<!-- include end -->

interface-definitions/system_login.xml.in

Lines changed: 1 addition & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -202,17 +202,8 @@
202202
<tagNode name="server">
203203
<children>
204204
#include <include/radius-timeout.xml.i>
205+
#include <include/radius-priority.xml.i>
205206
<leafNode name="priority">
206-
<properties>
207-
<help>Server priority</help>
208-
<valueHelp>
209-
<format>u32:1-255</format>
210-
<description>Server priority</description>
211-
</valueHelp>
212-
<constraint>
213-
<validator name="numeric" argument="--range 1-255"/>
214-
</constraint>
215-
</properties>
216207
<defaultValue>255</defaultValue>
217208
</leafNode>
218209
</children>

smoketest/scripts/cli/base_accel_ppp_test.py

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -367,6 +367,27 @@ def test_accel_radius_authentication(self):
367367
]
368368
)
369369

370+
self.set(
371+
[
372+
"authentication",
373+
"radius",
374+
"server",
375+
radius_server,
376+
"backup",
377+
]
378+
)
379+
380+
self.set(
381+
[
382+
"authentication",
383+
"radius",
384+
"server",
385+
radius_server,
386+
"priority",
387+
"10",
388+
]
389+
)
390+
370391
# commit changes
371392
self.cli_commit()
372393

@@ -379,6 +400,8 @@ def test_accel_radius_authentication(self):
379400
self.assertEqual(f"acct-port=0", server[3])
380401
self.assertEqual(f"req-limit=0", server[4])
381402
self.assertEqual(f"fail-time=0", server[5])
403+
self.assertIn('weight=10', server)
404+
self.assertIn('backup', server)
382405

383406
def test_accel_ipv4_pool(self):
384407
self.basic_config(is_gateway=False, is_client_pool=False)

smoketest/scripts/cli/test_vpn_l2tp.py

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -95,6 +95,29 @@ def test_vpn_l2tp_dependence_ipsec_swanctl(self):
9595
self.cli_set(base_path + ['authentication', 'protocols', 'chap'])
9696
self.cli_commit()
9797

98+
def test_l2tp_radius_server(self):
99+
base_path = ['vpn', 'l2tp', 'remote-access']
100+
radius_server = "192.0.2.22"
101+
radius_key = "secretVyOS"
102+
103+
self.cli_set(base_path + ['authentication', 'mode', 'radius'])
104+
self.cli_set(base_path + ['gateway-address', '192.0.2.1'])
105+
self.cli_set(base_path + ['client-ip-pool', 'SIMPLE-POOL', 'range', '192.0.2.0/24'])
106+
self.cli_set(base_path + ['default-pool', 'SIMPLE-POOL'])
107+
self.cli_set(base_path + ['authentication', 'radius', 'server', radius_server, 'key', radius_key])
108+
self.cli_set(base_path + ['authentication', 'radius', 'server', radius_server, 'priority', '10'])
109+
self.cli_set(base_path + ['authentication', 'radius', 'server', radius_server, 'backup'])
110+
111+
# commit changes
112+
self.cli_commit()
113+
114+
# Validate configuration values
115+
conf = ConfigParser(allow_no_value=True)
116+
conf.read(self._config_file)
117+
server = conf["radius"]["server"].split(",")
118+
self.assertIn('weight=10', server)
119+
self.assertIn('backup', server)
120+
98121

99122
if __name__ == '__main__':
100123
unittest.main(verbosity=2)

0 commit comments

Comments
 (0)