summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/dhcpv6-server.xml.in38
-rw-r--r--interface-definitions/include/accel-auth-mode.xml.i19
-rw-r--r--interface-definitions/include/accel-client-ipv6-pool.xml.in59
-rw-r--r--interface-definitions/include/accel-name-server.xml.in18
-rw-r--r--interface-definitions/include/accel-radius-additions.xml.in113
-rw-r--r--interface-definitions/include/accel-wins-server.xml.i13
-rw-r--r--interface-definitions/include/dhcp-dhcpv6-options.xml.i1
-rw-r--r--interface-definitions/include/interface-hw-id.xml.i2
-rw-r--r--interface-definitions/include/ipv6-address.xml.i11
-rw-r--r--interface-definitions/interfaces-pseudo-ethernet.xml.in4
-rw-r--r--interface-definitions/interfaces-tunnel.xml.in8
-rw-r--r--interface-definitions/interfaces-wireless.xml.in55
-rw-r--r--interface-definitions/protocols-multicast.xml.in95
-rw-r--r--interface-definitions/salt-minion.xml.in78
-rw-r--r--interface-definitions/service_ipoe-server.xml.in (renamed from interface-definitions/service-ipoe.xml.in)180
-rw-r--r--interface-definitions/service_pppoe-server.xml.in (renamed from interface-definitions/service-pppoe.xml.in)250
-rw-r--r--interface-definitions/service_router-advert.xml.in (renamed from interface-definitions/service-router-advert.xml.in)2
-rw-r--r--interface-definitions/system-login.xml.in1
-rw-r--r--interface-definitions/vpn_l2tp.xml.in (renamed from interface-definitions/vpn-l2tp.xml.in)113
-rw-r--r--interface-definitions/vpn_pptp.xml.in (renamed from interface-definitions/vpn-pptp.xml.in)121
-rw-r--r--interface-definitions/vpn_sstp.xml.in (renamed from interface-definitions/vpn-sstp.xml.in)130
21 files changed, 509 insertions, 802 deletions
diff --git a/interface-definitions/dhcpv6-server.xml.in b/interface-definitions/dhcpv6-server.xml.in
index 7d4c0de23..4073b46b2 100644
--- a/interface-definitions/dhcpv6-server.xml.in
+++ b/interface-definitions/dhcpv6-server.xml.in
@@ -126,16 +126,37 @@
<leafNode name="default">
<properties>
<help>Default time (in seconds) that will be assigned to a lease</help>
+ <valueHelp>
+ <format>1-4294967295</format>
+ <description>DHCPv6 valid lifetime</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-4294967295"/>
+ </constraint>
</properties>
</leafNode>
<leafNode name="maximum">
<properties>
<help>Maximum time (in seconds) that will be assigned to a lease</help>
+ <valueHelp>
+ <format>1-4294967295</format>
+ <description>Maximum lease time in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-4294967295"/>
+ </constraint>
</properties>
</leafNode>
<leafNode name="minimum">
<properties>
<help>Minimum time (in seconds) that will be assigned to a lease</help>
+ <valueHelp>
+ <format>1-4294967295</format>
+ <description>Minimum lease time in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-4294967295"/>
+ </constraint>
</properties>
</leafNode>
</children>
@@ -243,29 +264,24 @@
</tagNode>
</children>
</node>
- <leafNode name="sip-server-address">
+ <leafNode name="sip-server">
<properties>
<help>IPv6 address of SIP server</help>
<valueHelp>
<format>ipv6</format>
<description>IPv6 address of SIP server</description>
</valueHelp>
+ <valueHelp>
+ <format>hostname</format>
+ <description>FQDN of SIP server</description>
+ </valueHelp>
<constraint>
<validator name="ipv6-address"/>
+ <validator name="fqdn"/>
</constraint>
<multi/>
</properties>
</leafNode>
- <leafNode name="sip-server-name">
- <properties>
- <help>SIP server name</help>
- <constraint>
- <regex>[-_a-zA-Z0-9.]+</regex>
- </constraint>
- <constraintErrorMessage>Invalid SIP server name. May only contain letters, numbers and .-_</constraintErrorMessage>
- <multi/>
- </properties>
- </leafNode>
<leafNode name="sntp-server">
<properties>
<help>IPv6 address of an SNTP server for client to use</help>
diff --git a/interface-definitions/include/accel-auth-mode.xml.i b/interface-definitions/include/accel-auth-mode.xml.i
new file mode 100644
index 000000000..e719112db
--- /dev/null
+++ b/interface-definitions/include/accel-auth-mode.xml.i
@@ -0,0 +1,19 @@
+<leafNode name="mode">
+ <properties>
+ <help>Authentication mode used by this server</help>
+ <valueHelp>
+ <format>local</format>
+ <description>Use local username/password configuration</description>
+ </valueHelp>
+ <valueHelp>
+ <format>radius</format>
+ <description>Use RADIUS server for user autentication</description>
+ </valueHelp>
+ <constraint>
+ <regex>(local|radius)</regex>
+ </constraint>
+ <completionHelp>
+ <list>local radius</list>
+ </completionHelp>
+ </properties>
+</leafNode>
diff --git a/interface-definitions/include/accel-client-ipv6-pool.xml.in b/interface-definitions/include/accel-client-ipv6-pool.xml.in
new file mode 100644
index 000000000..455ada6ef
--- /dev/null
+++ b/interface-definitions/include/accel-client-ipv6-pool.xml.in
@@ -0,0 +1,59 @@
+<node name="client-ipv6-pool">
+ <properties>
+ <help>Pool of client IPv6 addresses</help>
+ </properties>
+ <children>
+ <tagNode name="prefix">
+ <properties>
+ <help>Pool of addresses used to assign to clients</help>
+ <valueHelp>
+ <format>ipv6net</format>
+ <description>IPv6 address and prefix length</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-prefix"/>
+ </constraint>
+ </properties>
+ <children>
+ <leafNode name="mask">
+ <properties>
+ <help>Prefix length used for individual client</help>
+ <valueHelp>
+ <format>&lt;48-128&gt;</format>
+ <description>Client prefix length (default: 64)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 48-128"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ <tagNode name="delegate">
+ <properties>
+ <help>Subnet used to delegate prefix through DHCPv6-PD (RFC3633)</help>
+ <valueHelp>
+ <format>ipv6net</format>
+ <description>IPv6 address and prefix length</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv6-prefix"/>
+ </constraint>
+ </properties>
+ <children>
+ <leafNode name="delegation-prefix">
+ <properties>
+ <help>Prefix length delegated to client</help>
+ <valueHelp>
