summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
authoraapostoliuk <a.apostoliuk@vyos.io>2024-02-07 12:26:49 +0200
committeraapostoliuk <a.apostoliuk@vyos.io>2024-02-07 18:54:03 +0200
commit018110200c9a82815dd5d0510f0732d7159c0d59 (patch)
tree7a7ee8db5ad7a565562686e16850d2761f7ed048 /interface-definitions
parent630a242cecaefb576513ecdc4e944bfc63515982 (diff)
downloadvyos-1x-018110200c9a82815dd5d0510f0732d7159c0d59.tar.gz
vyos-1x-018110200c9a82815dd5d0510f0732d7159c0d59.zip
T5960: Rewritten authentication node in PPTP to a single view
Rewritten authentication node in accel-ppp services to a single view. In particular - PPTP authentication.
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/include/version/pptp-version.xml.i2
-rw-r--r--interface-definitions/service_ipoe-server.xml.in150
-rw-r--r--interface-definitions/vpn_l2tp.xml.in34
-rw-r--r--interface-definitions/vpn_pptp.xml.in96
4 files changed, 110 insertions, 172 deletions
diff --git a/interface-definitions/include/version/pptp-version.xml.i b/interface-definitions/include/version/pptp-version.xml.i
index 3e1482ecc..a877d77ff 100644
--- a/interface-definitions/include/version/pptp-version.xml.i
+++ b/interface-definitions/include/version/pptp-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/pptp-version.xml.i -->
-<syntaxVersion component='pptp' version='4'></syntaxVersion>
+<syntaxVersion component='pptp' version='5'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/service_ipoe-server.xml.in b/interface-definitions/service_ipoe-server.xml.in
index eeec2aeef..23d6e54d1 100644
--- a/interface-definitions/service_ipoe-server.xml.in
+++ b/interface-definitions/service_ipoe-server.xml.in
@@ -8,6 +8,81 @@
<priority>900</priority>
</properties>
<children>
+ <node name="authentication">
+ <properties>
+ <help>Client authentication methods</help>
+ </properties>
+ <children>
+ #include <include/accel-ppp/auth-mode.xml.i>
+ <tagNode name="interface">
+ <properties>
+ <help>Network interface for client MAC addresses</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_interfaces</script>
+ </completionHelp>
+ </properties>
+ <children>
+ <tagNode name="mac">
+ <properties>
+ <help>Media Access Control (MAC) address</help>
+ <valueHelp>
+ <format>macaddr</format>
+ <description>Hardware (MAC) address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="mac-address"/>
+ </constraint>
+ </properties>
+ <children>
+ <node name="rate-limit">
+ <properties>
+ <help>Upload/Download speed limits</help>
+ </properties>
+ <children>
+ <leafNode name="upload">
+ <properties>
+ <help>Upload bandwidth limit in kbits/sec</help>
+ <constraint>
+ <validator name="numeric" argument="--range 1-4294967295"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="download">
+ <properties>
+ <help>Download bandwidth limit in kbits/sec</help>
+ <constraint>
+ <validator name="numeric" argument="--range 1-4294967295"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <leafNode name="vlan">
+ <properties>
+ <help>VLAN monitor for automatic creation of VLAN interfaces</help>
+ <valueHelp>
+ <format>u32:1-4094</format>
+ <description>Client VLAN id</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-4094"/>
+ </constraint>
+ <constraintErrorMessage>VLAN IDs need to be in range 1-4094</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </tagNode>
+ #include <include/radius-auth-server-ipv4.xml.i>
+ #include <include/accel-ppp/radius-additions.xml.i>
+ <node name="radius">
+ <children>
+ #include <include/accel-ppp/radius-additions-rate-limit.xml.i>
+ </children>
+ </node>
+ </children>
+ </node>
<tagNode name="interface">
<properties>
<help>Interface to listen dhcp or unclassified packets</help>
@@ -107,81 +182,6 @@
