From c9eaafd9f808aba8d29be73054e11d37577e539a Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Sat, 30 Dec 2023 23:25:20 +0100
Subject: T5474: establish common file name pattern for XML conf mode commands

We will use _ as CLI level divider. The XML definition filename and also
the Python helper should match the CLI node.

Example:
set interfaces ethernet -> interfaces_ethernet.xml.in
set interfaces bond -> interfaces_bond.xml.in
set service dhcp-server -> service_dhcp-server-xml.in

(cherry picked from commit 4ef110fd2c501b718344c72d495ad7e16d2bd465)
---
 interface-definitions/vpn_l2tp.xml.in | 255 ++++++++++++++++++++++++++++++++++
 1 file changed, 255 insertions(+)
 create mode 100644 interface-definitions/vpn_l2tp.xml.in

(limited to 'interface-definitions/vpn_l2tp.xml.in')

diff --git a/interface-definitions/vpn_l2tp.xml.in b/interface-definitions/vpn_l2tp.xml.in
new file mode 100644
index 000000000..7980cfdf5
--- /dev/null
+++ b/interface-definitions/vpn_l2tp.xml.in
@@ -0,0 +1,255 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="vpn">
+    <children>
+      <node name="l2tp" owner="${vyos_conf_scripts_dir}/vpn_l2tp.py">
+        <properties>
+          <help>L2TP Virtual Private Network (VPN)</help>
+          <priority>902</priority>
+        </properties>
+        <children>
+          <node name="remote-access">
+            <properties>
+              <help>Remote access L2TP VPN</help>
+            </properties>
+            <children>
+              #include <include/accel-ppp/max-concurrent-sessions.xml.i>
+              #include <include/accel-ppp/mtu-128-16384.xml.i>
+              <leafNode name="outside-address">
+                <properties>
+                  <help>External IP address to which VPN clients will connect</help>
+                  <constraint>
+                    <validator name="ipv4-address"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+              #include <include/accel-ppp/gateway-address.xml.i>
+              #include <include/name-server-ipv4-ipv6.xml.i>
+              <node name="lns">
+                <properties>
+                  <help>L2TP Network Server (LNS)</help>
+                </properties>
+                <children>
+                  <leafNode name="shared-secret">
+                    <properties>
+                      <help>Tunnel password used to authenticate the client (LAC)</help>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="host-name">
+                    <properties>
+                      <help>Sent to the client (LAC) in the Host-Name attribute</help>
+                      <constraint>
+                        #include <include/constraint/host-name.xml.i>
+                      </constraint>
+                      <constraintErrorMessage>Host-name must be alphanumeric and can contain hyphens</constraintErrorMessage>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+              <leafNode name="ccp-disable">
+                <properties>
+                  <help>Disable Compression Control Protocol (CCP)</help>
+                  <valueless />
+                </properties>
+              </leafNode>
+              <node name="ipsec-settings">
+                <properties>
+                  <help>Internet Protocol Security (IPsec) for remote access L2TP VPN</help>
+                </properties>
+                <children>
+                  <node name="authentication">
+                    <properties>
+                      <help>IPsec authentication settings</help>
+                    </properties>
+                    <children>
+                      <leafNode name="mode">
+                        <properties>
+                          <help>Authentication mode for IPsec</help>
+                          <valueHelp>
+                            <format>pre-shared-secret</format>
+                            <description>Use pre-shared secret for IPsec authentication</description>
+                          </valueHelp>
+                          <valueHelp>
+                            <format>x509</format>
+                            <description>Use X.509 certificate for IPsec authentication</description>
+                          </valueHelp>
+                          <constraint>
+                            <regex>(pre-shared-secret|x509)</regex>
+                          </constraint>
+                          <completionHelp>
+                            <list>pre-shared-secret x509</list>
+                          </completionHelp>
+                        </properties>
+                      </leafNode>
+                      #include <include/ipsec/authentication-pre-shared-secret.xml.i>
+                      #include <include/ipsec/authentication-x509.xml.i>
+                    </children>
+                  </node>
+                  <leafNode name="ike-lifetime">
+                    <properties>
+                      <help>IKE lifetime</help>
+                      <valueHelp>
+                        <format>u32:30-86400</format>
+                        <description>IKE lifetime in seconds</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 30-86400"/>
+                      </constraint>
+                    </properties>
+                    <defaultValue>3600</defaultValue>
+                  </leafNode>
+                   <leafNode name="lifetime">
+                    <properties>
+                      <help>ESP lifetime</help>
+                      <valueHelp>
+                        <format>u32:30-86400</format>
+                        <description>IKE lifetime in seconds</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="numeric" argument="--range 30-86400"/>
+                      </constraint>
+                    </properties>
+                    <defaultValue>3600</defaultValue>
+                  </leafNode>
+                  #include <include/ipsec/esp-group.xml.i>
+                  #include <include/ipsec/ike-group.xml.i>
+                </children>
+              </node>
+              #include <include/accel-ppp/wins-server.xml.i>
+              #include <include/accel-ppp/client-ip-pool.xml.i>
+              #include <include/accel-ppp/client-ipv6-pool.xml.i>
+              #include <include/generic-description.xml.i>
+              #include <include/dhcp-interface.xml.i>
+              <leafNode name="idle">
+                <properties>