+ <format>&lt;32-64&gt;</format>
+ <description>Delegated prefix length</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 32-64"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+</node>
diff --git a/interface-definitions/include/accel-name-server.xml.in b/interface-definitions/include/accel-name-server.xml.in
new file mode 100644
index 000000000..82ed6771d
--- /dev/null
+++ b/interface-definitions/include/accel-name-server.xml.in
@@ -0,0 +1,18 @@
+<leafNode name="name-server">
+ <properties>
+ <help>Domain Name Server (DNS) propagated to client</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>Domain Name Server (DNS) IPv4 address</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>Domain Name Server (DNS) IPv6 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ <validator name="ipv6-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+</leafNode>
diff --git a/interface-definitions/include/accel-radius-additions.xml.in b/interface-definitions/include/accel-radius-additions.xml.in
new file mode 100644
index 000000000..227a043cd
--- /dev/null
+++ b/interface-definitions/include/accel-radius-additions.xml.in
@@ -0,0 +1,113 @@
+<node name="radius">
+ <children>
+ <tagNode name="server">
+ <children>
+ <leafNode name="fail-time">
+ <properties>
+ <help>Mark server unavailable for &lt;n&gt; seconds on failure</help>
+ <valueHelp>
+ <format>0-600</format>
+ <description>Fail time penalty</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-600"/>
+ </constraint>
+ <constraintErrorMessage>Fail time must be between 0 and 600 seconds</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ <leafNode name="timeout">
+ <properties>
+ <help>Timeout in seconds to wait response from RADIUS server</help>
+ <valueHelp>
+ <format>1-60</format>
+ <description>Timeout in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-60"/>
+ </constraint>
+ <constraintErrorMessage>Timeout must be between 1 and 60 seconds</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <leafNode name="acct-timeout">
+ <properties>
+ <help>Timeout for Interim-Update packets, terminate session afterwards (default 3 seconds)</help>
+ <valueHelp>
+ <format>0-60</format>
+ <description>Timeout in seconds, 0 to keep active</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-60"/>
+ </constraint>
+ <constraintErrorMessage>Timeout must be between 0 and 60 seconds</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <leafNode name="max-try">
+ <properties>
+ <help>Number of tries to send Access-Request/Accounting-Request queries</help>
+ <valueHelp>
+ <format>1-20</format>
+ <description>Maximum tries</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-20"/>
+ </constraint>
+ <constraintErrorMessage>Maximum tries must be between 1 and 20</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <leafNode name="nas-identifier">
+ <properties>
+ <help>NAS-Identifier attribute sent to RADIUS</help>
+ </properties>
+ </leafNode>
+ <leafNode name="nas-ip-address">
+ <properties>
+ <help>NAS-IP-Address attribute sent to RADIUS</help>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>NAS-IP-Address attribute</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ <node name="dynamic-author">
+ <properties>
+ <help>Dynamic Authorization Extension/Change of Authorization server</help>
+ </properties>
+ <children>
+ <leafNode name="server">
+ <properties>
+ <help>IP address for Dynamic Authorization Extension server (DM/CoA)</help>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 address for aynamic authorization server</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ <leafNode name="port">
+ <properties>
+ <help>Port for Dynamic Authorization Extension server (DM/CoA)</help>
+ <valueHelp>
+ <format>number</format>
+ <description>TCP port</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-65535"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="key">
+ <properties>
+ <help>Shared secret for Dynamic Authorization Extension server</help>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+</node>
diff --git a/interface-definitions/include/accel-wins-server.xml.i b/interface-definitions/include/accel-wins-server.xml.i
new file mode 100644
index 000000000..461a65ddf
--- /dev/null
+++ b/interface-definitions/include/accel-wins-server.xml.i
@@ -0,0 +1,13 @@
+<leafNode name="wins-server">
+ <properties>
+ <help>Windows Internet Name Service (WINS) servers propagated to client</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>Domain Name Server (DNS) IPv4 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+</leafNode>
diff --git a/interface-definitions/include/dhcp-dhcpv6-options.xml.i b/interface-definitions/include/dhcp-dhcpv6-options.xml.i
index 104b1fbe0..e4387863b 100644
--- a/interface-definitions/include/dhcp-dhcpv6-options.xml.i
+++ b/interface-definitions/include/dhcp-dhcpv6-options.xml.i
@@ -23,7 +23,6 @@
<node name="dhcpv6-options">
<properties>
<help>DHCPv6 options</help>
- <priority>319</priority>
</properties>
<children>
<leafNode name="parameters-only">
diff --git a/interface-definitions/include/interface-hw-id.xml.i b/interface-definitions/include/interface-hw-id.xml.i
index cefc9f0a0..318ddd1c4 100644
--- a/interface-definitions/include/interface-hw-id.xml.i
+++ b/interface-definitions/include/interface-hw-id.xml.i
@@ -1,4 +1,4 @@
-<leafNode name="mac">
+<leafNode name="hw-id">
<properties>
<help>Associate Ethernet Interface with given Media Access Control (MAC) address</help>
<valueHelp>
diff --git a/interface-definitions/include/ipv6-address.xml.i b/interface-definitions/include/ipv6-address.xml.i
index 507d5dcc1..34f54e4c1 100644
--- a/interface-definitions/include/ipv6-address.xml.i
+++ b/interface-definitions/include/ipv6-address.xml.i
@@ -8,14 +8,21 @@
</leafNode>
<leafNode name="eui64">
<properties>
- <help>ssign IPv6 address using EUI-64 based on MAC address</help>
+ <help>Prefix for IPv6 address with MAC-based EUI-64</help>
<valueHelp>
<format>ipv6net</format>
