summaryrefslogtreecommitdiff
path: root/interface-definitions/vpn-openconnect.xml.in
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-12-30 23:25:20 +0100
committerChristian Breunig <christian@breunig.cc>2024-01-01 09:25:32 +0100
commitc9eaafd9f808aba8d29be73054e11d37577e539a (patch)
treeaeccfda0a305cf6aca41630900e75bd32961a911 /interface-definitions/vpn-openconnect.xml.in
parent2078253176046ea4d07e69caeb7932ea439b5614 (diff)
downloadvyos-1x-c9eaafd9f808aba8d29be73054e11d37577e539a.tar.gz
vyos-1x-c9eaafd9f808aba8d29be73054e11d37577e539a.zip
T5474: establish common file name pattern for XML conf mode commands
We will use _ as CLI level divider. The XML definition filename and also the Python helper should match the CLI node. Example: set interfaces ethernet -> interfaces_ethernet.xml.in set interfaces bond -> interfaces_bond.xml.in set service dhcp-server -> service_dhcp-server-xml.in (cherry picked from commit 4ef110fd2c501b718344c72d495ad7e16d2bd465)
Diffstat (limited to 'interface-definitions/vpn-openconnect.xml.in')
-rw-r--r--interface-definitions/vpn-openconnect.xml.in392
1 files changed, 0 insertions, 392 deletions
diff --git a/interface-definitions/vpn-openconnect.xml.in b/interface-definitions/vpn-openconnect.xml.in
deleted file mode 100644
index 736084f8b..000000000
--- a/interface-definitions/vpn-openconnect.xml.in
+++ /dev/null
@@ -1,392 +0,0 @@
-<?xml version="1.0"?>
-<interfaceDefinition>
- <node name="vpn">
- <children>
- <node name="openconnect" owner="${vyos_conf_scripts_dir}/vpn_openconnect.py">
- <properties>
- <help>SSL VPN OpenConnect, AnyConnect compatible server</help>
- <priority>901</priority>
- </properties>
- <children>
- <node name="accounting">
- <properties>
- <help>Accounting for users OpenConnect VPN Sessions</help>
- </properties>
- <children>
- <node name="mode">
- <properties>
- <help>Accounting mode used by this server</help>
- </properties>
- <children>
- <leafNode name="radius">
- <properties>
- <help>Use RADIUS server for accounting</help>
- <valueless/>
- </properties>
- </leafNode>
- </children>
- </node>
- #include <include/radius-acct-server-ipv4.xml.i>
- </children>
- </node>
- <node name="authentication">
- <properties>
- <help>Authentication for remote access SSL VPN Server</help>
- </properties>
- <children>
- <node name="mode">
- <properties>
- <help>Authentication mode used by this server</help>
- </properties>
- <children>
- <leafNode name="local">
- <properties>
- <help>Use local username/password configuration (OTP supported)</help>
- <valueHelp>
- <format>password</format>
- <description>Password-only local authentication</description>
- </valueHelp>
- <valueHelp>
- <format>otp</format>
- <description>OTP-only local authentication</description>
- </valueHelp>
- <valueHelp>
- <format>password-otp</format>
- <description>Password (first) + OTP local authentication</description>
- </valueHelp>
- <constraint>
- <regex>(password|otp|password-otp)</regex>
- </constraint>
- <constraintErrorMessage>Invalid authentication mode. Must be one of: password, otp or password-otp </constraintErrorMessage>
- <completionHelp>
- <list>otp password password-otp</list>
- </completionHelp>
- </properties>
- </leafNode>
- <leafNode name="radius">
- <properties>
- <help>Use RADIUS server for user autentication</help>
- <valueless/>
- </properties>
- </leafNode>
- </children>
- </node>
- <node name="identity-based-config">
- <properties>
- <help>Include configuration file by username or RADIUS group attribute</help>
- </properties>
- <children>
- #include <include/generic-disable-node.xml.i>
- <leafNode name="mode">
- <properties>
- <help>Select per user or per group configuration file - ignored if authentication group is configured</help>
- <completionHelp>
- <list>user group</list>
- </completionHelp>
- <valueHelp>
- <format>user</format>
- <description>Match configuration file on username</description>
- </valueHelp>
- <valueHelp>
- <format>group</format>
- <description>Match RADIUS response class attribute as file name</description>
- </valueHelp>
- <constraint>