+                  <help>PPP idle timeout</help>
+                  <valueHelp>
+                    <format>u32:30-86400</format>
+                    <description>PPP idle timeout in seconds</description>
+                  </valueHelp>
+                    <constraint>
+                      <validator name="numeric" argument="--range 30-86400"/>
+                    </constraint>
+                </properties>
+              </leafNode>
+              <node name="authentication">
+                <properties>
+                  <help>Authentication for remote access L2TP VPN</help>
+                </properties>
+                <children>
+                  <leafNode name="require">
+                    <properties>
+                      <help>Authentication protocol for remote access peer L2TP VPN</help>
+                      <valueHelp>
+                        <format>pap</format>
+                        <description>Require the peer to authenticate itself using PAP [Password Authentication Protocol].</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>chap</format>
+                        <description>Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol].</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>mschap</format>
+                        <description>Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol].</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>mschap-v2</format>
+                        <description>Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge Handshake Authentication Protocol, Version 2].</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>(pap|chap|mschap|mschap-v2)</regex>
+                      </constraint>
+                      <completionHelp>
+                        <list>pap chap mschap mschap-v2</list>
+                      </completionHelp>
+                      <multi />
+                    </properties>
+                  </leafNode>
+                  #include <include/accel-ppp/ppp-mppe.xml.i>
+                  #include <include/accel-ppp/auth-mode.xml.i>
+                  #include <include/accel-ppp/auth-local-users.xml.i>
+                  #include <include/radius-auth-server-ipv4.xml.i>
+                  <node name="radius">
+                    <children>
+                      #include <include/accel-ppp/radius-accounting-interim-interval.xml.i>
+                      <tagNode name="server">
+                        <children>
+                          #include <include/accel-ppp/radius-additions-disable-accounting.xml.i>
+                          <leafNode name="fail-time">
+                            <properties>
+                              <help>Mark server unavailable for N seconds on failure</help>
+                              <valueHelp>
+                                <format>u32:0-600</format>
+                                <description>Fail time penalty</description>
+                              </valueHelp>
+                              <constraint>
+                                <validator name="numeric" argument="--range 0-600"/>
+                              </constraint>
+                              <constraintErrorMessage>Fail time must be between 0 and 600 seconds</constraintErrorMessage>
+                            </properties>
+                          </leafNode>
+                        </children>
+                      </tagNode>
+                      <leafNode name="timeout">
+                        <properties>
+                          <help>Timeout to wait response from server (seconds)</help>
+                        </properties>
+                      </leafNode>
+                      <leafNode name="acct-timeout">
+                        <properties>
+                          <help>Timeout to wait reply for Interim-Update packets</help>
+                        </properties>
+                      </leafNode>
+                      <leafNode name="max-try">
+                        <properties>
+                          <help>Maximum number of tries to send Access-Request/Accounting-Request queries</help>
+                        </properties>
+                      </leafNode>
+                      #include <include/radius-nas-identifier.xml.i>
+                      #include <include/radius-nas-ip-address.xml.i>
+                      <node name="dae-server">
+                        <properties>
+                          <help>IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA)</help>
+                        </properties>
+                        <children>
+                          <leafNode name="ip-address">
+                            <properties>
+                              <help>IP address for Dynamic Authorization Extension server (DM/CoA)</help>
+                            </properties>
+                          </leafNode>
+                          <leafNode name="port">
+                            <properties>
+                              <help>Port for Dynamic Authorization Extension server (DM/CoA)</help>
+                            </properties>
+                            <defaultValue>1700</defaultValue>
+                          </leafNode>
+                          <leafNode name="secret">
+                            <properties>
+                              <help>Secret for Dynamic Authorization Extension server (DM/CoA)</help>
+                            </properties>
+                          </leafNode>
+                        </children>
+                      </node>
+                      #include <include/accel-ppp/radius-additions-rate-limit.xml.i>
+                    </children>
+                  </node>
+                </children>
+              </node>
+              <node name="ppp-options">
+                <properties>
+                  <help>Advanced protocol options</help>
+                </properties>
+                <children>
+                  #include <include/accel-ppp/lcp-echo-interval-failure.xml.i>
+                  #include <include/accel-ppp/ppp-options-ipv6.xml.i>
+                  #include <include/accel-ppp/ppp-options-ipv6-interface-id.xml.i>
+                </children>
+              </node>
+              #include <include/accel-ppp/default-pool.xml.i>
+            </children>
+          </node>
+        </children>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>
-- 
cgit v1.2.3