- <description>IPv6 address and prefix length</description>
+ <description>IPv6 network and prefix length</description>
</valueHelp>
<constraint>
<validator name="ipv6-prefix"/>
</constraint>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="no-default-link-local">
+ <properties>
+ <help>Remove the default link-local address from the interface</help>
+ <valueless/>
</properties>
</leafNode>
</children>
diff --git a/interface-definitions/interfaces-pseudo-ethernet.xml.in b/interface-definitions/interfaces-pseudo-ethernet.xml.in
index c6e61d19a..ea267cf81 100644
--- a/interface-definitions/interfaces-pseudo-ethernet.xml.in
+++ b/interface-definitions/interfaces-pseudo-ethernet.xml.in
@@ -5,7 +5,7 @@
<tagNode name="pseudo-ethernet" owner="${vyos_conf_scripts_dir}/interfaces-pseudo-ethernet.py">
<properties>
<help>Pseudo Ethernet</help>
- <priority>319</priority>
+ <priority>321</priority>
<constraint>
<regex>^peth[0-9]+$</regex>
</constraint>
@@ -45,7 +45,7 @@
<help>Physical Interface used for this device</help>
<valueHelp>
<format>interface</format>
- <description>Interface used for VXLAN underlay</description>
+ <description>Physical interface used for this pseudo device</description>
</valueHelp>
<completionHelp>
<script>${vyos_completion_dir}/list_interfaces.py -t ethernet</script>
diff --git a/interface-definitions/interfaces-tunnel.xml.in b/interface-definitions/interfaces-tunnel.xml.in
index e1ac60319..a38a73e15 100644
--- a/interface-definitions/interfaces-tunnel.xml.in
+++ b/interface-definitions/interfaces-tunnel.xml.in
@@ -66,6 +66,14 @@
</constraint>
</properties>
</leafNode>
+ <leafNode name="source-interface">
+ <properties>
+ <help>Physical Interface used for underlaying traffic</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_interfaces.py</script>
+ </completionHelp>
+ </properties>
+ </leafNode>
<leafNode name="6rd-prefix">
<properties>
<help>6rd network prefix</help>
diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in
index a5c6315fa..3edcbb8ff 100644
--- a/interface-definitions/interfaces-wireless.xml.in
+++ b/interface-definitions/interfaces-wireless.xml.in
@@ -605,22 +605,67 @@
<children>
<leafNode name="cipher">
<properties>
- <help>Cipher suite for WPA</help>
+ <help>Cipher suite for WPA unicast packets</help>
<completionHelp>
- <list>TKIP CCMP</list>
+ <list>GCMP-256 GCMP CCMP-256 CCMP TKIP</list>
</completionHelp>
<valueHelp>
+ <format>GCMP-256</format>
+ <description>AES in Galois/counter mode with 256-bit key</description>
+ </valueHelp>
+ <valueHelp>
+ <format>GCMP</format>
+ <description>AES in Galois/counter mode with 128-bit key</description>
+ </valueHelp>
+ <valueHelp>
+ <format>CCMP-256</format>
+ <description>AES in Counter mode with CBC-MAC with 256-bit key</description>
+ </valueHelp>
+ <valueHelp>
<format>CCMP</format>
- <description>AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]</description>
+ <description>AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] (supported on all WPA2 APs)</description>
</valueHelp>
<valueHelp>
<format>TKIP</format>
<description>Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]</description>
</valueHelp>
<constraint>
- <regex>(CCMP|TKIP)</regex>
+ <regex>(GCMP-256|GCMP|CCMP-256|CCMP|TKIP)</regex>
</constraint>
- <constraintErrorMessage>Invalid WEP key</constraintErrorMessage>
+ <constraintErrorMessage>Invalid cipher selection</constraintErrorMessage>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="group-cipher">
+ <properties>
+ <help>Cipher suite for WPA multicast and broadcast packets</help>
+ <completionHelp>
+ <list>GCMP-256 GCMP CCMP-256 CCMP TKIP</list>
+ </completionHelp>
+ <valueHelp>
+ <format>GCMP-256</format>
+ <description>AES in Galois/counter mode with 256-bit key</description>
+ </valueHelp>
+ <valueHelp>
+ <format>GCMP</format>
+ <description>AES in Galois/counter mode with 128-bit key</description>
+ </valueHelp>
+ <valueHelp>
+ <format>CCMP-256</format>
+ <description>AES in Counter mode with CBC-MAC with 256-bit key</description>
+ </valueHelp>
+ <valueHelp>
+ <format>CCMP</format>
+ <description>AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] (supported on all WPA2 APs)</description>
+ </valueHelp>
+ <valueHelp>
+ <format>TKIP</format>
+ <description>Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]</description>
+ </valueHelp>
+ <constraint>
+ <regex>(GCMP-256|GCMP|CCMP-256|CCMP|TKIP)</regex>
+ </constraint>
+ <constraintErrorMessage>Invalid group cipher selection</constraintErrorMessage>
<multi/>
</properties>
</leafNode>
diff --git a/interface-definitions/protocols-multicast.xml.in b/interface-definitions/protocols-multicast.xml.in
new file mode 100644
index 000000000..a06f2b287
--- /dev/null
+++ b/interface-definitions/protocols-multicast.xml.in
@@ -0,0 +1,95 @@
+<?xml version="1.0"?>
+<!-- Multicast static routing configuration -->
+<interfaceDefinition>
+ <node name="protocols">
+ <children>
+ <node name="static">
+ <children>
+ <node name="multicast" owner="${vyos_conf_scripts_dir}/protocols_static_multicast.py">
+ <properties>
+ <help>Multicast static route</help>
+ </properties>
+ <children>
+ <tagNode name="route">
+ <properties>
+ <help>Configure static unicast route into MRIB for multicast RPF lookup</help>
+ <valueHelp>
+ <format>ipv4net</format>
+ <description>Network</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ip-prefix"/>
+ </constraint>
+ </properties>
+ <children>
+ <tagNode name="next-hop">
+ <properties>
+ <help>Nexthop IPv4 address</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>Nexthop IPv4 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+ <children>
+ <leafNode name="distance">
+ <properties>
+ <help>Distance value for this route</help>
+ <valueHelp>
+ <format>1-255</format>
+ <description>Distance for this route</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-255"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </tagNode>
+ <tagNode name="interface-route">
+ <properties>
