From 18859e32c4f282e74ea504a04eee92daa6993d89 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Fri, 10 Apr 2020 15:21:49 +0200
Subject: l2tp: xml: group interface definition into vpn section

---
 interface-definitions/vpn-l2tp.xml.in | 586 ++++++++++++++++++++++++++++++++++
 1 file changed, 586 insertions(+)
 create mode 100644 interface-definitions/vpn-l2tp.xml.in

(limited to 'interface-definitions/vpn-l2tp.xml.in')

diff --git a/interface-definitions/vpn-l2tp.xml.in b/interface-definitions/vpn-l2tp.xml.in
new file mode 100644
index 000000000..7fc844054
--- /dev/null
+++ b/interface-definitions/vpn-l2tp.xml.in
@@ -0,0 +1,586 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="vpn">
+    <children>
+      <node name="l2tp" owner="${vyos_conf_scripts_dir}/accel_l2tp.py">
+        <properties>
+          <help>L2TP Virtual Private Network (VPN)</help>
+        </properties>
+        <children>
+          <node name="remote-access">
+            <properties>
+              <help>Remote access L2TP VPN</help>
+            </properties>
+            <children>
+              <leafNode name="mtu">
+                <properties>
+                  <help>Maximum Transmission Unit (MTU)</help>
+                  <constraint>
+                    <validator name="numeric" argument="--range 128-16384"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="outside-address">
+                <properties>
+                  <help>External IP address to which VPN clients will connect</help>
+                  <constraint>
+                    <validator name="ipv4-address"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="gateway-address">
+                <properties>
+                  <help>Gatway address uses as client tunnel termination point</help>
+                  <constraint>
+                    <validator name="ipv4-address"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <node name="dns-servers">
+                <properties>
+                  <help>IPv4 Domain Name Service (DNS) server</help>
+                </properties>
+                <children>
+                  <leafNode name="server-1">
+                    <properties>
+                      <help>Primary DNS server</help>
+                      <valueHelp>
+                        <format>ipv4</format>
+                        <description>IPv4 address</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="ipv4-address"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="server-2">
+                    <properties>
+                      <help>Secondary DNS server</help>
+                      <valueHelp>
+                        <format>ipv4</format>
+                        <description>IPv4 address</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="ipv4-address"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+              <leafNode name="dnsv6-servers">
+                <properties>
+                  <help>IPv6 Domain Name Service (DNS) server</help>
+                  <valueHelp>
+                  <format>ipv6</format>
+                    <description>IPv6 DNS address</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="ipv6-address"/>
+                  </constraint>
+                  <multi />
+                </properties>
+              </leafNode>
+              <node name="lns">
+                <properties>
+                  <help>L2TP Network Server (LNS)</help>
+                </properties>
+                <children>
+                  <leafNode name="shared-secret">
+                    <properties>
+                      <help>Tunnel password used to authenticate the client (LAC)</help>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+              <leafNode name="ccp-disable">
+                <properties>
+                  <help>Disable Compression Control Protocol (CCP)</help>
+                  <valueless />
+                </properties>
+              </leafNode>
+              <node name="ipsec-settings">
+                <properties>
+                  <help>Internet Protocol Security (IPsec) for remote access L2TP VPN</help>
+                </properties>
+                <children>
+                  <node name="authentication">
+                    <properties>
+                      <help>IPsec authentication settings</help>
+                    </properties>
+                    <children>
+                      <leafNode name="mode">
+                        <properties>
+                          <help>Authentication mode for IPsec</help>
+                          <valueHelp>
+                            <format>pre-shared-secret</format>
+                            <description>Use pre-shared secret for IPsec authentication</description>
+                          </valueHelp>
+                          <valueHelp>
+                            <format>x509</format>
+                            <description>Use X.509 certificate for IPsec authentication</description>
+                          </valueHelp>
+                          <constraint>
+                            <regex>(pre-shared-secret|x509)</regex>
+                          </constraint>
+                          <completionHelp>
+                            <list>pre-shared-secret x509</list>
+                          </completionHelp>
+                        </properties>
+                      </leafNode>
+                      <leafNode name="pre-shared-secret">
+                        <properties>
+                          <help>Pre-shared secret for IPsec</help>
+                        </properties>
+                      </leafNode>
+                      <node name="x509">
+                        <properties>
+                          <help>X.509 certificate</help>
+                        </properties>
+                        <children>
+                          <leafNode name="ca-cert-file">
+                            <properties>
+                              <help>File containing the X.509 certificate for the Certificate Authority (CA)</help>
+                              <valueHelp>
+                                <format>&lt;text&gt;</format>
+                                <description>File in /config/auth</description>
+                              </valueHelp>
+                            </properties>
+                          </leafNode>
+                          <leafNode name="crl-file">
+                            <properties>
