diff options
author | Christian Poessinger <christian@poessinger.com> | 2019-01-23 17:58:15 +0100 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2019-01-23 17:58:15 +0100 |
commit | 39be522874db60ed575267a8b7866e5c519cb51b (patch) | |
tree | 0ce3b1b9de583cc8afce3b6f9b49761b2817f6e0 /docs/vpn.rst | |
parent | bc5ad9350e7444d5efc470340cb0c979c0606e0c (diff) | |
download | vyos-documentation-39be522874db60ed575267a8b7866e5c519cb51b.tar.gz vyos-documentation-39be522874db60ed575267a8b7866e5c519cb51b.zip |
VPN: adjust RADIUS server syntax for L2TP
Diffstat (limited to 'docs/vpn.rst')
-rw-r--r-- | docs/vpn.rst | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/docs/vpn.rst b/docs/vpn.rst index 46a7b957..786e0a8e 100644 --- a/docs/vpn.rst +++ b/docs/vpn.rst @@ -321,12 +321,13 @@ VyOS supports either `local` or `radius` user authentication: set vpn l2tp remote-access authentication mode <local|radius> In addition one or more RADIUS_ servers can be configured to server for user -authentication. This is done using the `radius-server` and `key` nodes: +authentication. This is done using the `radius server` and `radius server key` +nodes: .. code-block:: sh - set vpn l2tp remote-access authentication radius-server 1.1.1.1 key 'foo' - set vpn l2tp remote-access authentication radius-server 2.2.2.2 key 'foo' + set vpn l2tp remote-access authentication radius server 1.1.1.1 key 'foo' + set vpn l2tp remote-access authentication radius server 2.2.2.2 key 'foo' .. note:: Some RADIUS_ severs make use of an access control list who is allowed to query the server. Please configure your VyOS router in the allowed client @@ -335,11 +336,16 @@ authentication. This is done using the `radius-server` and `key` nodes: RADIUS source address ********************* -Yet there is no way to configure the used RADIUS_ client source IP address on -the VyOS router, this is work in progres, see https://phabricator.vyos.net/T828. +If you are using e.g. OSPF as IGP always the nearest interface facing the RADIUS +server is used. With VyOS 1.2 you can bind all outgoing RADIUS requests to a +single source IP e.g. the loopback interface. -The IP address nearest to the radius server is currently used. If in doubt, -configure all IP addresses from the VyOS router in question. +.. code-block:: sh + + set vpn l2tp remote-access authentication radius source-address 3.3.3.3 + +Above command will use `3.3.3.3` as source IPv4 address for all RADIUS queries +on this NAS. Site-to-Site IPsec ------------------ |