From 77dde087219467ce8bfcf64a9f7452ca74d66c0c Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Fri, 20 Mar 2020 16:39:50 +0100
Subject: sstp: T2008: move to vpn node

---
 interface-definitions/sstp.xml.in     | 413 ----------------------------------
 interface-definitions/vpn-sstp.xml.in | 413 ++++++++++++++++++++++++++++++++++
 2 files changed, 413 insertions(+), 413 deletions(-)
 delete mode 100644 interface-definitions/sstp.xml.in
 create mode 100644 interface-definitions/vpn-sstp.xml.in

(limited to 'interface-definitions')

diff --git a/interface-definitions/sstp.xml.in b/interface-definitions/sstp.xml.in
deleted file mode 100644
index 12a956bd9..000000000
--- a/interface-definitions/sstp.xml.in
+++ /dev/null
@@ -1,413 +0,0 @@
-<?xml version="1.0"?>
-<interfaceDefinition>
-  <node name="service">
-    <children>
-      <node name="sstp-server" owner="${vyos_conf_scripts_dir}/accel_sstp.py">
-        <properties>
-          <help>Secure Socket Tunneling Protocol (SSTP) Server</help>
-          <priority>900</priority>
-        </properties>
-        <children>
-          <node name="authentication">
-            <properties>
-              <help>Authentication for remote access SSTP Server</help>
-            </properties>
-            <children>
-              <node name="local-users">
-                <properties>
-                  <help>Local user authentication for SSTP server</help>
-                </properties>
-                <children>
-                  <tagNode name="username">
-                    <properties>
-                      <help>User name for authentication</help>
-                    </properties>
-                    <children>
-                      <leafNode name="disable">
-                        <properties>
-                          <help>Option to disable a SSTP Server user</help>
-                          <valueless />
-                        </properties>
-                      </leafNode>
-                      <leafNode name="password">
-                        <properties>
-                          <help>Password for authentication</help>
-                        </properties>
-                      </leafNode>
-                      <leafNode name="static-ip">
-                        <properties>
-                          <help>Static client IP address</help>
-                        </properties>
-                      </leafNode>
-                      <node name="rate-limit">
-                        <properties>
-                          <help>Upload/Download speed limits</help>
-                        </properties>
-                        <children>
-                          <leafNode name="upload">
-                            <properties>
-                              <help>Upload bandwidth limit in kbits/sec</help>
-                              <constraint>
-                                <validator name="numeric" argument="--range 1-65535"/>
-                              </constraint>
-                            </properties>
-                          </leafNode>
-                          <leafNode name="download">
-                            <properties>
-                              <help>Download bandwidth limit in kbits/sec</help>
-                              <constraint>
-                                <validator name="numeric" argument="--range 1-65535"/>
-                              </constraint>
-                            </properties>
-                          </leafNode>
-                        </children>
-                      </node>
-                    </children>
-                  </tagNode>
-                </children>
-              </node>
-              <leafNode name="mode">
-                <properties>
-                  <help>Authentication mode for SSTP Server</help>
-                  <valueHelp>
-                    <format>local</format>
-                    <description>Use local username/password configuration</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>radius</format>
-                    <description>Use a RADIUS server to autenticate users</description>
-                  </valueHelp>
-                  <constraint>
-                    <regex>(local|radius)</regex>
-                  </constraint>
-                  <completionHelp>
-                    <list>local radius</list>
-                  </completionHelp>
-                </properties>
-              </leafNode>
-              <leafNode name="protocols">
-                <properties>
-                  <help>Authentication protocol for remote access peer SSTP VPN</help>
-                  <completionHelp>
-                    <list>pap chap mschap mschap-v2</list>
-                  </completionHelp>
-                  <valueHelp>
-                    <format>pap</format>
-                    <description>Authentication via PAP (Password Authentication Protocol)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>chap</format>
-                    <description>Authentication via CHAP (Challenge Handshake Authentication Protocol)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>mschap</format>
-                    <description>Authentication via MS-CHAP (Microsoft Challenge Handshake Authentication Protocol)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>mschap-v2</format>
-                    <description>Authentication via MS-CHAPv2 (Microsoft Challenge Handshake Authentication Protocol, version 2)</description>
-                  </valueHelp>
-                  <constraint>
-                    <regex>(pap|chap|mschap|mschap-v2)</regex>
-                  </constraint>
-                    <multi />
-                </properties>
-              </leafNode>
-              <tagNode name="radius-server">
-                <properties>
-                  <help>IP address of RADIUS server</help>
-                  <valueHelp>
-                    <format>ipv4</format>
-                      <description>IP address of RADIUS server</description>
-                  </valueHelp>
-                </properties>
-                <children>
-                  <leafNode name="secret">
-                    <properties>
-                      <help>Key for accessing the specified server</help>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="req-limit">
-                    <properties>