+                              <help>File containing the X.509 Certificate Revocation List (CRL)</help>
+                              <valueHelp>
+                                <format>&lt;text&gt;</format>
+                                <description>File in /config/auth</description>
+                              </valueHelp>
+                            </properties>
+                          </leafNode>
+                          <leafNode name="server-cert-file">
+                            <properties>
+                              <help>File containing the X.509 certificate for the remote access VPN server (this host)</help>
+                              <valueHelp>
+                                <format>&lt;text&gt;</format>
+                                <description>File in /config/auth</description>
+                              </valueHelp>
+                            </properties>
+                          </leafNode>
+                          <leafNode name="server-key-file">
+                            <properties>
+                              <help>File containing the private key for the X.509 certificate for the remote access VPN server (this host)</help>
+                              <valueHelp>
+                                <format>&lt;text&gt;</format>
+                                <description>File in /config/auth</description>
+                              </valueHelp>
+                            </properties>
+                          </leafNode>
+                          <leafNode name="server-key-password">
+                            <properties>
+                              <help>Password that protects the private key</help>
+                            </properties>
+                          </leafNode>
+                        </children>
+                      </node>
+                    </children>
+                  </node>
+                  <leafNode name="ike-lifetime">
+                    <properties>
+                      <help>IKE lifetime</help>
+                      <valueHelp>
+                        <format>&lt;30-86400&gt;</format>
+                        <description>IKE lifetime in seconds (default 3600)</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 30-86400"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                   <leafNode name="lifetime">
+                    <properties>
+                      <help>ESP lifetime</help>
+                      <valueHelp>
+                        <format>&lt;30-86400&gt;</format>
+                        <description>IKE lifetime in seconds (default 3600)</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 30-86400"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+              <node name="wins-servers">
+                <properties>
+                  <help>Windows Internet Name Service (WINS) server settings</help>
+                </properties>
+                <children>
+                  <leafNode name="server-1">
+                    <properties>
+                      <help>Primary WINS server</help>
+                      <constraint>
+                        <validator name="ipv4-address"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="server-2">
+                    <properties>
+                      <help>Secondary WINS server</help>
+                    <constraint>
+                      <validator name="ipv4-address"/>
+                    </constraint>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+              <node name="client-ip-pool">
+                <properties>
+                  <help>Pool of client IP addresses (must be within a /24)</help>
+                </properties>
+                <children>
+                  <leafNode name="start">
+                    <properties>
+                      <help>First IP address in the pool (will be used as gateway address)</help>
+                      <constraint>
+                        <validator name="ipv4-address"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="stop">
+                    <properties>
+                      <help>Last IP address in the pool</help>
+                      <constraint>
+                        <validator name="ipv4-address"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="subnet">
+                    <properties>
+                      <help>Client IP subnet (CIDR notation)</help>
+                      <constraint>
+                        <validator name="ipv4-prefix"/>
+                      </constraint>
+                      <constraintErrorMessage>Not a valid CIDR formatted prefix</constraintErrorMessage>
+                      <valueHelp>
+                        <format>ipv4net</format>
+                        <description>IPv4 subnet address</description>
+                      </valueHelp>
+                      <multi />
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+              <node name="client-ipv6-pool">
+                <properties>
+                  <help>Pool of client IPv6 addresses</help>
+                </properties>
+                <children>
+                  <leafNode name="prefix">
+                    <properties>
+                      <help>IPV6 prefix delegation</help>
+                      <valueHelp>
+                        <format>ipv6prefix/mask,prefix_len</format>
+                        <description>e.g.: fc00:0:1::/48,64 - divides prefix into /64 subnets for clients</description>
+                      </valueHelp>
+                      <multi />
+                    </properties>
+                  </leafNode>
+                  <leafNode name="delegate-prefix">
+                    <properties>
+                      <help>DHCPv6 prefix delegation - rfc3633</help>
+                      <valueHelp>
+                        <format>ipv6prefix/mask,prefix_len</format>
+                        <description>Delegate to clients through DHCPv6 prefix delegation - rfc3633</description>
+                      </valueHelp>
+                      <multi />
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+              <leafNode name="description">
+                <properties>
+                  <help>Description for L2TP remote-access settings</help>
+                </properties>
+              </leafNode>
+              <leafNode name="dhcp-interface">
+                <properties>
+                  <help>DHCP interface to listen on</help>
+                </properties>