+ <help>Multicast interface based route</help>
+ <valueHelp>
+ <format>ipv4net</format>
+ <description>Network</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ip-prefix"/>
+ </constraint>
+ </properties>
+ <children>
+ <tagNode name="next-hop-interface">
+ <properties>
+ <help>Next-hop interface</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_interfaces.py</script>
+ </completionHelp>
+ </properties>
+ <children>
+ <leafNode name="distance">
+ <properties>
+ <help>Distance value for this route</help>
+ <valueHelp>
+ <format>1-255</format>
+ <description>Distance for this route</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-255"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ </children>
+ </node>
+ </children>
+ </node>
+</interfaceDefinition>
diff --git a/interface-definitions/salt-minion.xml.in b/interface-definitions/salt-minion.xml.in
index 9aa60249a..97f882a6a 100644
--- a/interface-definitions/salt-minion.xml.in
+++ b/interface-definitions/salt-minion.xml.in
@@ -1,5 +1,4 @@
<?xml version="1.0"?>
-<!--Salt-minion configuration -->
<interfaceDefinition>
<node name="service">
<children>
@@ -9,73 +8,56 @@
<priority>500</priority>
</properties>
<children>
- <leafNode name="hash_type">
+ <leafNode name="hash">
<properties>
- <help>The hash_type is the hash to use when discovering the hash of a file on the master server.</help>
+ <help>Hash used when discovering file on master server (default: sha256)</help>
+ <completionHelp>
+ <list>md5 sha1 sha224 sha256 sha384 sha512</list>
+ </completionHelp>
+ <constraint>
+ <regex>(md5|sha1|sha224|sha256|sha384|sha512)</regex>
+ </constraint>
</properties>
</leafNode>
- <leafNode name="log_file">
- <properties>
- <help>The location of the minion log file.</help>
- </properties>
- </leafNode>
- <leafNode name="log_level">
+ <leafNode name="master">
<properties>
- <help>Log level</help>
- <valueHelp>
- <format>garbage</format>
- <description>log garbage info</description>
- </valueHelp>
- <valueHelp>
- <format>trace</format>
- <description>log trace info</description>
- </valueHelp>
- <valueHelp>
- <format>debug</format>
- <description>log debug info</description>
- </valueHelp>
- <valueHelp>
- <format>info</format>
- <description>log info</description>
- </valueHelp>
- <valueHelp>
- <format>warning</format>
- <description>log warning info</description>
- </valueHelp>
+ <help>The hostname or IP address of the master.</help>
<valueHelp>
- <format>error</format>
- <description>log error info</description>
+ <format>ipv4</format>
+ <description>Remote syslog server IPv4 address</description>
</valueHelp>
<valueHelp>
- <format>critical</format>
- <description>log critical info</description>
+ <format>hostname</format>
+ <description>Remote syslog server FQDN</description>
</valueHelp>
- </properties>
- </leafNode>
- <leafNode name="master">
- <properties>
- <help>The hostname or IP address of the master.</help>
+ <constraint>
+ <validator name="ip-address"/>
+ <validator name="fqdn"/>
+ </constraint>
+ <constraintErrorMessage>Invalid FQDN or IP address</constraintErrorMessage>
<multi/>
</properties>
</leafNode>
<leafNode name="id">
<properties>
- <help>Explicitly declare the id for this minion to use.</help>
- </properties>
- </leafNode>
- <leafNode name="user">
- <properties>
- <help>The user to run the Salt processes.</help>
+ <help>Explicitly declare ID for this minion to use (default: hostname)</help>
</properties>
</leafNode>
- <leafNode name="mine_interval">
+ <leafNode name="interval">
<properties>
- <help>The number of minutes between mine updates.</help>
+ <help>Interval in minutes between updates (default: 60)</help>
+ <valueHelp>
+ <format>&lt;1-1440&gt;</format>
+ <description>Update interval in minutes</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-1440"/>
+ </constraint>
</properties>
</leafNode>
<leafNode name="master-key">
<properties>
- <help>Enables verification of the master-public-signature returned by the master in auth-replies.</help>
+ <help>URL with signature of master for auth reply verification</help>
</properties>
</leafNode>
</children>
diff --git a/interface-definitions/service-ipoe.xml.in b/interface-definitions/service_ipoe-server.xml.in
index 6804469cb..9ee5d5156 100644
--- a/interface-definitions/service-ipoe.xml.in
+++ b/interface-definitions/service_ipoe-server.xml.in
@@ -2,7 +2,7 @@
<interfaceDefinition>
<node name="service">
<children>
- <node name="ipoe-server" owner="${vyos_conf_scripts_dir}/service-ipoe.py">
+ <node name="ipoe-server" owner="${vyos_conf_scripts_dir}/service_ipoe-server.py">
<properties>
<help>Internet Protocol over Ethernet (IPoE) Server</help>
<priority>900</priority>
@@ -111,79 +111,8 @@
</leafNode>
</children>
</tagNode>
- <node name="dns-server">
- <properties>
- <help>DNS servers offered via internal DHCP</help>
- </properties>
- <children>
- <leafNode name="server-1">
- <properties>
- <help>IP address of the primary DNS server</help>
- <constraint>
- <validator name="ipv4-address"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="server-2">
- <properties>
- <help>IP address of the secondary DNS server</help>
- <constraint>
- <validator name="ipv4-address"/>
- </constraint>
- </properties>
- </leafNode>
- </children>
- </node>
- <node name="dnsv6-server">
- <properties>
- <help>DNSv6 servers offered via internal DHCPv6</help>
- </properties>
- <children>
- <leafNode name="server-1">
- <properties>
- <help>IP address of the primary DNS server</help>
- <constraint>
- <validator name="ipv6-address"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="server-2">
- <properties>
- <help>IP address of the secondary DNS server</help>
- <constraint>
- <validator name="ipv6-address"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="server-3">
- <properties>
- <help>IP address of the tertiary DNS server</help>
- <constraint>
- <validator name="ipv6-address"/>
- </constraint>
- </properties>
- </leafNode>
- </children>
- </node>
