diff options
author | aapostoliuk <a.apostoliuk@vyos.io> | 2024-02-07 12:26:49 +0200 |
---|---|---|
committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2024-02-09 07:23:30 +0000 |
commit | 3e1a585f9714ffa990bb5751c7a4c7025d7c02fa (patch) | |
tree | 91914de09186cfae40e6848a9aefeef7c4c39b12 /interface-definitions | |
parent | 267579006a98fbdc5802b428d24a917421a56cb2 (diff) | |
download | vyos-1x-3e1a585f9714ffa990bb5751c7a4c7025d7c02fa.tar.gz vyos-1x-3e1a585f9714ffa990bb5751c7a4c7025d7c02fa.zip |
T5960: Rewritten authentication node in PPTP to a single view
Rewritten authentication node in accel-ppp services
to a single view. In particular - PPTP authentication.
(cherry picked from commit 018110200c9a82815dd5d0510f0732d7159c0d59)
Diffstat (limited to 'interface-definitions')
-rw-r--r-- | interface-definitions/include/version/pptp-version.xml.i | 2 | ||||
-rw-r--r-- | interface-definitions/service_ipoe-server.xml.in | 150 | ||||
-rw-r--r-- | interface-definitions/vpn_l2tp.xml.in | 34 | ||||
-rw-r--r-- | interface-definitions/vpn_pptp.xml.in | 96 |
4 files changed, 110 insertions, 172 deletions
diff --git a/interface-definitions/include/version/pptp-version.xml.i b/interface-definitions/include/version/pptp-version.xml.i index 3e1482ecc..a877d77ff 100644 --- a/interface-definitions/include/version/pptp-version.xml.i +++ b/interface-definitions/include/version/pptp-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/pptp-version.xml.i --> -<syntaxVersion component='pptp' version='4'></syntaxVersion> +<syntaxVersion component='pptp' version='5'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/service_ipoe-server.xml.in b/interface-definitions/service_ipoe-server.xml.in index eeec2aeef..23d6e54d1 100644 --- a/interface-definitions/service_ipoe-server.xml.in +++ b/interface-definitions/service_ipoe-server.xml.in @@ -8,6 +8,81 @@ <priority>900</priority> </properties> <children> + <node name="authentication"> + <properties> + <help>Client authentication methods</help> + </properties> + <children> + #include <include/accel-ppp/auth-mode.xml.i> + <tagNode name="interface"> + <properties> + <help>Network interface for client MAC addresses</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + </properties> + <children> + <tagNode name="mac"> + <properties> + <help>Media Access Control (MAC) address</help> + <valueHelp> + <format>macaddr</format> + <description>Hardware (MAC) address</description> + </valueHelp> + <constraint> + <validator name="mac-address"/> + </constraint> + </properties> + <children> + <node name="rate-limit"> + <properties> + <help>Upload/Download speed limits</help> + </properties> + <children> + <leafNode name="upload"> + <properties> + <help>Upload bandwidth limit in kbits/sec</help> + <constraint> + <validator name="numeric" argument="--range 1-4294967295"/> + </constraint> + </properties> + </leafNode> + <leafNode name="download"> + <properties> + <help>Download bandwidth limit in kbits/sec</help> + <constraint> + <validator name="numeric" argument="--range 1-4294967295"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <leafNode name="vlan"> + <properties> + <help>VLAN monitor for automatic creation of VLAN interfaces</help> + <valueHelp> + <format>u32:1-4094</format> + <description>Client VLAN id</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4094"/> + </constraint> + <constraintErrorMessage>VLAN IDs need to be in range 1-4094</constraintErrorMessage> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </tagNode> + #include <include/radius-auth-server-ipv4.xml.i> + #include <include/accel-ppp/radius-additions.xml.i> + <node name="radius"> + <children> + #include <include/accel-ppp/radius-additions-rate-limit.xml.i> + </children> + </node> + </children> + </node> <tagNode