+              </leafNode>
+              <leafNode name="idle">
+                <properties>
+                  <help>PPP idle timeout</help>
+                  <valueHelp>
+                    <format>&lt;30-86400&gt;</format>
+                    <description>PPP idle timeout in seconds (default 1800)</description>
+                  </valueHelp>
+                    <constraint>
+                      <validator name="numeric" argument="--range 30-86400"/>
+                    </constraint>
+                </properties>
+              </leafNode>
+              <node name="authentication">
+                <properties>
+                  <help>Authentication for remote access L2TP VPN</help>
+                </properties>
+                <children>
+                  <leafNode name="require">
+                    <properties>
+                      <help>Authentication protocol for remote access peer L2TP VPN</help>
+                      <valueHelp>
+                        <format>pap</format>
+                        <description>Require the peer to authenticate itself using PAP [Password Authentication Protocol].</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>chap</format>
+                        <description>Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol].</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>mschap</format>
+                        <description>Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol].</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>mschap-v2</format>
+                        <description>Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge Handshake Authentication Protocol, Version 2].</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>(pap|chap|mschap|mschap-v2)</regex>
+                      </constraint>
+                      <completionHelp>
+                        <list>pap chap mschap mschap-v2</list>
+                      </completionHelp>
+                      <multi />
+                    </properties>
+                  </leafNode>
+                  <leafNode name="mppe">
+                    <properties>
+                      <help>Specifies mppe negotioation preference. (default require mppe 128-bit stateless</help>
+                      <valueHelp>
+                        <format>deny</format>
+                        <description>deny mppe</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>prefer</format>
+                        <description>Ask client for mppe, if it rejects do not fail</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>require</format>
+                        <description>ask client for mppe, if it rejects drop connection</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>(deny|prefer|require)</regex>
+                      </constraint>
+                      <completionHelp>
+                        <list>deny prefer require</list>
+                      </completionHelp>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="mode">
+                    <properties>
+                      <help>Authentication mode for remote access L2TP VPN</help>
+                      <valueHelp>
+                        <format>local</format>
+                        <description>Use local username/password configuration</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>radius</format>
+                        <description>Use a RADIUS server to autenticate users</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>(local|radius)</regex>
+                      </constraint>
+                      <completionHelp>
+                        <list>local radius</list>
+                      </completionHelp>
+                    </properties>
+                  </leafNode>
+                  <node name="local-users">
+                    <properties>
+                      <help>Local user authentication for remote access L2TP VPN</help>
+                    </properties>
+                    <children>
+                      <tagNode name="username">
+                        <properties>
+                          <help>User name for authentication</help>
+                        </properties>
+                        <children>
+                          <leafNode name="disable">
+                            <properties>
+                              <help>Option to disable a L2TP Server user</help>
+                              <valueless/>
+                            </properties>
+                          </leafNode>
+                          <leafNode name="password">
+                            <properties>
+                              <help>Password for authentication</help>
+                            </properties>
+                          </leafNode>
+                          <leafNode name="static-ip">
+                            <properties>
+                              <help>Static client IP address</help>
+                            </properties>
+                          </leafNode>
+                          <node name="rate-limit">
+                            <properties>
+                              <help>Upload/Download speed limits</help>
+                            </properties>
+                            <children>
+                              <leafNode name="upload">
+                                <properties>
+                                  <help>Upload bandwidth limit in kbits/sec</help>
+                                  <constraint>
+                                    <validator name="numeric" argument="--range 1-65535"/>
+                                  </constraint>
+                                </properties>
+                              </leafNode>
+                              <leafNode name="download">
+                                <properties>
+                                  <help>Download bandwidth limit in kbits/sec</help>
+                                  <constraint>
+                                    <validator name="numeric" argument="--range 1-65535"/>
+                                  </constraint>
+                                </properties>
+                              </leafNode>
+                            </children>
+                          </node>
+                        </children>
+                      </tagNode>
+                    </children>
+                  </node>
+                  <node name="radius">
+                    <properties>