#include <include/accel-ppp/client-ip-pool.xml.i>
#include <include/accel-ppp/gateway-address-multi.xml.i>
#include <include/accel-ppp/client-ipv6-pool.xml.i>
- <node name="authentication">
- <properties>
- <help>Client authentication methods</help>
- </properties>
- <children>
- #include <include/accel-ppp/auth-mode.xml.i>
- <tagNode name="interface">
- <properties>
- <help>Network interface for client MAC addresses</help>
- <completionHelp>
- <script>${vyos_completion_dir}/list_interfaces</script>
- </completionHelp>
- </properties>
- <children>
- <tagNode name="mac">
- <properties>
- <help>Media Access Control (MAC) address</help>
- <valueHelp>
- <format>macaddr</format>
- <description>Hardware (MAC) address</description>
- </valueHelp>
- <constraint>
- <validator name="mac-address"/>
- </constraint>
- </properties>
- <children>
- <node name="rate-limit">
- <properties>
- <help>Upload/Download speed limits</help>
- </properties>
- <children>
- <leafNode name="upload">
- <properties>
- <help>Upload bandwidth limit in kbits/sec</help>
- <constraint>
- <validator name="numeric" argument="--range 1-65535"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="download">
- <properties>
- <help>Download bandwidth limit in kbits/sec</help>
- <constraint>
- <validator name="numeric" argument="--range 1-65535"/>
- </constraint>
- </properties>
- </leafNode>
- </children>
- </node>
- <leafNode name="vlan">
- <properties>
- <help>VLAN monitor for automatic creation of VLAN interfaces</help>
- <valueHelp>
- <format>u32:1-4094</format>
- <description>Client VLAN id</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-4094"/>
- </constraint>
- <constraintErrorMessage>VLAN IDs need to be in range 1-4094</constraintErrorMessage>
- </properties>
- </leafNode>
- </children>
- </tagNode>
- </children>
- </tagNode>
- <node name="radius">
- <children>
- #include <include/accel-ppp/radius-additions-rate-limit.xml.i>
- </children>
- </node>
- #include <include/radius-auth-server-ipv4.xml.i>
- #include <include/accel-ppp/radius-additions.xml.i>
- </children>
- </node>
#include <include/accel-ppp/default-pool.xml.i>
#include <include/accel-ppp/default-ipv6-pool.xml.i>
</children>
diff --git a/interface-definitions/vpn_l2tp.xml.in b/interface-definitions/vpn_l2tp.xml.in
index 942690bca..6148e3269 100644
--- a/interface-definitions/vpn_l2tp.xml.in
+++ b/interface-definitions/vpn_l2tp.xml.in
@@ -13,6 +13,23 @@
<help>Remote access L2TP VPN</help>
</properties>
<children>
+ <node name="authentication">
+ <properties>
+ <help>Authentication for remote access L2TP VPN</help>
+ </properties>
+ <children>
+ #include <include/accel-ppp/auth-local-users.xml.i>
+ #include <include/accel-ppp/auth-mode.xml.i>
+ #include <include/accel-ppp/auth-protocols.xml.i>
+ #include <include/radius-auth-server-ipv4.xml.i>
+ #include <include/accel-ppp/radius-additions.xml.i>
+ <node name="radius">
+ <children>
+ #include <include/accel-ppp/radius-additions-rate-limit.xml.i>
+ </children>
+ </node>
+ </children>
+ </node>
#include <include/accel-ppp/max-concurrent-sessions.xml.i>
#include <include/accel-ppp/mtu-128-16384.xml.i>
<leafNode name="mtu">
@@ -117,23 +134,6 @@
#include <include/accel-ppp/client-ipv6-pool.xml.i>
#include <include/generic-description.xml.i>
#include <include/dhcp-interface.xml.i>
- <node name="authentication">
- <properties>
- <help>Authentication for remote access L2TP VPN</help>
- </properties>
- <children>
- #include <include/accel-ppp/auth-protocols.xml.i>
- #include <include/accel-ppp/auth-mode.xml.i>
- #include <include/accel-ppp/auth-local-users.xml.i>
- #include <include/radius-auth-server-ipv4.xml.i>
- #include <include/accel-ppp/radius-additions.xml.i>
- <node name="radius">
- <children>
- #include <include/accel-ppp/radius-additions-rate-limit.xml.i>
