summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
authorJamie Austin <jamiea@opusv.com.au>2023-01-27 17:32:29 +1100
committerJamie Austin <jamieaustinprogramming@gmail.com>2023-01-28 15:11:07 +1100
commite61f7abdb2136d8dfbf73729dbc14c3b5ab2ecba (patch)
treef045fe1092ecbb3d5d8366dfb647e15de8572d59 /interface-definitions
parente6023a3c710a84c12f9ce51d41af21120bb44e5a (diff)
downloadvyos-1x-e61f7abdb2136d8dfbf73729dbc14c3b5ab2ecba.tar.gz
vyos-1x-e61f7abdb2136d8dfbf73729dbc14c3b5ab2ecba.zip
T4958: ocserv: openconnect: adds support for configuring RADIUS accounting
Adds CLI configuration options to configure RADIUS accounting for OpenConnect VPN sessions. This functionality cannot be used outside of the RADIUS OpenConnect VPN authentication mode
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/include/radius-acct-server-ipv4.xml.i26
-rw-r--r--interface-definitions/include/radius-auth-server-ipv4.xml.i (renamed from interface-definitions/include/radius-server-ipv4.xml.i)4
-rw-r--r--interface-definitions/include/radius-server-acct-port.xml.i15
-rw-r--r--interface-definitions/include/radius-server-auth-port.xml.i (renamed from interface-definitions/include/radius-server-port.xml.i)2
-rw-r--r--interface-definitions/include/radius-server-ipv4-ipv6.xml.i2
-rw-r--r--interface-definitions/interfaces-wireless.xml.in2
-rw-r--r--interface-definitions/service-ipoe-server.xml.in2
-rw-r--r--interface-definitions/service-pppoe-server.xml.in2
-rw-r--r--interface-definitions/vpn-ipsec.xml.in2
-rw-r--r--interface-definitions/vpn-l2tp.xml.in2
-rw-r--r--interface-definitions/vpn-openconnect.xml.in23
-rw-r--r--interface-definitions/vpn-pptp.xml.in2
-rw-r--r--interface-definitions/vpn-sstp.xml.in2
13 files changed, 74 insertions, 12 deletions
diff --git a/interface-definitions/include/radius-acct-server-ipv4.xml.i b/interface-definitions/include/radius-acct-server-ipv4.xml.i
new file mode 100644
index 000000000..9365aa8e9
--- /dev/null
+++ b/interface-definitions/include/radius-acct-server-ipv4.xml.i
@@ -0,0 +1,26 @@
+<!-- include start from radius-acct-server-ipv4.xml.i -->
+<node name="radius">
+ <properties>
+ <help>RADIUS accounting for users OpenConnect VPN sessions OpenConnect authentication mode radius</help>
+ </properties>
+ <children>
+ <tagNode name="server">
+ <properties>
+ <help>RADIUS server configuration</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>RADIUS server IPv4 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ <children>
+ #include <include/generic-disable-node.xml.i>
+ #include <include/radius-server-key.xml.i>
+ #include <include/radius-server-acct-port.xml.i>
+ </children>
+ </tagNode>
+ </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/include/radius-server-ipv4.xml.i b/interface-definitions/include/radius-auth-server-ipv4.xml.i
index ab4c8e10e..dc6f4d878 100644
--- a/interface-definitions/include/radius-server-ipv4.xml.i
+++ b/interface-definitions/include/radius-auth-server-ipv4.xml.i
@@ -1,4 +1,4 @@
-<!-- include start from radius-server-ipv4.xml.i -->
+<!-- include start from radius-auth-server-ipv4.xml.i -->
<node name="radius">
<properties>
<help>RADIUS based user authentication</help>
@@ -19,7 +19,7 @@
<children>
#include <include/generic-disable-node.xml.i>
#include <include/radius-server-key.xml.i>
- #include <include/radius-server-port.xml.i>