- <node name="client-ipv6-pool">
- <properties>
- <help>Pool of client IPv6 addresses</help>
- </properties>
- <children>
- <leafNode name="prefix">
- <properties>
- <help>Format: ipv6prefix/mask,prefix_len (e.g.: fc00:0:1::/48,64 - divides prefix into /64 subnets for clients)</help>
- <multi/>
- </properties>
- </leafNode>
- <leafNode name="delegate-prefix">
- <properties>
- <help>Format: ipv6prefix/mask,prefix_len (delegates prefix to clients via DHCPv6 prefix delegation</help>
- <multi/>
- </properties>
- </leafNode>
- </children>
- </node>
+ #include <include/accel-name-server.xml.in>
+ #include <include/accel-client-ipv6-pool.xml.in>
<node name="authentication">
<properties>
<help>Client authentication methods</help>
@@ -268,107 +197,8 @@
</tagNode>
</children>
</tagNode>
- <tagNode name="radius-server">
- <properties>
- <help>IP address of RADIUS server</help>
- <valueHelp>
- <format>ipv4</format>
- <description>IP address of RADIUS server</description>
- </valueHelp>
- </properties>
- <children>
- <leafNode name="secret">
- <properties>
- <help>Key for accessing the specified server</help>
- </properties>
- </leafNode>
- <leafNode name="req-limit">
- <properties>
- <help>Maximum number of simultaneous requests to server (default: unlimited)</help>
- </properties>
- </leafNode>
- <leafNode name="fail-time">
- <properties>
- <help>If server does not respond, mark it unavailable for this time (seconds)</help>
- </properties>
- </leafNode>
- </children>
- </tagNode>
- <node name="radius-settings">
- <properties>
- <help>RADIUS settings</help>
- </properties>
- <children>
- <leafNode name="timeout">
- <properties>
- <help>Timeout to wait response from server (seconds)</help>
- </properties>
- </leafNode>
- <leafNode name="acct-timeout">
- <properties>
- <help>Timeout to wait reply for Interim-Update packets. (default 3 seconds)</help>
- </properties>
- </leafNode>
- <leafNode name="max-try">
- <properties>
- <help>Maximum number of tries to send Access-Request/Accounting-Request queries</help>
- </properties>
- </leafNode>
- <leafNode name="nas-identifier">
- <properties>
- <help>Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests.</help>
- </properties>
- </leafNode>
- <leafNode name="nas-ip-address">
- <properties>
- <help>Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address.</help>
- <valueHelp>
- <format>ipv4</format>
- <description>IPv4 address of the DAE Server</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- </constraint>
- </properties>
- </leafNode>
- <node name="dae-server">
- <properties>
- <help>IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA)</help>
- </properties>
- <children>
- <leafNode name="ip-address">
- <properties>
- <help>IP address for Dynamic Authorization Extension server (DM/CoA)</help>
- <valueHelp>
- <format>ipv4</format>
- <description>IPv4 address of the DAE Server</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="port">
- <properties>
- <help>Port for Dynamic Authorization Extension server (DM/CoA)</help>
- <valueHelp>
- <format>1-65535</format>
- <description>port number</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-65535"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="secret">
- <properties>
- <help>Secret for Dynamic Authorization Extension server (DM/CoA)</help>
- </properties>
- </leafNode>
- </children>
- </node>
- </children>
- </node>
+ #include <include/radius-server.xml.i>
+ #include <include/accel-radius-additions.xml.in>
</children>
</node>
</children>
diff --git a/interface-definitions/service-pppoe.xml.in b/interface-definitions/service_pppoe-server.xml.in
index b4950ede1..c7ba2617a 100644
--- a/interface-definitions/service-pppoe.xml.in
+++ b/interface-definitions/service_pppoe-server.xml.in
@@ -2,7 +2,7 @@
<interfaceDefinition>
<node name="service">
<children>
- <node name="pppoe-server" owner="${vyos_conf_scripts_dir}/service-pppoe.py">
+ <node name="pppoe-server" owner="${vyos_conf_scripts_dir}/service_pppoe-server.py">
<properties>
<help>Point to Point over Ethernet (PPPoE) Server</help>
<priority>900</priority>
@@ -107,103 +107,11 @@
</tagNode>
</children>
</node>
- <leafNode name="mode">
- <properties>
- <help>Authentication mode for PPPoE Server</help>
- <valueHelp>
- <format>local</format>
- <description>Use local username/password configuration</description>
- </valueHelp>
- <valueHelp>
- <format>radius</format>
- <description>Use a RADIUS server to autenticate users</description>
- </valueHelp>
- <constraint>
- <regex>(local|radius)</regex>
- </constraint>
- <completionHelp>
- <list>local radius</list>
- </completionHelp>
- </properties>
- </leafNode>
- <tagNode name="radius-server">
- <properties>
- <help>IP address of RADIUS server</help>
- <valueHelp>
- <format>ipv4</format>
- <description>IP address of RADIUS server</description>
- </valueHelp>
- </properties>
- <children>
- <leafNode name="secret">
- <properties>
- <help>Key for accessing the specified server</help>
- </properties>
- </leafNode>
- <leafNode name="req-limit">
- <properties>
- <help>Maximum number of simultaneous requests to server (default: unlimited)</help>
- </properties>
- </leafNode>
- <leafNode name="fail-time">
- <properties>
- <help>If server does not responds mark it as unavailable for this amount of time in seconds</help>
- </properties>
- </leafNode>
- </children>
- </tagNode>
- <node name="radius-settings">
- <properties>
- <help>RADIUS settings</help>
- </properties>
+ #include <include/accel-auth-mode.xml.i>
+ #include <include/radius-server.xml.i>
+ #include <include/accel-radius-additions.xml.in>
+ <node name="radius">
<children>
- <leafNode name="timeout">
- <properties>
- <help>Timeout to wait response from server (seconds)</help>
- </properties>
- </leafNode>
- <leafNode name="acct-timeout">
- <properties>
- <help>Timeout to wait reply for Interim-Update packets. (default 3 seconds)</help>
- </properties>
- </leafNode>
- <leafNode name="max-try">
- <properties>
