<?xml version="1.0"?> <interfaceDefinition> <node name="vpn"> <children> <node name="openconnect" owner="${vyos_conf_scripts_dir}/vpn_openconnect.py"> <properties> <help>SSL VPN OpenConnect, AnyConnect compatible server</help> <priority>901</priority> </properties> <children> <node name="authentication"> <properties> <help>Authentication for remote access SSL VPN Server</help> </properties> <children> <node name="mode"> <properties> <help>Authentication mode used by this server</help> </properties> <children> <leafNode name="local"> <properties> <help>Use local username/password configuration (OTP supported)</help> <valueHelp> <format>password</format> <description>Password-only local authentication</description> </valueHelp> <valueHelp> <format>otp</format> <description>OTP-only local authentication</description> </valueHelp> <valueHelp> <format>password-otp</format> <description>Password (first) + OTP local authentication</description> </valueHelp> <constraint> <regex>(password|otp|password-otp)</regex> </constraint> <constraintErrorMessage>Invalid authentication mode. Must be one of: password, otp or password-otp </constraintErrorMessage> <completionHelp> <list>otp password password-otp</list> </completionHelp> </properties> </leafNode> <leafNode name="radius"> <properties> <help>Use RADIUS server for user autentication</help> <valueless/> </properties> </leafNode> </children> </node> #include <include/auth-local-users.xml.i> #include <include/radius-server-ipv4.xml.i> <node name="radius"> <children> <leafNode name="timeout"> <properties> <help>Session timeout</help> <valueHelp> <format>u32:1-240</format> <description>Session timeout in seconds (default: 2)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-240"/> </constraint> <constraintErrorMessage>Timeout must be between 1 and 240 seconds</constraintErrorMessage> </properties> <defaultValue>2</defaultValue> </leafNode> </children> </node> </children> </node> <node name="listen-ports"> <properties> <help>Specify custom ports to use for client connections</help> </properties> <children> <leafNode name="tcp"> <properties> <help>tcp port number to accept connections</help> <valueHelp> <format>u32:1-65535</format> <description>Numeric IP port</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-65535"/> </constraint> </properties> <defaultValue>443</defaultValue> </leafNode> <leafNode name="udp"> <properties> <help>udp port number to accept connections</help> <valueHelp> <format>u32:1-65535</format> <description>Numeric IP port</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-65535"/> </constraint> </properties> <defaultValue>443</defaultValue> </leafNode> </children> </node> <node name="ssl"> <properties> <help>SSL Certificate, SSL Key and CA</help> </properties> <children> #include <include/pki/ca-certificate.xml.i> #include <include/pki/certificate-key.xml.i> </children> </node> <node name="network-settings"> <properties> <help>Network settings</help> </properties> <children> <leafNode name="push-route"> <properties> <help>Route to be pushed to the client</help> <valueHelp> <format>ipv4net</format> <description>IPv4 network and prefix length</description> </valueHelp> <valueHelp> <format>ipv6net</format> <description>IPv6 network and prefix length</description> </valueHelp> <constraint> <validator name="ip-prefix"/> </constraint> <multi/> </properties> </leafNode> <node name="client-ip-settings"> <properties> <help>Client IP pools settings</help> </properties> <children> <leafNode name="subnet"> <properties> <help>Client IP subnet (CIDR notation)</help> <valueHelp> <format>ipv4net</format> <description>IPv4 address and prefix length</description> </valueHelp> <constraint> <validator name="ipv4-prefix"/> </constraint> <constraintErrorMessage>Not a valid CIDR formatted prefix</constraintErrorMessage> </properties> </leafNode> </children> </node> <node name="client-ipv6-pool"> <properties> <help>Pool of client IPv6 addresses</help> </properties> <children> <leafNode name="prefix"> <properties> <help>Pool of addresses used to assign to clients</help> <valueHelp> <format>ipv6net</format> <description>IPv6 address and prefix length</description> </valueHelp> <constraint> <validator name="ipv6-prefix"/> </constraint> </properties> </leafNode> <leafNode name="mask"> <properties> <help>Prefix length used for individual client</help> <valueHelp> <format>u32:48-128</format> <description>Client prefix length</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 48-128"/> </constraint> </properties> <defaultValue>64</defaultValue> </leafNode> </children> </node> #include <include/name-server-ipv4-ipv6.xml.i> </children> </node> </children> </node> </children> </node> </interfaceDefinition>