- </children>
- </node>
- </children>
- </node>
#include <include/accel-ppp/ppp-options.xml.i>
#include <include/accel-ppp/default-pool.xml.i>
#include <include/accel-ppp/default-ipv6-pool.xml.i>
diff --git a/interface-definitions/vpn_pptp.xml.in b/interface-definitions/vpn_pptp.xml.in
index d23086c02..2e2a3bec4 100644
--- a/interface-definitions/vpn_pptp.xml.in
+++ b/interface-definitions/vpn_pptp.xml.in
@@ -13,6 +13,23 @@
<help>Remote access PPTP VPN</help>
</properties>
<children>
+ <node name="authentication">
+ <properties>
+ <help>Authentication for remote access PPTP VPN</help>
+ </properties>
+ <children>
+ #include <include/accel-ppp/auth-local-users.xml.i>
+ #include <include/accel-ppp/auth-mode.xml.i>
+ #include <include/accel-ppp/auth-protocols.xml.i>
+ #include <include/radius-auth-server-ipv4.xml.i>
+ #include <include/accel-ppp/radius-additions.xml.i>
+ <node name="radius">
+ <children>
+ #include <include/accel-ppp/radius-additions-rate-limit.xml.i>
+ </children>
+ </node>
+ </children>
+ </node>
#include <include/accel-ppp/max-concurrent-sessions.xml.i>
#include <include/accel-ppp/mtu-128-16384.xml.i>
<leafNode name="mtu">
@@ -30,85 +47,6 @@
#include <include/name-server-ipv4-ipv6.xml.i>
#include <include/accel-ppp/wins-server.xml.i>
#include <include/accel-ppp/client-ip-pool.xml.i>
- <node name="authentication">
- <properties>
- <help>Authentication for remote access PPTP VPN</help>
- </properties>
- <children>
- <leafNode name="require">
- <properties>
- <help>Authentication protocol for remote access peer PPTP VPN</help>
- <completionHelp>
- <list>pap chap mschap mschap-v2</list>
- </completionHelp>
- <valueHelp>
- <format>pap</format>
- <description>Require the peer to authenticate itself using PAP [Password Authentication Protocol].</description>
- </valueHelp>
- <valueHelp>
- <format>chap</format>
- <description>Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol].</description>
- </valueHelp>
- <valueHelp>
- <format>mschap</format>
- <description>Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol].</description>
- </valueHelp>
- <valueHelp>
- <format>mschap-v2</format>
- <description>Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge Handshake Authentication Protocol, Version 2].</description>
- </valueHelp>
- <constraint>
- <regex>(pap|chap|mschap|mschap-v2)</regex>
- </constraint>
- </properties>
- <defaultValue>mschap-v2</defaultValue>
- </leafNode>
- #include <include/accel-ppp/auth-mode.xml.i>
- <node name="local-users">
- <properties>
- <help>Local user authentication for remote access PPTP VPN</help>
- </properties>
- <children>
- <tagNode name="username">
- <properties>
- <help>User name for authentication</help>
- </properties>
- <children>
- #include <include/generic-disable-node.xml.i>
- <leafNode name="password">
- <properties>
- <help>Password for authentication</help>
- </properties>
- </leafNode>
- <leafNode name="static-ip">
- <properties>
- <help>Static client IP address</help>
- </properties>
- <defaultValue>*</defaultValue>
- </leafNode>
- </children>
- </tagNode>
- </children>
- </node>
- <node name="radius">
- <children>
- #include <include/accel-ppp/radius-additions-rate-limit.xml.i>
- </children>
- </node>
- #include <include/radius-auth-server-ipv4.xml.i>
- #include <include/accel-ppp/radius-additions.xml.i>
- <node name="radius">
- <children>
- <leafNode name="timeout">
- <defaultValue>30</defaultValue>
- </leafNode>
- <leafNode name="acct-timeout">
- <defaultValue>30</defaultValue>
- </leafNode>
- </children>
- </node>
- </children>
- </node>
#include <include/accel-ppp/default-pool.xml.i>
#include <include/accel-ppp/client-ipv6-pool.xml.i>
#include <include/accel-ppp/default-ipv6-pool.xml.i>