- <help>Maximum number of tries to send Access-Request/Accounting-Request queries</help>
- </properties>
- </leafNode>
- <leafNode name="nas-identifier">
- <properties>
- <help>Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests.</help>
- </properties>
- </leafNode>
- <leafNode name="nas-ip-address">
- <properties>
- <help>Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address.</help>
- </properties>
- </leafNode>
- <node name="dae-server">
- <properties>
- <help>IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA)</help>
- </properties>
- <children>
- <leafNode name="ip-address">
- <properties>
- <help>IP address for Dynamic Authorization Extension server (DM/CoA)</help>
- </properties>
- </leafNode>
- <leafNode name="port">
- <properties>
- <help>Port for Dynamic Authorization Extension server (DM/CoA)</help>
- </properties>
- </leafNode>
- <leafNode name="secret">
- <properties>
- <help>Secret for Dynamic Authorization Extension server (DM/CoA)</help>
- </properties>
- </leafNode>
- </children>
- </node>
<node name="rate-limit">
<properties>
<help>Upload/Download speed limits</help>
@@ -229,6 +137,34 @@
</node>
</children>
</node>
+ <leafNode name="protocols">
+ <properties>
+ <help>Authentication protocol</help>
+ <valueHelp>
+ <format>pap</format>
+ <description>Allow PAP authentication [Password Authentication Protocol]</description>
+ </valueHelp>
+ <valueHelp>
+ <format>chap</format>
+ <description>Allow CHAP authentication [Challenge Handshake Authentication Protocol]</description>
+ </valueHelp>
+ <valueHelp>
+ <format>mschap</format>
+ <description>Allow MS-CHAP authentication [Microsoft Challenge Handshake Authentication Protocol, Version 1]</description>
+ </valueHelp>
+ <valueHelp>
+ <format>mschap-v2</format>
+ <description>Allow MS-CHAPv2 authentication [Microsoft Challenge Handshake Authentication Protocol, Version 2]</description>
+ </valueHelp>
+ <constraint>
+ <regex>(pap|chap|mschap|mschap-v2)</regex>
+ </constraint>
+ <completionHelp>
+ <list>pap chap mschap mschap-v2</list>
+ </completionHelp>
+ <multi />
+ </properties>
+ </leafNode>
</children>
</node>
<node name="client-ip-pool">
@@ -264,100 +200,8 @@
</leafNode>
</children>
</node>
- <node name="client-ipv6-pool">
- <properties>
- <help>Pool of client IPv6 addresses</help>
- </properties>
- <children>
- <leafNode name="prefix">
- <properties>
- <help>Format: ipv6prefix/mask,prefix_len (e.g.: fc00:0:1::/48,64 - divides prefix into /64 subnets for clients)</help>
- <multi />
- </properties>
- </leafNode>
- <leafNode name="delegate-prefix">
- <properties>
- <help>Format: ipv6prefix/mask,prefix_len (delegate to clients through DHCPv6 prefix delegation - rfc3633)</help>
- <multi />
- </properties>
- </leafNode>
- </children>
- </node>
- <node name="dns-servers">
- <properties>
- <help>IPv4 Domain Name Service (DNS) server</help>
- </properties>
- <children>
- <leafNode name="server-1">
- <properties>
- <help>Primary DNS server</help>
- <valueHelp>
- <format>ipv4</format>
- <description>IPv4 address</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="server-2">
- <properties>
- <help>Secondary DNS server</help>
- <valueHelp>
- <format>ipv4</format>
- <description>IPv4 address</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- </constraint>
- </properties>
- </leafNode>
- </children>
- </node>
- <node name="dnsv6-servers">
- <properties>
- <help>IPv6 Domain Name Service (DNS) server</help>
- </properties>
- <children>
- <leafNode name="server-1">
- <properties>
- <valueHelp>
- <format>ipv6</format>
- <description>IPv6 address</description>
- </valueHelp>
- <help>Primary DNS server</help>
- <constraint>
- <validator name="ipv6-address"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="server-2">
- <properties>
- <valueHelp>
- <format>ipv6</format>
- <description>IPv6 address</description>
- </valueHelp>
- <help>Secondary DNS server</help>
- <constraint>
- <validator name="ipv6-address"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="server-3">
- <properties>
- <valueHelp>
- <format>ipv6</format>
- <description>IPv6 address</description>
- </valueHelp>
- <help>Tertiary DNS server</help>
- <constraint>
- <validator name="ipv6-address"/>
- </constraint>
- </properties>
- </leafNode>
- </children>
- </node>
-
+ #include <include/accel-client-ipv6-pool.xml.in>
+ #include <include/accel-name-server.xml.in>
<tagNode name="interface">
<properties>
<help>interface(s) to listen on</help>
@@ -439,29 +283,7 @@
<multi/>
</properties>
</leafNode>
- <node name="wins-servers">
- <properties>
- <help>Windows Internet Name Service (WINS) server settings</help>
- </properties>
- <children>
- <leafNode name="server-1">
- <properties>
- <help>Primary WINS server</help>
- <constraint>
- <validator name="ipv4-address"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="server-2">
- <properties>
- <help>Secondary WINS server</help>
- <constraint>
- <validator name="ipv4-address"/>
- </constraint>
- </properties>
- </leafNode>
- </children>
- </node>
+ #include <include/accel-wins-server.xml.i>
<node name="ppp-options">
<properties>
<help>Advanced protocol options</help>
diff --git a/interface-definitions/service-router-advert.xml.in b/interface-definitions/service_router-advert.xml.in
index bd63b15a3..6a4706ab7 100644
--- a/interface-definitions/service-router-advert.xml.in
+++ b/interface-definitions/service_router-advert.xml.in
@@ -2,7 +2,7 @@
<interfaceDefinition>
<node name="service">
<children>
- <node name="router-advert" owner="${vyos_conf_scripts_dir}/service-router-advert.py">
+ <node name="router-advert" owner="${vyos_conf_scripts_dir}/service_router-advert.py">
<properties>
<help>IPv6 Router Advertisements (RAs) service</help>
<priority>900</priority>
diff --git a/interface-definitions/system-login.xml.in b/interface-definitions/system-login.xml.in
index 2499a192c..053b6babd 100644
--- a/interface-definitions/system-login.xml.in
+++ b/interface-definitions/system-login.xml.in
@@ -130,6 +130,7 @@
