summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorhagbard-01 <39653662+hagbard-01@users.noreply.github.com>2019-07-31 16:24:18 -0700
committerGitHub <noreply@github.com>2019-07-31 16:24:18 -0700
commita2463a19790aca536465ac0cc6c7079a47356271 (patch)
treeee5edcd03f5af897d195b596e2587ad961d3936d
parent93767c0fe4b87327b18ddd4aecb540596d38aaf1 (diff)
parent6781c4f1f38aed2bbf69ef4d3a8c92eea3946b17 (diff)
downloadvyos-1x-a2463a19790aca536465ac0cc6c7079a47356271.tar.gz
vyos-1x-a2463a19790aca536465ac0cc6c7079a47356271.zip
Merge pull request #95 from DmitriyEshenko/l2tp
T1555 Implementation shared-secret for LNS. Implementation command di…
-rw-r--r--interface-definitions/l2tp-server.xml18
-rwxr-xr-xsrc/conf_mode/accel_l2tp.py15
2 files changed, 32 insertions, 1 deletions
diff --git a/interface-definitions/l2tp-server.xml b/interface-definitions/l2tp-server.xml
index 797e5a812..d5b6a921b 100644
--- a/interface-definitions/l2tp-server.xml
+++ b/interface-definitions/l2tp-server.xml
@@ -67,6 +67,24 @@
</leafNode>
</children>
</node>
+ <node name="lns">
+ <properties>
+ <help>L2TP Network Server (LNS)</help>
+ </properties>
+ <children>
+ <leafNode name="shared-secret">
+ <properties>
+ <help>Tunnel password used to authenticate the client (LAC)</help>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <leafNode name="ccp-disable">
+ <properties>
+ <help>Disable Compression Control Protocol (CCP)</help>
+ <valueless />
+ </properties>
+ </leafNode>
<node name="ipsec-settings">
<properties>
<help>Internet Protocol Security (IPsec) for remote access L2TP VPN</help>
diff --git a/src/conf_mode/accel_l2tp.py b/src/conf_mode/accel_l2tp.py
index 5f0546d63..3a224974e 100755
--- a/src/conf_mode/accel_l2tp.py
+++ b/src/conf_mode/accel_l2tp.py
@@ -89,6 +89,9 @@ mppe={{authentication['mppe']}}
{% if outside_addr %}
bind={{outside_addr}}
{% endif %}
+{% if lns_shared_secret %}
+secret={{lns_shared_secret}}
+{% endif %}
[client-ip-range]
0.0.0.0/0
@@ -117,10 +120,13 @@ chap-secrets=/etc/accel-ppp/l2tp/chap-secrets
verbose=1
check-ip=1
single-session=replace
-{% if idle_timeout%}
+{% if idle_timeout %}
lcp-echo-timeout={{idle_timeout}}
{% endif %}
lcp-echo-interval=30
+{% if ccp_disable %}
+ccp=0
+{% endif %}
{% if authentication['mode'] == 'radius' %}
[radius]
@@ -383,6 +389,13 @@ def get_config():
if c.exists('idle'):
config_data['idle_timeout'] = c.return_value('idle')
+ ### LNS secret
+ if c.exists('lns shared-secret'):
+ config_data['lns_shared_secret'] = c.return_value('lns shared-secret')
+
+ if c.exists('ccp-disable'):
+ config_data['ccp_disable'] = True
+
return config_data
def verify(c):