name="interface"> <properties> <help>Interface to listen dhcp or unclassified packets</help> @@ -107,81 +182,6 @@ #include <include/accel-ppp/client-ip-pool.xml.i> #include <include/accel-ppp/gateway-address-multi.xml.i> #include <include/accel-ppp/client-ipv6-pool.xml.i> - <node name="authentication"> - <properties> - <help>Client authentication methods</help> - </properties> - <children> - #include <include/accel-ppp/auth-mode.xml.i> - <tagNode name="interface"> - <properties> - <help>Network interface for client MAC addresses</help> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces</script> - </completionHelp> - </properties> - <children> - <tagNode name="mac"> - <properties> - <help>Media Access Control (MAC) address</help> - <valueHelp> - <format>macaddr</format> - <description>Hardware (MAC) address</description> - </valueHelp> - <constraint> - <validator name="mac-address"/> - </constraint> - </properties> - <children> - <node name="rate-limit"> - <properties> - <help>Upload/Download speed limits</help> - </properties> - <children> - <leafNode name="upload"> - <properties> - <help>Upload bandwidth limit in kbits/sec</help> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> - </leafNode> - <leafNode name="download"> - <properties> - <help>Download bandwidth limit in kbits/sec</help> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> - </leafNode> - </children> - </node> - <leafNode name="vlan"> - <properties> - <help>VLAN monitor for automatic creation of VLAN interfaces</help> - <valueHelp> - <format>u32:1-4094</format> - <description>Client VLAN id</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-4094"/> - </constraint> - <constraintErrorMessage>VLAN IDs need to be in range 1-4094</constraintErrorMessage> - </properties> - </leafNode> - </children> - </tagNode> - </children> - </tagNode> - <node name="radius"> - <children> - #include <include/accel-ppp/radius-additions-rate-limit.xml.i> - </children> - </node> - #include <include/radius-auth-server-ipv4.xml.i> - #include <include/accel-ppp/radius-additions.xml.i> - </children> - </node> #include <include/accel-ppp/default-pool.xml.i> #include <include/accel-ppp/default-ipv6-pool.xml.i> </children> diff --git a/interface-definitions/vpn_l2tp.xml.in b/interface-definitions/vpn_l2tp.xml.in index 942690bca..6148e3269 100644 --- a/interface-definitions/vpn_l2tp.xml.in +++ b/interface-definitions/vpn_l2tp.xml.in @@ -13,6 +13,23 @@ <help>Remote access L2TP VPN</help> </properties> <children> + <node name="authentication"> + <properties> + <help>Authentication for remote access L2TP VPN</help> + </properties> + <children> + #include <include/accel-ppp/auth-local-users.xml.i> + #include <include/accel-ppp/auth-mode.xml.i> + #include <include/accel-ppp/auth-protocols.xml.i> + #include <include/radius-auth-server-ipv4.xml.i> + #include <include/accel-ppp/radius-additions.xml.i> + <node name="radius"> + <children> + #include <include/accel-ppp/radius-additions-rate-limit.xml.i> + </children> + </node> + </children> + </node> #include <include/accel-ppp/max-concurrent-sessions.xml.i> #include <include/accel-ppp/mtu-128-16384.xml.i> <leafNode name="mtu"> @@ -117,23 +134,6 @@ #include <include/accel-ppp/client-ipv6-pool.xml.i> #include <include/generic-description.xml.i> #include <include/dhcp-interface.xml.i> - <node name="authentication"> - <properties> - <help>Authentication for remote access L2TP VPN</help> - </properties> - <children> - #include <include/accel-ppp/auth-protocols.xml.i> - #include <include/accel-ppp/auth-mode.xml.i> - #include <include/accel-ppp/auth-local-users.xml.i> - #include <include/radius-auth-server-ipv4.xml.i> - #include <include/accel-ppp/radius-additions.xml.i> - <node name="radius"> - <children> - #include <include/accel-ppp/radius-additions-rate-limit.xml.i> - </children> - </node> - </children> - </node> #include <include/accel-ppp/ppp-options.xml.i> #include <include/accel-ppp/default-pool.xml.i> #include <include/accel-ppp/default-ipv6-pool.xml.i> diff --git a/interface-definitions/vpn_pptp.xml.in b/interface-definitions/vpn_pptp.xml.in index d23086c02..2e2a3bec4 100644 --- a/interface-definitions/vpn_pptp.xml.in +++ b/interface-definitions/vpn_pptp.xml.in @@ -13,6 +13,23 @@ <help>Remote access PPTP VPN</help> </properties> <children> + <node name="authentication"> + <properties> + <help>Authentication for remote access PPTP VPN</help> + </properties> + <children> + #include <include/accel-ppp/auth-local-users.xml.i> + #include <include/accel-ppp/auth-mode.xml.i> + #include <include/accel-ppp/auth-protocols.xml.i> + #include <include/radius-auth-server-ipv4.xml.i> + #include <include/accel-ppp/radius-additions.xml.i> + <node name="radius"> + <children> + #include <include/accel-ppp/radius-additions-rate-limit.xml.i> + </children> + </node> + </children> + </node> #include <include/accel-ppp/max-concurrent-sessions.xml.i> #include <include/accel-ppp/mtu-128-16384.xml.i> <leafNode name="mtu"> @@ -30,85 +47,6 @@ #include <include/name-server-ipv4-ipv6.xml.i> #include <include/accel-ppp/wins-server.xml.i> #include <include/accel-ppp/client-ip-pool.xml.i> - <node name="authentication"> - <properties> - <help>Authentication for remote access PPTP VPN</help> - </properties> - <children> - <leafNode name="require"> - <properties> - <help>Authentication protocol for remote access peer PPTP VPN</help> - <completionHelp> - <list>pap chap mschap mschap-v2</list> - </completionHelp> - <valueHelp> - <format>pap</format> - <description>Require the peer to authenticate itself using PAP [Password Authentication Protocol].</description> - </valueHelp> - <valueHelp> - <format>chap</format> - <description>Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol].</description> - </valueHelp> - <valueHelp> - <format>mschap</format> - <description>Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol].</description> - </valueHelp> - <valueHelp> - <format>mschap-v2</format> - <description>Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge Handshake Authentication Protocol, Version 2].</description> - </valueHelp> - <constraint> - <regex>(pap|chap|mschap|mschap-v2)</regex> - </constraint> - </properties> - <defaultValue>mschap-v2</defaultValue> - </leafNode> - #include <include/accel-ppp/auth-mode.xml.i> - <node name="local-users"> - <properties> - <help>Local user authentication for remote access PPTP VPN</help> - </properties> - <children> - <tagNode name="username"> - <properties> - <help>User name for authentication</help> - </properties> - <children> - #include <include/generic-disable-node.xml.i> - <leafNode name="password"> - <properties> - <help>Password for authentication</help> - </properties> - </leafNode> - <leafNode name="static-ip"> - <properties> - <help>Static client IP address</help> - </properties> - <defaultValue>*</defaultValue> - </leafNode> - </children> - </tagNode> - </children> - </node> - <node name="radius"> - <children> - #include <include/accel-ppp/radius-additions-rate-limit.xml.i> - </children> - </node> - #include <include/radius-auth-server-ipv4.xml.i> - #include <include/accel-ppp/radius-additions.xml.i> - <node name="radius"> - <children> - <leafNode name="timeout"> - <defaultValue>30</defaultValue> - </leafNode> - <leafNode name="acct-timeout"> - <defaultValue>30</defaultValue> - </leafNode> - </children> - </node> - </children> - </node> #include <include/accel-ppp/default-pool.xml.i> #include <include/accel-ppp/client-ipv6-pool.xml.i> #include <include/accel-ppp/default-ipv6-pool.xml.i> |