</leafNode>
</children>
</tagNode>
+ #include <include/interface-vrf.xml.i>
</children>
</node>
</children>
diff --git a/interface-definitions/vpn-l2tp.xml.in b/interface-definitions/vpn_l2tp.xml.in
index d4286a810..702ef8b5a 100644
--- a/interface-definitions/vpn-l2tp.xml.in
+++ b/interface-definitions/vpn_l2tp.xml.in
@@ -36,24 +36,7 @@
</constraint>
</properties>
</leafNode>
- <leafNode name="name-server">
- <properties>
- <help>Domain Name Server (DNS) propagated to client</help>
- <valueHelp>
- <format>ipv4</format>
- <description>Domain Name Server (DNS) IPv4 address</description>
- </valueHelp>
- <valueHelp>
- <format>ipv6</format>
- <description>Domain Name Server (DNS) IPv6 address</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- <validator name="ipv6-address"/>
- </constraint>
- <multi/>
- </properties>
- </leafNode>
+ #include <include/accel-name-server.xml.in>
<node name="lns">
<properties>
<help>L2TP Network Server (LNS)</help>
@@ -182,19 +165,7 @@
</leafNode>
</children>
</node>
- <leafNode name="wins-server">
- <properties>
- <help>Windows Internet Name Service (WINS) servers propagated to client</help>
- <valueHelp>
- <format>ipv4</format>
- <description>Domain Name Server (DNS) IPv4 address</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- </constraint>
- <multi/>
- </properties>
- </leafNode>
+ #include <include/accel-wins-server.xml.i>
<node name="client-ip-pool">
<properties>
<help>Pool of client IP addresses (must be within a /24)</help>
@@ -232,65 +203,7 @@
</leafNode>
</children>
</node>
- <node name="client-ipv6-pool">
- <properties>
- <help>Pool of client IPv6 addresses</help>
- </properties>
- <children>
- <tagNode name="prefix">
- <properties>
- <help>Pool of addresses used to assign to clients</help>
- <valueHelp>
- <format>ipv6net</format>
- <description>IPv6 address and prefix length</description>
- </valueHelp>
- <constraint>
- <validator name="ipv6-prefix"/>
- </constraint>
- </properties>
- <children>
- <leafNode name="mask">
- <properties>
- <help>Prefix length used for individual client</help>
- <valueHelp>
- <format>&lt;48-128&gt;</format>
- <description>Client prefix length (default: 64)</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 48-128"/>
- </constraint>
- </properties>
- </leafNode>
- </children>
- </tagNode>
- <tagNode name="delegate">
- <properties>
- <help>Subnet used to delegate prefix through DHCPv6-PD (RFC3633)</help>
- <valueHelp>
- <format>ipv6net</format>
- <description>IPv6 address and prefix length</description>
- </valueHelp>
- <constraint>
- <validator name="ipv6-prefix"/>
- </constraint>
- </properties>
- <children>
- <leafNode name="delegation-prefix">
- <properties>
- <help>Prefix length delegated to client</help>
- <valueHelp>
- <format>&lt;32-64&gt;</format>
- <description>Delegated prefix length</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 32-64"/>
- </constraint>
- </properties>
- </leafNode>
- </children>
- </tagNode>
- </children>
- </node>
+ #include <include/accel-client-ipv6-pool.xml.in>
<leafNode name="description">
<properties>
<help>Description for L2TP remote-access settings</help>
@@ -369,25 +282,7 @@
</completionHelp>
</properties>
</leafNode>
- <leafNode name="mode">
- <properties>
- <help>Authentication mode for remote access L2TP VPN</help>
- <valueHelp>
- <format>local</format>
- <description>Use local username/password configuration</description>
- </valueHelp>
- <valueHelp>
- <format>radius</format>
- <description>Use a RADIUS server to autenticate users</description>
- </valueHelp>
- <constraint>
- <regex>(local|radius)</regex>
- </constraint>
- <completionHelp>
- <list>local radius</list>
- </completionHelp>
- </properties>
- </leafNode>
+ #include <include/accel-auth-mode.xml.i>
<node name="local-users">
<properties>
<help>Local user authentication for remote access L2TP VPN</help>
diff --git a/interface-definitions/vpn-pptp.xml.in b/interface-definitions/vpn_pptp.xml.in
index 9636c3b39..032455b4d 100644
--- a/interface-definitions/vpn-pptp.xml.in
+++ b/interface-definitions/vpn_pptp.xml.in
@@ -2,7 +2,7 @@
<interfaceDefinition>
<node name="vpn">
<children>
- <node name="pptp" owner="${vyos_conf_scripts_dir}/vpn-pptp.py">
+ <node name="pptp" owner="${vyos_conf_scripts_dir}/vpn_pptp.py">
<properties>
<help>Point to Point Tunneling Protocol (PPTP) Virtual Private Network (VPN)</help>
</properties>
@@ -28,60 +28,20 @@
</constraint>
</properties>
</leafNode>
- <node name="dns-servers">
+ <leafNode name="name-server">
<properties>
- <help>IPv4 Domain Name Service (DNS) server</help>
- </properties>
- <children>
- <leafNode name="server-1">
- <properties>
- <help>Primary DNS server</help>
- <valueHelp>
- <format>ipv4</format>
- <description>IPv4 address</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="server-2">
- <properties>
- <help>Secondary DNS server</help>
- <valueHelp>
- <format>ipv4</format>
- <description>IPv4 address</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- </constraint>
- </properties>
- </leafNode>
- </children>
- </node>
- <node name="wins-servers">
- <properties>
- <help>Windows Internet Name Service (WINS) server settings</help>
+ <help>Domain Name Server (DNS) propagated to client</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>Domain Name Server (DNS) IPv4 address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ <multi/>
</properties>
- <children>
- <leafNode name="server-1">
- <properties>
- <help>Primary WINS server</help>
- <constraint>
- <validator name="ipv4-address"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="server-2">
- <properties>
- <help>Secondary WINS server</help>
- <constraint>
- <validator name="ipv4-address"/>
- </constraint>
- </properties>
- </leafNode>
- </children>
- </node>
+ </leafNode>
+ #include <include/accel-wins-server.xml.i>
<node name="client-ip-pool">
<properties>
<help>Pool of client IP addresses (must be within a /24)</help>
@@ -162,25 +122,7 @@
</completionHelp>
</properties>
