From abcd7026efd8cbeb1c4db828788eda9a6dd2be41 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 18 Apr 2020 12:01:44 +0200 Subject: vpn: l2tp: pptp: sstp: rename files to common pattern --- interface-definitions/vpn_l2tp.xml.in | 562 ++++++++++++++++++++++++++++++++++ 1 file changed, 562 insertions(+) create mode 100644 interface-definitions/vpn_l2tp.xml.in (limited to 'interface-definitions/vpn_l2tp.xml.in') diff --git a/interface-definitions/vpn_l2tp.xml.in b/interface-definitions/vpn_l2tp.xml.in new file mode 100644 index 000000000..d4286a810 --- /dev/null +++ b/interface-definitions/vpn_l2tp.xml.in @@ -0,0 +1,562 @@ + + + + + + + L2TP Virtual Private Network (VPN) + + + + + Remote access L2TP VPN + + + + + Maximum Transmission Unit (MTU) + + + + + + + + External IP address to which VPN clients will connect + + + + + + + + Gatway address uses as client tunnel termination point + + + + + + + + Domain Name Server (DNS) propagated to client + + ipv4 + Domain Name Server (DNS) IPv4 address + + + ipv6 + Domain Name Server (DNS) IPv6 address + + + + + + + + + + + L2TP Network Server (LNS) + + + + + Tunnel password used to authenticate the client (LAC) + + + + + + + Disable Compression Control Protocol (CCP) + + + + + + Internet Protocol Security (IPsec) for remote access L2TP VPN + + + + + IPsec authentication settings + + + + + Authentication mode for IPsec + + pre-shared-secret + Use pre-shared secret for IPsec authentication + + + x509 + Use X.509 certificate for IPsec authentication + + + (pre-shared-secret|x509) + + + pre-shared-secret x509 + + + + + + Pre-shared secret for IPsec + + + + + X.509 certificate + + + + + File containing the X.509 certificate for the Certificate Authority (CA) + + <text> + File in /config/auth + + + + + + File containing the X.509 Certificate Revocation List (CRL) + + <text> + File in /config/auth + + + + + + File containing the X.509 certificate for the remote access VPN server (this host) + + <text> + File in /config/auth + + + + + + File containing the private key for the X.509 certificate for the remote access VPN server (this host) + + <text> + File in /config/auth + + + + + + Password that protects the private key + + + + + + + + + IKE lifetime + + <30-86400> + IKE lifetime in seconds (default 3600) + + + + + + + + + ESP lifetime + + <30-86400> + IKE lifetime in seconds (default 3600) + + + + + + + + + + + Windows Internet Name Service (WINS) servers propagated to client + + ipv4 + Domain Name Server (DNS) IPv4 address + + + + + + + + + + Pool of client IP addresses (must be within a /24) + + + + + First IP address in the pool (will be used as gateway address) + + + + + + + + Last IP address in the pool + + + + + + + + Client IP subnet (CIDR notation) + + + + Not a valid CIDR formatted prefix + + ipv4net + IPv4 subnet address + + + + + + + + + Pool of client IPv6 addresses + + + + + Pool of addresses used to assign to clients + + ipv6net + IPv6 address and prefix length + + + + + + + + + Prefix length used for individual client + + <48-128> + Client prefix length (default: 64) + + + + + + + + + + + Subnet used to delegate prefix through DHCPv6-PD (RFC3633) + + ipv6net + IPv6 address and prefix length + + + + + + + + + Prefix length delegated to client + + <32-64> + Delegated prefix length + + + + + + + + + + + + + Description for L2TP remote-access settings + + + + + DHCP interface to listen on + + + + + PPP idle timeout + + <30-86400> + PPP idle timeout in seconds (default 1800) + + + + + + + + + Authentication for remote access L2TP VPN + + + + + Authentication protocol for remote access peer L2TP VPN + + pap + Require the peer to authenticate itself using PAP [Password Authentication Protocol]. + + + chap + Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol]. + + + mschap + Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol]. + + + mschap-v2 + Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge Handshake Authentication Protocol, Version 2]. + + + (pap|chap|mschap|mschap-v2) + + + pap chap mschap mschap-v2 + + + + + + + Specifies mppe negotioation preference. (default require mppe 128-bit stateless + + deny + deny mppe + + + prefer + Ask client for mppe, if it rejects do not fail + + + require + ask client for mppe, if it rejects drop connection + + + (deny|prefer|require) + + + deny prefer require + + + + + + Authentication mode for remote access L2TP VPN + + local + Use local username/password configuration + + + radius + Use a RADIUS server to autenticate users + + + (local|radius) + + + local radius + + + + + + Local user authentication for remote access L2TP VPN + + + + + User name for authentication + + + + + Option to disable a L2TP Server user + + + + + + Password for authentication + + + + + Static client IP address + + + + + Upload/Download speed limits + + + + + Upload bandwidth limit in kbits/sec + + + + + + + + Download bandwidth limit in kbits/sec + + + + + + + + + + + + #include + + + + + + + Mark server unavailable for <n> seconds on failure + + 0-600 + Fail time penalty + + + + + Fail time must be between 0 and 600 seconds + + + + + + + Timeout to wait response from server (seconds) + + + + + Timeout to wait reply for Interim-Update packets. (default 3 seconds) + + + + + Maximum number of tries to send Access-Request/Accounting-Request queries + + + + + Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests. + + + + + IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA) + + + + + IP address for Dynamic Authorization Extension server (DM/CoA) + + + + + Port for Dynamic Authorization Extension server (DM/CoA) + + + + + Secret for Dynamic Authorization Extension server (DM/CoA) + + + + + + + Upload/Download speed limits + + + + + Specifies which radius attribute contains rate information. (default is Filter-Id) + + + + + Specifies the vendor dictionary. (dictionary needs to be in /usr/share/accel-ppp/radius) + + + + + Enables Bandwidth shaping via RADIUS + + + + + + + + + + + + Advanced protocol options + + + + + LCP echo-requests/sec + + + + + + + + Maximum number of Echo-Requests may be sent without valid reply + + + + + + + + + + + + + + -- cgit v1.2.3