+ #include <include/radius-server-auth-port.xml.i>
</children>
</tagNode>
</children>
diff --git a/interface-definitions/include/radius-server-acct-port.xml.i b/interface-definitions/include/radius-server-acct-port.xml.i
new file mode 100644
index 000000000..0b356fa18
--- /dev/null
+++ b/interface-definitions/include/radius-server-acct-port.xml.i
@@ -0,0 +1,15 @@
+<!-- include start from radius-server-acct-port.xml.i -->
+<leafNode name="port">
+ <properties>
+ <help>Accounting port</help>
+ <valueHelp>
+ <format>u32:1-65535</format>
+ <description>Numeric IP port</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-65535"/>
+ </constraint>
+ </properties>
+ <defaultValue>1813</defaultValue>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/radius-server-port.xml.i b/interface-definitions/include/radius-server-auth-port.xml.i
index c6b691a0f..660fa540f 100644
--- a/interface-definitions/include/radius-server-port.xml.i
+++ b/interface-definitions/include/radius-server-auth-port.xml.i
@@ -1,4 +1,4 @@
-<!-- include start from radius-server-port.xml.i -->
+<!-- include start from radius-server-auth-port.xml.i -->
<leafNode name="port">
<properties>
<help>Authentication port</help>
diff --git a/interface-definitions/include/radius-server-ipv4-ipv6.xml.i b/interface-definitions/include/radius-server-ipv4-ipv6.xml.i
index 5b12bec62..c593512b4 100644
--- a/interface-definitions/include/radius-server-ipv4-ipv6.xml.i
+++ b/interface-definitions/include/radius-server-ipv4-ipv6.xml.i
@@ -23,7 +23,7 @@
<children>
#include <include/generic-disable-node.xml.i>
#include <include/radius-server-key.xml.i>
- #include <include/radius-server-port.xml.i>
+ #include <include/radius-server-auth-port.xml.i>
</children>
</tagNode>
<leafNode name="source-address">
diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in
index aff5071b2..a9538d577 100644
--- a/interface-definitions/interfaces-wireless.xml.in
+++ b/interface-definitions/interfaces-wireless.xml.in
@@ -725,7 +725,7 @@
<constraintErrorMessage>Invalid WPA pass phrase, must be 8 to 63 printable characters!</constraintErrorMessage>
</properties>
</leafNode>
- #include <include/radius-server-ipv4.xml.i>
+ #include <include/radius-auth-server-ipv4.xml.i>
<node name="radius">
<children>
<tagNode name="server">
diff --git a/interface-definitions/service-ipoe-server.xml.in b/interface-definitions/service-ipoe-server.xml.in
index ef8569437..d778f9de0 100644
--- a/interface-definitions/service-ipoe-server.xml.in
+++ b/interface-definitions/service-ipoe-server.xml.in
@@ -220,7 +220,7 @@
#include <include/accel-ppp/radius-additions-rate-limit.xml.i>
</children>
</node>
- #include <include/radius-server-ipv4.xml.i>
+ #include <include/radius-auth-server-ipv4.xml.i>
#include <include/accel-ppp/radius-additions.xml.i>
</children>
</node>
diff --git a/interface-definitions/service-pppoe-server.xml.in b/interface-definitions/service-pppoe-server.xml.in
index 47ad96582..68592b96b 100644
--- a/interface-definitions/service-pppoe-server.xml.in
+++ b/interface-definitions/service-pppoe-server.xml.in
@@ -20,7 +20,7 @@
#include <include/accel-ppp/auth-local-users.xml.i>
#include <include/accel-ppp/auth-mode.xml.i>
#include <include/accel-ppp/auth-protocols.xml.i>
- #include <include/radius-server-ipv4.xml.i>
