ipsec: T1210: add RADIUS authentication for remote-access IKEv2 VPN

set vpn ipsec remote-access connection rw authentication client-mode 'eap-radius'
set vpn ipsec remote-access connection rw authentication id '192.0.2.1'
set vpn ipsec remote-access connection rw authentication server-mode 'x509'
set vpn ipsec remote-access connection rw authentication x509 ca-certificate 'CAcert_Class_3_Root'
set vpn ipsec remote-access connection rw authentication x509 certificate 'vyos'
set vpn ipsec remote-access connection rw esp-group 'ESP-RW'
set vpn ipsec remote-access connection rw ike-group 'IKE-RW'
set vpn ipsec remote-access connection rw local-address '192.0.2.1'
set vpn ipsec remote-access connection rw pool 'ra-rw-ipv4'
set vpn ipsec remote-access connection rw unique 'never'

set vpn ipsec remote-access pool ra-rw-ipv4 name-server '192.0.2.2'
set vpn ipsec remote-access pool ra-rw-ipv4 prefix '192.168.22.0/24'

set vpn ipsec remote-access radius nas-identifier 'fooo'
set vpn ipsec remote-access radius server 172.16.100.10 key 'secret'

1 files changed, 4 insertions, 1 deletions

diff --git a/Makefile b/Makefile
index 32bc58be0..c8f6ac7c9 100644
--- a/Makefile
+++ b/Makefile
@@ -27,7 +27,10 @@ interface_definitions: $(config_xml_obj)
 	find $(BUILD_DIR)/interface-definitions -type f -name "*.xml" | xargs -I {} $(CURDIR)/scripts/build-command-templates {} $(CURDIR)/schema/interface_definition.rng $(TMPL_DIR) || exit 1
 
 	# XXX: delete top level node.def's that now live in other packages
-	rm -f $(TMPL_DIR)/firewall/node.def
+	# IPSec VPN EAP-RADIUS does not support source-address
+	rm -rf $(TMPL_DIR)/vpn/ipsec/remote-access/radius/source-address
+	# T3568: firewall is yet not migrated to XML and Python - this is only a dummy
+	rm -rf $(TMPL_DIR)/firewall/node.def
 	rm -rf $(TMPL_DIR)/nfirewall
 	# XXX: test if there are empty node.def files - this is not allowed as these
 	# could mask help strings or mandatory priority statements