summaryrefslogtreecommitdiff
path: root/docs/vpn.rst
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2019-01-23 17:58:15 +0100
committerChristian Poessinger <christian@poessinger.com>2019-01-23 17:58:15 +0100
commit39be522874db60ed575267a8b7866e5c519cb51b (patch)
tree0ce3b1b9de583cc8afce3b6f9b49761b2817f6e0 /docs/vpn.rst
parentbc5ad9350e7444d5efc470340cb0c979c0606e0c (diff)
downloadvyos-documentation-39be522874db60ed575267a8b7866e5c519cb51b.tar.gz
vyos-documentation-39be522874db60ed575267a8b7866e5c519cb51b.zip
VPN: adjust RADIUS server syntax for L2TP
Diffstat (limited to 'docs/vpn.rst')
-rw-r--r--docs/vpn.rst20
1 files changed, 13 insertions, 7 deletions
diff --git a/docs/vpn.rst b/docs/vpn.rst
index 46a7b957..786e0a8e 100644
--- a/docs/vpn.rst
+++ b/docs/vpn.rst
@@ -321,12 +321,13 @@ VyOS supports either `local` or `radius` user authentication:
set vpn l2tp remote-access authentication mode <local|radius>
In addition one or more RADIUS_ servers can be configured to server for user
-authentication. This is done using the `radius-server` and `key` nodes:
+authentication. This is done using the `radius server` and `radius server key`
+nodes:
.. code-block:: sh
- set vpn l2tp remote-access authentication radius-server 1.1.1.1 key 'foo'
- set vpn l2tp remote-access authentication radius-server 2.2.2.2 key 'foo'
+ set vpn l2tp remote-access authentication radius server 1.1.1.1 key 'foo'
+ set vpn l2tp remote-access authentication radius server 2.2.2.2 key 'foo'
.. note:: Some RADIUS_ severs make use of an access control list who is allowed
to query the server. Please configure your VyOS router in the allowed client
@@ -335,11 +336,16 @@ authentication. This is done using the `radius-server` and `key` nodes:
RADIUS source address
*********************
-Yet there is no way to configure the used RADIUS_ client source IP address on
-the VyOS router, this is work in progres, see https://phabricator.vyos.net/T828.
+If you are using e.g. OSPF as IGP always the nearest interface facing the RADIUS
+server is used. With VyOS 1.2 you can bind all outgoing RADIUS requests to a
+single source IP e.g. the loopback interface.
-The IP address nearest to the radius server is currently used. If in doubt,
-configure all IP addresses from the VyOS router in question.
+.. code-block:: sh
+
+ set vpn l2tp remote-access authentication radius source-address 3.3.3.3
+
+Above command will use `3.3.3.3` as source IPv4 address for all RADIUS queries
+on this NAS.
Site-to-Site IPsec
------------------