diff options
| -rw-r--r-- | docs/services/index.rst | 1 | ||||
| -rw-r--r-- | docs/vpn/index.rst | 9 | ||||
| -rw-r--r-- | docs/vpn/sstp.rst (renamed from docs/services/sstp-server.rst) | 120 | 
3 files changed, 67 insertions, 63 deletions
| diff --git a/docs/services/index.rst b/docs/services/index.rst index e0773090..ed00a29b 100644 --- a/docs/services/index.rst +++ b/docs/services/index.rst @@ -17,7 +17,6 @@ This chapter describes the available system/network services provided by VyOS.     mdns-repeater     ipoe-server     pppoe-server -   sstp-server     udp-broadcast-relay     snmp     ssh diff --git a/docs/vpn/index.rst b/docs/vpn/index.rst index d0e440b0..42a90a3f 100644 --- a/docs/vpn/index.rst +++ b/docs/vpn/index.rst @@ -7,10 +7,11 @@ VPN  .. toctree::     :maxdepth: 2 -   openvpn -   l2tp -   site2site_ipsec -   gre-ipsec     dmvpn +   gre-ipsec +   l2tp +   openvpn     pptp +   site2site_ipsec +   sstp     wireguard diff --git a/docs/services/sstp-server.rst b/docs/vpn/sstp.rst index 6e311e19..c5eb5dbf 100644 --- a/docs/services/sstp-server.rst +++ b/docs/vpn/sstp.rst @@ -62,17 +62,33 @@ commands can be used.  Configuration  ============= -.. cfgcmd:: set service sstp-server authentication local-users username <user> password <pass> +.. cfgcmd:: set vpn sstp authentication local-users username <user> password <pass>    Create `<user>` for local authentication on this system. The users password    will be set to `<pass>`. -.. cfgcmd:: set service sstp-server authentication protocols <pap | chap | mschap | mschap-v2> +.. cfgcmd:: set vpn sstp authentication local-users username <user> disable + +  Disable `<user>` account. + +.. cfgcmd:: set vpn sstp authentication local-users username <user> static-ip <address> + +  Assign static IP address to `<user>` account. + +.. cfgcmd:: set vpn sstp authentication local-users username <user> rate-limit download <bandwidth> + +  Download bandwidth limit in kbit/s for `<user>`. + +.. cfgcmd:: set vpn sstp authentication local-users username <user> rate-limit upload <bandwidth> + +  Upload bandwidth limit in kbit/s for `<user>`. + +.. cfgcmd:: set vpn sstp authentication protocols <pap | chap | mschap | mschap-v2>    Require the peer to authenticate itself using one of the following protocols:    pap, chap, mschap, mschap-v2. -.. cfgcmd:: set service sstp-server authentication mode <local | radius> +.. cfgcmd:: set vpn sstp authentication mode <local | radius>    Set authentication backend. The configured authentication backend is used    for all queries. @@ -82,61 +98,58 @@ Configuration    * **local**: All authentication queries are handled locally. -.. cfgcmd:: set service sstp-server network-settings client-ip-settings gateway-address <gateway> +.. cfgcmd:: set vpn sstp network-settings client-ip-settings gateway-address <gateway>    Specifies single `<gateway>` IP address to be used as local address of PPP    interfaces. -.. cfgcmd:: set service sstp-server network-settings client-ip-settings subnet <subnet> +.. cfgcmd:: set vpn sstp network-settings client-ip-settings subnet <subnet>    Use `<subnet>` as the IP pool for all connecting clients. -.. cfgcmd:: set service sstp-server network-settings dns-server primary-dns <address> - -  Connected client should use `<address>` as their primary DNS server. +.. cfgcmd:: set vpn sstp network-settings name-server <address> +  Connected client should use `<address>` as their DNS server. Up to two IPv4 +  nameservers can be configured. -.. cfgcmd:: set service sstp-server network-settings dns-server secondary-dns <address> - -  Connected client should use `<address>` as their secondary DNS server.  