diff options
| author | Christian Poessinger <christian@poessinger.com> | 2020-03-20 23:07:43 +0100 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2020-03-20 23:25:05 +0100 |
| commit | a8920a1f13e6091355d33541802b1486c0cfa653 (patch) | |
| tree | 8aa98337ce740f38bd0402c42dcfe384c45d9c3e /src | |
| parent | 86e47301786da64a035156edd24ed2ec89918a49 (diff) | |
| download | vyos-1x-a8920a1f13e6091355d33541802b1486c0cfa653.tar.gz vyos-1x-a8920a1f13e6091355d33541802b1486c0cfa653.zip | |
sstp: T2008: remove req-limit config node
Limiting the amount of requests passed to a server seems to be the wrong
way to tackle a problem.
Diffstat (limited to 'src')
| -rwxr-xr-x | src/conf_mode/vpn_sstp.py | 8 | ||||
| -rwxr-xr-x | src/migration-scripts/sstp/0-to-1 | 5 |
2 files changed, 3 insertions, 10 deletions
diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py index e8c5155dd..09de7d112 100755 --- a/src/conf_mode/vpn_sstp.py +++ b/src/conf_mode/vpn_sstp.py @@ -100,7 +100,7 @@ chap-secrets=/etc/accel-ppp/sstp/chap-secrets [radius] verbose=1 {% for r in radius_server %} -server={{ r.server }},{{ r.key }},auth-port={{ r.port }},req-limit={{ r.req_limit }},fail-time={{ r.fail_time }} +server={{ r.server }},{{ r.key }},auth-port={{ r.port }},req-limit=0,fail-time={{ r.fail_time }} {% endfor -%} acct-timeout={{ radius_acct_tmo }} @@ -286,8 +286,7 @@ def get_config(): 'server' : server, 'key' : '', 'fail_time' : 0, - 'port' : '1812', - 'req_limit' : 0 + 'port' : '1812' } conf.set_level(base_path + ['authentication', 'radius', 'server', server]) @@ -298,9 +297,6 @@ def get_config(): if conf.exists(['port']): radius['port'] = conf.return_value(['port']) - if conf.exists(['req-limit']): - radius['req_limit'] = conf.return_value(['req-limit']) - if conf.exists(['key']): radius['key'] = conf.return_value(['key']) diff --git a/src/migration-scripts/sstp/0-to-1 b/src/migration-scripts/sstp/0-to-1 index 652a2662f..2edf76a56 100755 --- a/src/migration-scripts/sstp/0-to-1 +++ b/src/migration-scripts/sstp/0-to-1 @@ -20,6 +20,7 @@ # - migrate RADIUS configuration to a more uniform syntax accross the system # - authentication radius-server x.x.x.x to authentication radius server x.x.x.x # - authentication radius-settings to authentication radius +# - do not migrate radius server req-limit, use default of unlimited import os import sys @@ -101,10 +102,6 @@ else: tmp = config.return_value(base + ['fail-time']) config.set(new + ['fail-time'], value=tmp) - if config.exists(base + ['req-limit']): - tmp = config.return_value(base + ['req-limit']) - config.set(new + ['req-limit'], value=tmp) - config.set_tag(new_base + ['authentication', 'radius', 'server']) config.delete(radius_server) |