+                      <help>RADIUS specific configuration</help>
+                    </properties>
+                    <children>
+                      <tagNode name="server">
+                        <properties>
+                          <help>IP address of RADIUS server</help>
+                          <valueHelp>
+                            <format>ipv4</format>
+                            <description>IPv4 address of RADIUS server</description>
+                          </valueHelp>
+                        </properties>
+                        <children>
+                          <leafNode name="key">
+                            <properties>
+                              <help>Key for accessing the specified server</help>
+                            </properties>
+                          </leafNode>
+                          <leafNode name="req-limit">
+                            <properties>
+                              <help>Maximum number of simultaneous requests to server (default: unlimited)</help>
+                            </properties>
+                          </leafNode>
+                          <leafNode name="fail-time">
+                            <properties>
+                              <help>If server doesn not responds mark it unavailable for this time (seconds)</help>
+                            </properties>
+                          </leafNode>
+                        </children>
+                      </tagNode>
+                      <leafNode name="source-address">
+                        <properties>
+                          <help>Local RADIUS client address from which packets are sent.</help>
+                          <valueHelp>
+                            <format>&lt;x.x.x.x&gt;</format>
+                            <description>Local RADIUS client address from which packets are sent</description>
+                          </valueHelp>
+                        </properties>
+                      </leafNode>
+                      <leafNode name="timeout">
+                        <properties>
+                          <help>Timeout to wait response from server (seconds)</help>
+                        </properties>
+                      </leafNode>
+                      <leafNode name="acct-timeout">
+                        <properties>
+                          <help>Timeout to wait reply for Interim-Update packets. (default 3 seconds)</help>
+                        </properties>
+                      </leafNode>
+                      <leafNode name="max-try">
+                        <properties>
+                          <help>Maximum number of tries to send Access-Request/Accounting-Request queries</help>
+                        </properties>
+                      </leafNode>
+                      <leafNode name="nas-identifier">
+                        <properties>
+                          <help>Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests.</help>
+                        </properties>
+                      </leafNode>
+                      <node name="dae-server">
+                        <properties>
+                          <help>IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA)</help>
+                        </properties>
+                        <children>
+                          <leafNode name="ip-address">
+                            <properties>
+                              <help>IP address for Dynamic Authorization Extension server (DM/CoA)</help>
+                            </properties>
+                          </leafNode>
+                          <leafNode name="port">
+                            <properties>
+                              <help>Port for Dynamic Authorization Extension server (DM/CoA)</help>
+                            </properties>
+                          </leafNode>
+                          <leafNode name="secret">
+                            <properties>
+                              <help>Secret for Dynamic Authorization Extension server (DM/CoA)</help>
+                            </properties>
+                          </leafNode>
+                        </children>
+                      </node>
+                      <node name="rate-limit">
+                        <properties>
+                          <help>Upload/Download speed limits</help>
+                        </properties>
+                        <children>
+                          <leafNode name="attribute">
+                            <properties>
+                              <help>Specifies which radius attribute contains rate information. (default is Filter-Id)</help>
+                            </properties>
+                          </leafNode>
+                          <leafNode name="vendor">
+                            <properties>
+                              <help>Specifies the vendor dictionary. (dictionary needs to be in /usr/share/accel-ppp/radius)</help>
+                            </properties>
+                          </leafNode>
+                          <leafNode name="enable">
+                            <properties>
+                              <help>Enables Bandwidth shaping via RADIUS</help>
+                              <valueless />
+                            </properties>
+                          </leafNode>
+                        </children>
+                      </node>
+                    </children>
+                  </node>
+                </children>
+              </node>
+              <node name="ppp-options">
+                <properties>
+                  <help>Advanced protocol options</help>
+                </properties>
+                <children>
+                  <leafNode name="lcp-echo-interval">
+                    <properties>
+                      <help>LCP echo-requests/sec</help>
+                      <constraint>
+                        <validator name="numeric" argument="--positive"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="lcp-echo-failure">
+                    <properties>
+                      <help>Maximum number of Echo-Requests may be sent without valid reply</help>
+                      <constraint>
+                        <validator name="numeric" argument="--positive"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+            </children>
+          </node>
+        </children>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>
-- 
cgit v1.2.3