SSL Certificates  ---------------- -.. cfgcmd:: set service sstp-server sstp-settings ssl-certs ca <file> +.. cfgcmd:: set vpn sstp ssl ca-cert-file <file>    Path to `<file>` pointing to the certificate authority certificate. -.. cfgcmd:: set service sstp-server sstp-settings ssl-certs server-cert <file> +.. cfgcmd:: set vpn sstp ssl cert-file <file>    Path to `<file>` pointing to the servers certificate (public portion). -.. cfgcmd:: set service sstp-server sstp-settings ssl-certs server-key <file> +.. cfgcmd:: set vpn sstp ssl key-file <file>    Path to `<file>` pointing to the servers certificate (private portion).  PPP Settings  ------------ -.. cfgcmd:: set service sstp-server ppp-settings lcp-echo-failure <number> +.. cfgcmd:: set vpn sstp ppp-settings lcp-echo-failure <number>    Defines the maximum `<number>` of unanswered echo requests. Upon reaching the    value `<number>`, the session will be reset. -.. cfgcmd:: set service sstp-server ppp-settings lcp-echo-interval <interval> +.. cfgcmd:: set vpn sstp ppp-settings lcp-echo-interval <interval>    If this option is specified and is greater than 0, then the PPP module will    send LCP pings of the echo request every `<interval>` seconds. -.. cfgcmd:: set service sstp-server ppp-settings lcp-echo-timeout +.. cfgcmd:: set vpn sstp ppp-settings lcp-echo-timeout    Specifies timeout in seconds to wait for any peer activity. If this option    specified it turns on adaptive lcp echo functionality and "lcp-echo-failure"    is not used. -.. cfgcmd:: set service sstp-server ppp-settings mppe <require | prefer | deny> +.. cfgcmd:: set vpn sstp ppp-settings mppe <require | prefer | deny>    Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotioation    preference. @@ -156,107 +169,98 @@ RADIUS  Server  ^^^^^^ -.. cfgcmd:: set service sstp-server authentication radius-server <server> secret <secret> +.. cfgcmd:: set vpn sstp authentication radius server <server> port <port> -  Configure RADIUS `<server>` and its required shared `<secret>` for -  communicating with the RADIUS server. +  Configure RADIUS `<server>` and its required port for authentication requests. -.. cfgcmd:: set service sstp-server authentication radius-server <server> secret <secret> +.. cfgcmd:: set vpn sstp authentication radius server <server> key <secret>    Configure RADIUS `<server>` and its required shared `<secret>` for    communicating with the RADIUS server. -.. cfgcmd:: set service sstp-server authentication radius-server <server> fail-time <time> +.. cfgcmd:: set vpn sstp authentication radius server <server> fail-time <time>    Mark RADIUS server as offline for this given `<time>` in seconds. -.. cfgcmd:: set service sstp-server authentication radius-server <server> req-limit <limit> +.. cfgcmd:: set vpn sstp authentication radius server <server> disable -  Maximum number of simultaneous requests to RADIUS server, default is -  unlimited. +  Temporary disable this RADIUS server.  Options  ^^^^^^^ -.. cfgcmd:: set service sstp-server authentication radius-settings acct-timeout +.. cfgcmd:: set vpn sstp authentication radius acct-timeout <timeout>    Timeout to wait reply for Interim-Update packets. (default 3 seconds) - -.. cfgcmd:: set service sstp-server authentication radius-settings dae-server ip-address <address> +.. cfgcmd:: set vpn sstp authentication radius dynamic-author server <address>    Specifies IP address for Dynamic Authorization Extension server (DM/CoA) - -.. cfgcmd:: set service sstp-server authentication radius-settings dae-server port <port> +.. cfgcmd:: set vpn sstp authentication radius dynamic-author port <port>    Port for Dynamic Authorization Extension server (DM/CoA) - -.. cfgcmd:: set service sstp-server authentication radius-settings dae-server secret <secret> +.. cfgcmd:: set vpn sstp authentication radius dynamic-author key <secret>    Secret for Dynamic Authorization Extension server (DM/CoA) - -.. cfgcmd:: set service sstp-server authentication radius-settings max-try <number> +.. cfgcmd:: set vpn sstp authentication radius max-try <number>    Maximum number of tries to send Access-Request/Accounting-Request queries - -.. cfgcmd:: set service sstp-server authentication radius-settings timeout <timeout> +.. cfgcmd:: set vpn sstp authentication radius timeout <timeout>    Timeout to wait response from server (seconds) - -.. cfgcmd:: set service sstp-server authentication radius-settings nas-identifier <identifier> +.. cfgcmd:: set vpn sstp authentication radius nas-identifier <identifier>    Value to send to RADIUS server in NAS-Identifier attribute and to be matched    in DM/CoA requests. - -.. cfgcmd:: set service sstp-server authentication radius-settings nas-ip-address <address> +.. cfgcmd:: set vpn sstp authentication radius nas-ip-address <address>    Value to send to RADIUS server in NAS-IP-Address attribute and to be matched    in DM/CoA requests. Also DM/CoA server will bind to that address. +.. cfgcmd:: set vpn sstp authentication radius source-address <address> + +  Source IPv4 address used in all RADIUS server queires. -.. cfgcmd:: set service sstp-server authentication radius-settings rate-limit attribute <attribute> +.. cfgcmd:: set vpn sstp authentication radius rate-limit attribute <attribute>    Specifies which RADIUS server attribute contains the rate limit information.    The default attribute is `Filter-Id`. - -.. cfgcmd:: set service sstp-server authentication radius-settings rate-limit enable +.. cfgcmd:: set vpn sstp authentication radius rate-limit enable    Enables bandwidth shaping via RADIUS. - -.. cfgcmd:: set service sstp-server authentication radius-settings rate-limit vendor +.. cfgcmd:: set vpn sstp authentication radius rate-limit vendor    Specifies the vendor dictionary, dictionary needs to be in    /usr/share/accel-ppp/radius. -  Example  =======  * Use local user `foo` with password `bar` -* Client IP addresses will be provided from pool `192.0.2.0/24` +* Client IP addresses will be provided from pool `192.0.2.0/25` -Use <tab> to setup the ``set sstp-settings ssl-certs ...``, it automatically +Use <tab> to setup the ``set ssl...``, it automatically  looks for all files and directories in ``/config/user-data/sstp``.  .. code-block:: none -  set service sstp-server authentication local-users username foo password 'bar' -  set service sstp-server authentication mode 'local' -  set service sstp-server network-settings client-ip-settings gateway-address '192.0.2.0' -  set service sstp-server network-settings client-ip-settings subnet '192.0.2.0/24' -  set service sstp-server network-settings dns-server primary-dns '10.100.100.1' -  set service sstp-server network-settings dns-server secondary-dns '10.200.100.1' -  set service sstp-server sstp-settings ssl-certs ca 'ca.crt' -  set service sstp-server sstp-settings ssl-certs server-cert 'server.crt' -  set service sstp-server sstp-settings ssl-certs server-key 'server.key' +  set vpn sstp authentication local-users username foo password 'bar' +  set vpn sstp authentication mode 'local' +  set vpn sstp network-settings client-ip-settings gateway-address '192.0.2.254' +  set vpn sstp network-settings client-ip-settings subnet '192.0.2.0/25' +  set vpn sstp network-settings name-server '10.0.0.1' +  set vpn sstp network-settings name-server '10.0.0.2' +  set vpn sstp ssl ca-cert-file 'ca.crt' +  set vpn sstp ssl cert-file 'server.crt' +  set vpn sstp ssl key-file 'server.key'  .. include:: ../common-references.rst | 
