summaryrefslogtreecommitdiff
path: root/interface-definitions/vpn-openconnect.xml.in
diff options
context:
space:
mode:
Diffstat (limited to 'interface-definitions/vpn-openconnect.xml.in')
-rw-r--r--interface-definitions/vpn-openconnect.xml.in274
1 files changed, 274 insertions, 0 deletions
diff --git a/interface-definitions/vpn-openconnect.xml.in b/interface-definitions/vpn-openconnect.xml.in
new file mode 100644
index 000000000..21b47125d
--- /dev/null
+++ b/interface-definitions/vpn-openconnect.xml.in
@@ -0,0 +1,274 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+ <node name="vpn">
+ <children>
+ <node name="openconnect" owner="${vyos_conf_scripts_dir}/vpn_openconnect.py">
+ <properties>
+ <help>SSL VPN OpenConnect, AnyConnect compatible server</help>
+ <priority>901</priority>
+ </properties>
+ <children>
+ <node name="authentication">
+ <properties>
+ <help>Authentication for remote access SSL VPN Server</help>
+ </properties>
+ <children>
+ <node name="mode">
+ <properties>
+ <help>Authentication mode used by this server</help>
+ </properties>
+ <children>
+ <leafNode name="local">
+ <properties>
+ <help>Use local username/password configuration (OTP supported)</help>
+ <valueHelp>
+ <format>password</format>
+ <description>Password-only local authentication</description>
+ </valueHelp>
+ <valueHelp>
+ <format>otp</format>
+ <description>OTP-only local authentication</description>
+ </valueHelp>
+ <valueHelp>
+ <format>password-otp</format>
+ <description>Password (first) + OTP local authentication</description>
+ </valueHelp>
+ <constraint>
+ <regex>(password|otp|password-otp)</regex>
+ </constraint>
+ <constraintErrorMessage>Invalid authentication mode. Must be one of: password, otp or password-otp </constraintErrorMessage>
+ <completionHelp>
+ <list>otp password password-otp</list>
+ </completionHelp>
+ </properties>
+ </leafNode>
+ <leafNode name="radius">
+ <properties>
+ <help>Use RADIUS server for user autentication</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ #include <include/auth-local-users.xml.i>
+ <node name="local-users">
+ <children>
+ <tagNode name="username">
+ <children>
+ <node name="otp">
+ <properties>
+ <help>2FA OTP authentication parameters</help>
+ </properties>
+ <children>
+ <leafNode name="key">
+ <properties>
+ <help>Token Key Secret key for the token algorithm (see RFC 4226)</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>OTP key in hex-encoded format</description>
+ </valueHelp>
+ <constraint>
+ <regex>[a-fA-F0-9]{20,10000}</regex>
+ </constraint>
+ <constraintErrorMessage>Key name must only include hex characters and be at least 20 characters long</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <leafNode name="otp-length">
+ <properties>
+ <help>Number of digits in OTP code</help>
+ <valueHelp>
+ <format>u32:6-8</format>
+ <description>Number of digits in OTP code</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 6-8"/>
+ </constraint>
+ <constraintErrorMessage>Number of digits in OTP code must be between 6 and 8</constraintErrorMessage>
+ </properties>
+ <defaultValue>6</defaultValue>
+ </leafNode>
+ <leafNode name="interval">
+ <properties>
+ <help>Time tokens interval in seconds</help>
+ <valueHelp>
+ <format>u32:5-86400</format>
+ <description>Time tokens interval in seconds.</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 5-86400"/>
+ </constraint>
+ <constraintErrorMessage>Time token interval must be between 5 and 86400 seconds</constraintErrorMessage>
+ </properties>
+ <defaultValue>30</defaultValue>
+ </leafNode>
+ <leafNode name="token-type">
+ <properties>
+ <help>Token type</help>
+ <valueHelp>
+ <format>hotp-time</format>
+ <description>Time-based OTP algorithm</description>
+ </valueHelp>
+ <valueHelp>
+ <format>hotp-event</format>
+ <description>Event-based OTP algorithm</description>
+ </valueHelp>
+ <constraint>
+ <regex>(hotp-time|hotp-event)</regex>
+ </constraint>
+ <completionHelp>
+ <list>hotp-time hotp-event</list>
+ </completionHelp>
+ </properties>
+ <defaultValue>hotp-time</defaultValue>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ #include <include/radius-server-ipv4.xml.i>
+ <node name="radius">
+ <children>
+ <leafNode name="timeout">
+ <properties>
+ <help>Session timeout</help>
+ <valueHelp>
+ <format>u32:1-240</format>
+ <description>Session timeout in seconds (default: 2)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-240"/>
+ </constraint>
+ <constraintErrorMessage>Timeout must be between 1 and 240 seconds</constraintErrorMessage>
+ </properties>
+ <defaultValue>2</defaultValue>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </node>
+ <node name="listen-ports">
+ <properties>
+ <help>Specify custom ports to use for client connections</help>
+ </properties>
+ <children>
+ <leafNode name="tcp">
+ <properties>
+ <help>tcp port number to accept connections</help>
+ <valueHelp>
+ <format>u32:1-65535</format>
+ <description>Numeric IP port</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-65535"/>
+ </constraint>
+ </properties>
+ <defaultValue>443</defaultValue>
+ </leafNode>
+ <leafNode name="udp">
+ <properties>
+ <help>udp port number to accept connections</help>
+ <valueHelp>
+ <format>u32:1-65535</format>
+ <description>Numeric IP port</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-65535"/>
+ </constraint>
+ </properties>
+ <defaultValue>443</defaultValue>
+ </leafNode>
+ </children>
+ </node>
+ <node name="ssl">
+ <properties>
+ <help>SSL Certificate, SSL Key and CA</help>
+ </properties>
+ <children>
+ #include <include/pki/ca-certificate.xml.i>
+ #include <include/pki/certificate-key.xml.i>
+ </children>
+ </node>
+ <node name="network-settings">
+ <properties>
+ <help>Network settings</help>
+ </properties>
+ <children>
+ <leafNode name="push-route">
+ <properties>
+ <help>Route to be pushed to the client</help>
+ <valueHelp>
+ <format>ipv4net</format>
+ <description>IPv4 network and prefix length</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6net</format>
+ <description>IPv6 network and prefix length</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ip-prefix"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <node name="client-ip-settings">
+ <properties>
+ <help>Client IP pools settings</help>
+ </properties>
+ <children>
+ <leafNode name="subnet">
+ <properties>
+ <help>Client IP subnet (CIDR notation)</help>
+ <valueHelp>
+ <format>ipv4net</format>
+ <description>IPv4 address and prefix length</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-prefix"/>
+ </constraint>
+ <constraintErrorMessage>Not a valid CIDR formatted prefix</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <node name="client-ipv6-pool">
+ <properties>
+ <help>Pool of client IPv6 addresses</help>
+ </properties>
+ <children>
+ <leafNode name="prefix">
+ <properties>
+ <help>Pool of addresses used to assign to clients</help>
+ <valueHelp>
+ <format>ipv6net</format>
+ <description>IPv6 address and prefix length</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-prefix"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="mask">
+ <properties>
+ <help>Prefix length used for individual client</help>
+ <valueHelp>
+ <format>u32:48-128</format>
+ <description>Client prefix length</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 48-128"/>
+ </constraint>
+ </properties>
+ <defaultValue>64</defaultValue>
+ </leafNode>
+ </children>
+ </node>
+ #include <include/name-server-ipv4-ipv6.xml.i>
+ </children>
+ </node>
+ </children>
+ </node>
+ </children>
+</node>
+</interfaceDefinition>