summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-03-20 23:07:43 +0100
committerChristian Poessinger <christian@poessinger.com>2020-03-20 23:25:05 +0100
commita8920a1f13e6091355d33541802b1486c0cfa653 (patch)
tree8aa98337ce740f38bd0402c42dcfe384c45d9c3e
parent86e47301786da64a035156edd24ed2ec89918a49 (diff)
downloadvyos-1x-a8920a1f13e6091355d33541802b1486c0cfa653.tar.gz
vyos-1x-a8920a1f13e6091355d33541802b1486c0cfa653.zip
sstp: T2008: remove req-limit config node
Limiting the amount of requests passed to a server seems to be the wrong way to tackle a problem.
-rw-r--r--interface-definitions/vpn-sstp.xml.in5
-rwxr-xr-xsrc/conf_mode/vpn_sstp.py8
-rwxr-xr-xsrc/migration-scripts/sstp/0-to-15
3 files changed, 3 insertions, 15 deletions
diff --git a/interface-definitions/vpn-sstp.xml.in b/interface-definitions/vpn-sstp.xml.in
index 1508c3313..bb851608c 100644
--- a/interface-definitions/vpn-sstp.xml.in
+++ b/interface-definitions/vpn-sstp.xml.in
@@ -118,11 +118,6 @@
<children>
<tagNode name="server">
<children>
- <leafNode name="req-limit">
- <properties>
- <help>Maximum number of simultaneous requests to server (default: unlimited)</help>
- </properties>
- </leafNode>
<leafNode name="fail-time">
<properties>
<help>If server does not responds mark it as unavailable for this time (seconds)</help>
diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py
index e8c5155dd..09de7d112 100755
--- a/src/conf_mode/vpn_sstp.py
+++ b/src/conf_mode/vpn_sstp.py
@@ -100,7 +100,7 @@ chap-secrets=/etc/accel-ppp/sstp/chap-secrets
[radius]
verbose=1
{% for r in radius_server %}
-server={{ r.server }},{{ r.key }},auth-port={{ r.port }},req-limit={{ r.req_limit }},fail-time={{ r.fail_time }}
+server={{ r.server }},{{ r.key }},auth-port={{ r.port }},req-limit=0,fail-time={{ r.fail_time }}
{% endfor -%}
acct-timeout={{ radius_acct_tmo }}
@@ -286,8 +286,7 @@ def get_config():
'server' : server,
'key' : '',
'fail_time' : 0,
- 'port' : '1812',
- 'req_limit' : 0
+ 'port' : '1812'
}
conf.set_level(base_path + ['authentication', 'radius', 'server', server])
@@ -298,9 +297,6 @@ def get_config():
if conf.exists(['port']):
radius['port'] = conf.return_value(['port'])
- if conf.exists(['req-limit']):
- radius['req_limit'] = conf.return_value(['req-limit'])
-
if conf.exists(['key']):
radius['key'] = conf.return_value(['key'])
diff --git a/src/migration-scripts/sstp/0-to-1 b/src/migration-scripts/sstp/0-to-1
index 652a2662f..2edf76a56 100755
--- a/src/migration-scripts/sstp/0-to-1
+++ b/src/migration-scripts/sstp/0-to-1
@@ -20,6 +20,7 @@
# - migrate RADIUS configuration to a more uniform syntax accross the system
# - authentication radius-server x.x.x.x to authentication radius server x.x.x.x
# - authentication radius-settings to authentication radius
+# - do not migrate radius server req-limit, use default of unlimited
import os
import sys
@@ -101,10 +102,6 @@ else:
tmp = config.return_value(base + ['fail-time'])
config.set(new + ['fail-time'], value=tmp)
- if config.exists(base + ['req-limit']):
- tmp = config.return_value(base + ['req-limit'])
- config.set(new + ['req-limit'], value=tmp)
-
config.set_tag(new_base + ['authentication', 'radius', 'server'])
config.delete(radius_server)