</leafNode>
- <leafNode name="mode">
- <properties>
- <help>Authentication mode for remote access PPTP VPN</help>
- <valueHelp>
- <format>local</format>
- <description>Use local username/password configuration</description>
- </valueHelp>
- <valueHelp>
- <format>radius</format>
- <description>Use a RADIUS server to autenticate users</description>
- </valueHelp>
- <constraint>
- <regex>(local|radius)</regex>
- </constraint>
- <completionHelp>
- <list>local radius</list>
- </completionHelp>
- </properties>
- </leafNode>
+ #include <include/accel-auth-mode.xml.i>
<node name="local-users">
<properties>
<help>Local user authentication for remote access PPTP VPN</help>
@@ -210,39 +152,8 @@
</tagNode>
</children>
</node>
- <node name="radius">
- <properties>
- <help>RADIUS specific configuration</help>
- </properties>
- <children>
- <tagNode name="server">
- <properties>
- <help>IP address of radius server</help>
- <valueHelp>
- <format>ipv4</format>
- <description>IP address of RADIUS server</description>
- </valueHelp>
- </properties>
- <children>
- <leafNode name="key">
- <properties>
- <help>Key for accessing the specified server</help>
- </properties>
- </leafNode>
- <leafNode name="req-limit">
- <properties>
- <help>Maximum number of simultaneous requests to server (default: unlimited)</help>
- </properties>
- </leafNode>
- <leafNode name="fail-time">
- <properties>
- <help>If server does not responds mark it as unavailable for this time (seconds)</help>
- </properties>
- </leafNode>
- </children>
- </tagNode>
- </children>
- </node>
+ #include <include/radius-server.xml.i>
+ #include <include/accel-radius-additions.xml.in>
</children>
</node>
</children>
diff --git a/interface-definitions/vpn-sstp.xml.in b/interface-definitions/vpn_sstp.xml.in
index b026417b3..7e4471015 100644
--- a/interface-definitions/vpn-sstp.xml.in
+++ b/interface-definitions/vpn_sstp.xml.in
@@ -66,25 +66,7 @@
</tagNode>
</children>
</node>
- <leafNode name="mode">
- <properties>
- <help>Authentication mode for SSTP Server</help>
- <valueHelp>
- <format>local</format>
- <description>Use local username/password configuration</description>
- </valueHelp>
- <valueHelp>
- <format>radius</format>
- <description>Use a RADIUS server to autenticate users</description>
- </valueHelp>
- <constraint>
- <regex>(local|radius)</regex>
- </constraint>
- <completionHelp>
- <list>local radius</list>
- </completionHelp>
- </properties>
- </leafNode>
+ #include <include/accel-auth-mode.xml.i>
<leafNode name="protocols">
<properties>
<help>Authentication protocol for remote access peer SSTP VPN</help>
@@ -114,117 +96,9 @@
</properties>
</leafNode>
#include <include/radius-server.xml.i>
+ #include <include/accel-radius-additions.xml.in>
<node name="radius">
<children>
- <tagNode name="server">
- <children>
- <leafNode name="fail-time">
- <properties>
- <help>Mark server unavailable for &lt;n&gt; seconds on failure</help>
- <valueHelp>
- <format>0-600</format>
- <description>Fail time penalty</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 0-600"/>
- </constraint>
- <constraintErrorMessage>Fail time must be between 0 and 600 seconds</constraintErrorMessage>
- </properties>
- </leafNode>
- </children>
- </tagNode>
- <leafNode name="timeout">
- <properties>
- <help>Timeout in seconds to wait response from RADIUS server</help>
- <valueHelp>
- <format>1-60</format>
- <description>Timeout in seconds</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-60"/>
- </constraint>
- <constraintErrorMessage>Timeout must be between 1 and 60 seconds</constraintErrorMessage>
- </properties>
- </leafNode>
- <leafNode name="acct-timeout">
- <properties>
- <help>Timeout for Interim-Update packets, terminate session afterwards (default 3 seconds)</help>
- <valueHelp>
- <format>0-60</format>
- <description>Timeout in seconds, 0 to keep active</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 0-60"/>
- </constraint>
- <constraintErrorMessage>Timeout must be between 0 and 60 seconds</constraintErrorMessage>
- </properties>
- </leafNode>
- <leafNode name="max-try">
- <properties>
- <help>Number of tries to send Access-Request/Accounting-Request queries</help>
- <valueHelp>
- <format>1-20</format>
- <description>Maximum tries</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-20"/>
- </constraint>
- <constraintErrorMessage>Maximum tries must be between 1 and 20</constraintErrorMessage>
- </properties>
- </leafNode>
- <leafNode name="nas-identifier">
- <properties>
- <help>NAS-Identifier attribute sent to RADIUS</help>
- </properties>
- </leafNode>
- <leafNode name="nas-ip-address">
- <properties>
- <help>NAS-IP-Address attribute sent to RADIUS</help>
- <constraint>
- <validator name="ipv4-address"/>
- </constraint>
- <valueHelp>
- <format>ipv4</format>
- <description>NAS-IP-Address attribute</description>
- </valueHelp>
- </properties>
- </leafNode>
- <node name="dynamic-author">
- <properties>
- <help>Dynamic Authorization Extension/Change of Authorization server</help>
- </properties>
- <children>
- <leafNode name="server">
- <properties>
- <help>IP address for Dynamic Authorization Extension server (DM/CoA)</help>
- <constraint>
- <validator name="ipv4-address"/>
- </constraint>
- <valueHelp>
- <format>ipv4</format>
- <description>IPv4 address for aynamic authorization server</description>
- </valueHelp>
- </properties>
- </leafNode>
- <leafNode name="port">
- <properties>
- <help>Port for Dynamic Authorization Extension server (DM/CoA)</help>
- <valueHelp>
- <format>number</format>
- <description>TCP port</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-65535"/>
- </constraint>
- </properties>
- </leafNode>
- <leafNode name="key">
- <properties>
- <help>Shared secret for Dynamic Authorization Extension server</help>
- </properties>
- </leafNode>
- </children>
- </node>
<node name="rate-limit">
<properties>
<help>Upload/Download speed limits</help>
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-21 21:55:06 +0000