From 97dc32e5cd761c58ac41e1101d740a00cadc6a24 Mon Sep 17 00:00:00 2001 From: aapostoliuk Date: Thu, 25 Jan 2024 16:13:49 +0200 Subject: T5971: Added PPP options documentation Added PPP options documentation (cherry picked from commit dd3537443d71b8a5481ad0e8fb1a8e4edd0ecb71) --- docs/configuration/vpn/l2tp.rst | 2 +- docs/configuration/vpn/sstp.rst | 71 ++++++++++++++++++++++++++++++++++++++--- 2 files changed, 68 insertions(+), 5 deletions(-) diff --git a/docs/configuration/vpn/l2tp.rst b/docs/configuration/vpn/l2tp.rst index 8e9bf0eb..f0724588 100644 --- a/docs/configuration/vpn/l2tp.rst +++ b/docs/configuration/vpn/l2tp.rst @@ -98,7 +98,7 @@ Below is an example to configure a LNS: set vpn l2tp remote-access client-ip-pool L2TP-POOL range 192.168.255.2-192.168.255.254 set vpn l2tp remote-access default-pool 'L2TP-POOL' set vpn l2tp remote-access lns shared-secret 'secret' - set vpn l2tp remote-access ccp-disable + set vpn l2tp remote-access ppp-options disable-ccp set vpn l2tp remote-access authentication mode local set vpn l2tp remote-access authentication local-users username test password 'test' diff --git a/docs/configuration/vpn/sstp.rst b/docs/configuration/vpn/sstp.rst index a0eabe2b..e3f0d32d 100644 --- a/docs/configuration/vpn/sstp.rst +++ b/docs/configuration/vpn/sstp.rst @@ -179,35 +179,98 @@ SSL Certificates PPP Settings ------------ +.. cfgcmd:: set vpn sstp ppp-options disable-ccp + + Disable Compression Control Protocol (CCP). + CCP is enabled by default. + +.. cfgcmd:: set vpn sstp ppp-options interface-cache + + Specifies number of interfaces to keep in cache. It means that don’t + destroy interface after corresponding session is destroyed, instead + place it to cache and use it later for new sessions repeatedly. + This should reduce kernel-level interface creation/deletion rate lack. + Default value is **0**. + +.. cfgcmd:: set vpn sstp ppp-options ipv4 + + Specifies IPv4 negotiation preference. + + * **require** - Require IPv4 negotiation + * **prefer** - Ask client for IPv4 negotiation, do not fail if it rejects + * **allow** - Negotiate IPv4 only if client requests (Default value) + * **deny** - Do not negotiate IPv4 + +.. cfgcmd:: set vpn sstp ppp-options ipv6 + + Specifies IPv6 negotiation preference. + + * **require** - Require IPv6 negotiation + * **prefer** - Ask client for IPv6 negotiation, do not fail if it rejects + * **allow** - Negotiate IPv6 only if client requests + * **deny** - Do not negotiate IPv6 (default value) + +.. cfgcmd:: set vpn sstp ppp-options ipv6-accept-peer-interface-id + + Accept peer interface identifier. By default is not defined. + +.. cfgcmd:: set vpn sstp ppp-options ipv6-interface-id + + Specifies fixed or random interface identifier for IPv6. + By default is fixed. + + * **random** - Random interface identifier for IPv6 + * **x:x:x:x** - Specify interface identifier for IPv6 + +.. cfgcmd:: set vpn sstp ppp-options ipv6-interface-id + + Specifies peer interface identifier for IPv6. By default is fixed. + + * **random** - Random interface identifier for IPv6 + * **x:x:x:x** - Specify interface identifier for IPv6 + * **ipv4-addr** - Calculate interface identifier from IPv4 address. + * **calling-sid** - Calculate interface identifier from calling-station-id. + .. cfgcmd:: set vpn sstp ppp-options lcp-echo-failure Defines the maximum `` of unanswered echo requests. Upon reaching the - value ``, the session will be reset. + value ``, the session will be reset. Default value is **3**. .. cfgcmd:: set vpn sstp ppp-options lcp-echo-interval If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `` seconds. + Default value is **30**. .. cfgcmd:: set vpn sstp ppp-options lcp-echo-timeout Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and "lcp-echo-failure" - is not used. + is not used. Default value is **0**. + +.. cfgcmd:: set vpn sstp ppp-options min-mtu + + Defines minimum acceptable MTU. If client will try to negotiate less then + specified MTU then it will be NAKed or disconnected if rejects greater MTU. + Default value is **100**. .. cfgcmd:: set vpn sstp ppp-options mppe - Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotioation + Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotiation preference. * **require** - ask client for mppe, if it rejects drop connection - * **prefer** - ask client for mppe, if it rejects don't fail + * **prefer** - ask client for mppe, if it rejects don't fail. (Default value) * **deny** - deny mppe Default behavior - don't ask client for mppe, but allow it if client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute. +.. cfgcmd:: set vpn sstp ppp-options mru + + Defines preferred MRU. By default is not defined. + RADIUS ------ -- cgit v1.2.3