- <regex>(user|group)</regex>
- </constraint>
- <constraintErrorMessage>Invalid mode, must be either user or group</constraintErrorMessage>
- </properties>
- </leafNode>
- <leafNode name="directory">
- <properties>
- <help>Directory to containing configuration files</help>
- <valueHelp>
- <format>path</format>
- <description>Path to configuration directory, must be under /config/auth</description>
- </valueHelp>
- <constraint>
- <validator name="file-path" argument="--directory --parent-dir /config/auth --strict"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="default-config">
- <properties>
- <help>Default configuration if discrete config could not be found</help>
- <valueHelp>
- <format>filename</format>
- <description>Default configuration filename, must be under /config/auth</description>
- </valueHelp>
- <constraint>
- <validator name="file-path" argument="--file --parent-dir /config/auth --strict"/>
- </constraint>
- </properties>
- </leafNode>
- </children>
- </node>
- <leafNode name="group">
- <properties>
- <help>Group that a client is allowed to select (from a list). Maps to RADIUS Class attribute.</help>
- <valueHelp>
- <format>txt</format>
- <description>Group string. The group may be followed by a user-friendly name in brackets: group1[First Group]</description>
- </valueHelp>
- <multi/>
- </properties>
- </leafNode>
- #include <include/auth-local-users.xml.i>
- <node name="local-users">
- <children>
- <tagNode name="username">
- <children>
- <node name="otp">
- <properties>
- <help>2FA OTP authentication parameters</help>
- </properties>
- <children>
- <leafNode name="key">
- <properties>
- <help>Token Key Secret key for the token algorithm (see RFC 4226)</help>
- <valueHelp>
- <format>txt</format>
- <description>OTP key in hex-encoded format</description>
- </valueHelp>
- <constraint>
- <regex>[a-fA-F0-9]{20,10000}</regex>
- </constraint>
- <constraintErrorMessage>Key name must only include hex characters and be at least 20 characters long</constraintErrorMessage>
- </properties>
- </leafNode>
- <leafNode name="otp-length">
- <properties>
- <help>Number of digits in OTP code</help>
- <valueHelp>
- <format>u32:6-8</format>
- <description>Number of digits in OTP code</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 6-8"/>
- </constraint>
- <constraintErrorMessage>Number of digits in OTP code must be between 6 and 8</constraintErrorMessage>
- </properties>
- <defaultValue>6</defaultValue>
- </leafNode>
- <leafNode name="interval">
- <properties>
- <help>Time tokens interval in seconds</help>
- <valueHelp>
- <format>u32:5-86400</format>
- <description>Time tokens interval in seconds.</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 5-86400"/>
- </constraint>
- <constraintErrorMessage>Time token interval must be between 5 and 86400 seconds</constraintErrorMessage>
- </properties>
- <defaultValue>30</defaultValue>
- </leafNode>
- <leafNode name="token-type">
- <properties>
- <help>Token type</help>
- <valueHelp>
- <format>hotp-time</format>
- <description>Time-based OTP algorithm</description>
- </valueHelp>
- <valueHelp>
- <format>hotp-event</format>
- <description>Event-based OTP algorithm</description>
- </valueHelp>
- <constraint>
- <regex>(hotp-time|hotp-event)</regex>
- </constraint>
- <completionHelp>
- <list>hotp-time hotp-event</list>
- </completionHelp>
- </properties>
- <defaultValue>hotp-time</defaultValue>
- </leafNode>
- </children>
- </node>
- </children>
- </tagNode>
- </children>
- </node>
- #include <include/radius-auth-server-ipv4.xml.i>
- <node name="radius">
- <children>
- #include <include/radius-timeout.xml.i>
- <leafNode name="groupconfig">
- <properties>
- <help>If the groupconfig option is set, then config-per-user will be overriden, and all configuration will be read from RADIUS.</help>
- </properties>
- </leafNode>
- </children>
- </node>
- </children>
- </node>
- #include <include/listen-address-ipv4-single.xml.i>
- <leafNode name="listen-address">
- <defaultValue>0.0.0.0</defaultValue>
- </leafNode>
- <node name="listen-ports">
- <properties>
