From a68c9238111c6caee78bb28f8054b8f0cfa0e374 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 24 Feb 2022 22:47:12 +0100 Subject: scripts: T4269: node.def generator should automatically add default values Since introducing the XML node it was common, but redundant, practice to also add a help string indicating which value would be used as default if the node is unset. This makes no sense b/c it's duplicated code/value/characters and prone to error. The node.def scripts should be extended to automatically render the appropriate default value into the CLI help string. For e.g. SSH the current PoC renders: $ cat templates-cfg/service/ssh/port/node.def multi: type: txt help: Port for SSH service (default: 22) val_help: u32:1-65535; Numeric IP port ... Not all subsystems are already migrated to get_config_dict() and make use of the defaults() call - those subsystems need to be migrated, first before the new default is added to the CLI help. --- interface-definitions/vpn_openconnect.xml.in | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'interface-definitions/vpn_openconnect.xml.in') diff --git a/interface-definitions/vpn_openconnect.xml.in b/interface-definitions/vpn_openconnect.xml.in index 0db5e79d0..3fc34bacc 100644 --- a/interface-definitions/vpn_openconnect.xml.in +++ b/interface-definitions/vpn_openconnect.xml.in @@ -41,7 +41,7 @@ Session timeout u32:1-30 - Session timeout in seconds (default: 2) + Session timeout in seconds @@ -61,10 +61,10 @@ - tcp port number to accept connections (default: 443) + tcp port number to accept connections u32:1-65535 - Numeric IP port (default: 443) + Numeric IP port @@ -74,10 +74,10 @@ - udp port number to accept connections (default: 443) + udp port number to accept connections u32:1-65535 - Numeric IP port (default: 443) + Numeric IP port @@ -160,7 +160,7 @@ Prefix length used for individual client u32:48-128 - Client prefix length (default: 64) + Client prefix length -- cgit v1.2.3 From 257345cd152c23a465332dea4af034244007aaa7 Mon Sep 17 00:00:00 2001 From: RageLtMan Date: Mon, 28 Feb 2022 08:32:30 -0500 Subject: open-connect: T4274: extend RADIUS authentication timeout RADIUS authentication can be handled by a variety of mechanisms, including proxy for 2FA systems requiring user interaction with a separate device, token acquisition, or other time-consuming action. Given the delays required for certain 2FA implementations, a thirty second timeout can range from onerous to untenable. Accomodate the 2FA time requirements by extending the hard-coded RADIUS time limit from 30 seconds to 240. Co-authored-by: RageLtMan --- interface-definitions/vpn_openconnect.xml.in | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'interface-definitions/vpn_openconnect.xml.in') diff --git a/interface-definitions/vpn_openconnect.xml.in b/interface-definitions/vpn_openconnect.xml.in index 3fc34bacc..f418f5d75 100644 --- a/interface-definitions/vpn_openconnect.xml.in +++ b/interface-definitions/vpn_openconnect.xml.in @@ -40,13 +40,13 @@ Session timeout - u32:1-30 - Session timeout in seconds + u32:1-240 + Session timeout in seconds (default: 2) - + - Timeout must be between 1 and 30 seconds + Timeout must be between 1 and 240 seconds 2 -- cgit v1.2.3