+ #include <include/radius-auth-server-ipv4.xml.i>
#include <include/accel-ppp/radius-additions.xml.i>
<node name="radius">
<children>
diff --git a/interface-definitions/vpn-ipsec.xml.in b/interface-definitions/vpn-ipsec.xml.in
index fa12d999c..4bb9ad145 100644
--- a/interface-definitions/vpn-ipsec.xml.in
+++ b/interface-definitions/vpn-ipsec.xml.in
@@ -923,7 +923,7 @@
#include <include/name-server-ipv4-ipv6.xml.i>
</children>
</tagNode>
- #include <include/radius-server-ipv4.xml.i>
+ #include <include/radius-auth-server-ipv4.xml.i>
<node name="radius">
<children>
#include <include/radius-nas-identifier.xml.i>
diff --git a/interface-definitions/vpn-l2tp.xml.in b/interface-definitions/vpn-l2tp.xml.in
index 86aeb324e..0a92017bd 100644
--- a/interface-definitions/vpn-l2tp.xml.in
+++ b/interface-definitions/vpn-l2tp.xml.in
@@ -178,7 +178,7 @@
#include <include/accel-ppp/ppp-mppe.xml.i>
#include <include/accel-ppp/auth-mode.xml.i>
#include <include/accel-ppp/auth-local-users.xml.i>
- #include <include/radius-server-ipv4.xml.i>
+ #include <include/radius-auth-server-ipv4.xml.i>
<node name="radius">
<children>
<tagNode name="server">
diff --git a/interface-definitions/vpn-openconnect.xml.in b/interface-definitions/vpn-openconnect.xml.in
index 82fe2bbc9..a426f604d 100644
--- a/interface-definitions/vpn-openconnect.xml.in
+++ b/interface-definitions/vpn-openconnect.xml.in
@@ -8,6 +8,27 @@
<priority>901</priority>
</properties>
<children>
+ <node name="accounting">
+ <properties>
+ <help>Accounting for users OpenConnect VPN Sessions</help>
+ </properties>
+ <children>
+ <node name="mode">
+ <properties>
+ <help>Accounting mode used by this server</help>
+ </properties>
+ <children>
+ <leafNode name="radius">
+ <properties>
+ <help>Use RADIUS server for accounting</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ #include <include/radius-acct-server-ipv4.xml.i>
+ </children>
+ </node>
<node name="authentication">
<properties>
<help>Authentication for remote access SSL VPN Server</help>
@@ -137,7 +158,7 @@
</tagNode>
</children>
</node>
- #include <include/radius-server-ipv4.xml.i>
+ #include <include/radius-auth-server-ipv4.xml.i>
<node name="radius">
<children>
#include <include/radius-timeout.xml.i>
diff --git a/interface-definitions/vpn-pptp.xml.in b/interface-definitions/vpn-pptp.xml.in
index 5e52965fd..00ffd26f9 100644
--- a/interface-definitions/vpn-pptp.xml.in
+++ b/interface-definitions/vpn-pptp.xml.in
@@ -108,7 +108,7 @@
</tagNode>
</children>
</node>
- #include <include/radius-server-ipv4.xml.i>
+ #include <include/radius-auth-server-ipv4.xml.i>
#include <include/accel-ppp/radius-additions.xml.i>
#include <include/accel-ppp/radius-additions-rate-limit.xml.i>
</children>
diff --git a/interface-definitions/vpn-sstp.xml.in b/interface-definitions/vpn-sstp.xml.in
index 195d581df..9e912063f 100644
--- a/interface-definitions/vpn-sstp.xml.in
+++ b/interface-definitions/vpn-sstp.xml.in
@@ -16,7 +16,7 @@
#include <include/accel-ppp/auth-local-users.xml.i>
#include <include/accel-ppp/auth-mode.xml.i>
#include <include/accel-ppp/auth-protocols.xml.i>
- #include <include/radius-server-ipv4.xml.i>
+ #include <include/radius-auth-server-ipv4.xml.i>
#include <include/accel-ppp/radius-additions.xml.i>
<node name="radius">
<children>
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-15 17:31:07 +0000