- <help>Specify custom ports to use for client connections</help>
- </properties>
- <children>
- <leafNode name="tcp">
- <properties>
- <help>tcp port number to accept connections</help>
- <valueHelp>
- <format>u32:1-65535</format>
- <description>Numeric IP port</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-65535"/>
- </constraint>
- </properties>
- <defaultValue>443</defaultValue>
- </leafNode>
- <leafNode name="udp">
- <properties>
- <help>udp port number to accept connections</help>
- <valueHelp>
- <format>u32:1-65535</format>
- <description>Numeric IP port</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-65535"/>
- </constraint>
- </properties>
- <defaultValue>443</defaultValue>
- </leafNode>
- </children>
- </node>
- <leafNode name="http-security-headers">
- <properties>
- <help>Enable HTTP security headers</help>
- <valueless/>
- </properties>
- </leafNode>
- <node name="ssl">
- <properties>
- <help>SSL Certificate, SSL Key and CA</help>
- </properties>
- <children>
- #include <include/pki/ca-certificate.xml.i>
- #include <include/pki/certificate-key.xml.i>
- </children>
- </node>
- <node name="network-settings">
- <properties>
- <help>Network settings</help>
- </properties>
- <children>
- <leafNode name="push-route">
- <properties>
- <help>Route to be pushed to the client</help>
- <valueHelp>
- <format>ipv4net</format>
- <description>IPv4 network and prefix length</description>
- </valueHelp>
- <valueHelp>
- <format>ipv6net</format>
- <description>IPv6 network and prefix length</description>
- </valueHelp>
- <constraint>
- <validator name="ip-prefix"/>
- </constraint>
- <multi/>
- </properties>
- </leafNode>
- <node name="client-ip-settings">
- <properties>
- <help>Client IP pools settings</help>
- </properties>
- <children>
- <leafNode name="subnet">
- <properties>
- <help>Client IP subnet (CIDR notation)</help>
- <valueHelp>
- <format>ipv4net</format>
- <description>IPv4 address and prefix length</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-prefix"/>
- </constraint>
- <constraintErrorMessage>Not a valid CIDR formatted prefix</constraintErrorMessage>
- </properties>
- </leafNode>
- </children>
- </node>
- <node name="client-ipv6-pool">
- <properties>
- <help>Pool of client IPv6 addresses</help>
- </properties>
- <children>
- <leafNode name="prefix">
- <properties>
- <help>Pool of addresses used to assign to clients</help>
- <valueHelp>
- <format>ipv6net</format>
- <description>IPv6 address and prefix length</description>
- </valueHelp>
- <constraint>
- <validator name="ipv6-prefix"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="mask">
- <properties>
- <help>Prefix length used for individual client</help>
- <valueHelp>
- <format>u32:48-128</format>
- <description>Client prefix length</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 48-128"/>
- </constraint>
- </properties>
- <defaultValue>64</defaultValue>
- </leafNode>
- </children>
- </node>
- #include <include/name-server-ipv4-ipv6.xml.i>
- <leafNode name="split-dns">
- <properties>
- <help>Domains over which the provided DNS should be used</help>
- <valueHelp>
- <format>txt</format>
- <description>Client prefix length</description>
- </valueHelp>
- <constraint>
- <validator name="fqdn"/>
- </constraint>
- <multi/>
- </properties>
- </leafNode>
- <leafNode name="tunnel-all-dns">
- <properties>
- <help>If the tunnel-all-dns option is set to yes, tunnel all DNS queries via the VPN. This is the default when a default route is set.</help>
- <completionHelp>
- <list>yes no</list>
- </completionHelp>
- <valueHelp>
- <format>yes</format>
- <description>Enable tunneling of all DNS traffic</description>
- </valueHelp>
- <valueHelp>
- <format>no</format>
- <description>Disable tunneling of all DNS traffic</description>
- </valueHelp>
- <constraint>
- <regex>(yes|no)</regex>
- </constraint>
- </properties>
- <defaultValue>no</defaultValue>
- </leafNode>
- </children>
- </node>
- </children>
- </node>
- </children>
-</node>
-</interfaceDefinition>
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-19 04:59:22 +0000