-                      <help>Maximum number of simultaneous requests to server (default: unlimited)</help>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="fail-time">
-                    <properties>
-                      <help>If server does not responds mark it as unavailable for this time (seconds)</help>
-                    </properties>
-                  </leafNode>
-                </children>
-              </tagNode>
-              <node name="radius-settings">
-                <properties>
-                  <help>RADIUS settings</help>
-                </properties>
-                <children>
-                  <leafNode name="timeout">
-                    <properties>
-                      <help>Timeout to wait response from server (seconds)</help>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="acct-timeout">
-                    <properties>
-                      <help>Timeout to wait reply for Interim-Update packets. (default 3 seconds)</help>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="max-try">
-                    <properties>
-                      <help>Maximum number of tries to send Access-Request/Accounting-Request queries</help>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="nas-identifier">
-                    <properties>
-                      <help>Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests.</help>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="nas-ip-address">
-                    <properties>
-                      <help>Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address.</help>
-                       <constraint>
-                        <validator name="ipv4-address"/>
-                      </constraint>
-                      <constraintErrorMessage>invalid IPv4 address</constraintErrorMessage>
-                      <valueHelp>
-                        <format>ipv4</format>
-                        <description>NAS-IP-Address Attribute Value</description>
-                      </valueHelp>
-                    </properties>
-                  </leafNode>
-                  <node name="dae-server">
-                    <properties>
-                      <help>IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA)</help>
-                    </properties>
-                    <children>
-                      <leafNode name="ip-address">
-                        <properties>
-                          <help>IP address for Dynamic Authorization Extension server (DM/CoA)</help>
-                          <constraint>
-                            <validator name="ipv4-address"/>
-                          </constraint>
-                          <constraintErrorMessage>invalid IPv4 address</constraintErrorMessage>
-                          <valueHelp>
-                            <format>ipv4</format>
-                            <description>Specifies IP address for Dynamic Authorization Extension server (DM/CoA)</description>
-                          </valueHelp>
-                        </properties>
-                      </leafNode>
-                      <leafNode name="port">
-                        <properties>
-                          <help>Port for Dynamic Authorization Extension server (DM/CoA)</help>
-                          <valueHelp>
-                            <format>number</format>
-                            <description>TCP port</description>
-                          </valueHelp>
-                          <constraint>
-                            <validator name="numeric" argument="--range 1-65535"/>
-                          </constraint>
-                        </properties>
-                      </leafNode>
-                      <leafNode name="secret">
-                        <properties>
-                          <help>Secret for Dynamic Authorization Extension server (DM/CoA)</help>
-                        </properties>
-                      </leafNode>
-                    </children>
-                  </node>
-                  <node name="rate-limit">
-                    <properties>
-                      <help>Upload/Download speed limits</help>
-                    </properties>
-                    <children>
-                      <leafNode name="attribute">
-                        <properties>
-                          <help>Specifies which radius attribute contains rate information. (default is Filter-Id)</help>
-                        </properties>
-                      </leafNode>
-                      <leafNode name="vendor">
-                        <properties>
-                          <help>Specifies the vendor dictionary. (dictionary needs to be in /usr/share/accel-ppp/radius)</help>
-                        </properties>
-                      </leafNode>
-                      <leafNode name="enable">
-                        <properties>
-                          <help>Enables Bandwidth shaping via RADIUS</help>
-                          <valueless />
-                        </properties>
-                      </leafNode>
-                    </children>
-                  </node>
-                </children>
-              </node>
-            </children>
-          </node>
-          <node name="sstp-settings">
-            <properties>
-              <help>SSTP settings</help>
-            </properties>
-            <children>
-              <node name="ssl-certs">
-                <properties>
-                  <help>SSL Certificate, SSL Key and CA (/config/user-data/sstp)</help>
-                </properties>
-                <children>
-                  <leafNode name="ca">
-                    <properties>
-                      <help>Certificate Authority certificate</help>
-                      <completionHelp>
-                        <script>if [ -e /config/user-data/sstp ]; then ls /config/user-data/sstp; fi</script>
-                      </completionHelp>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="server-cert">
-                    <properties>
-                      <help>Server Certificate</help>
-                      <completionHelp>
-                        <script>if [ -e /config/user-data/sstp ]; then ls /config/user-data/sstp; fi</script>
-                      </completionHelp>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="server-key">
-                    <properties>
-                      <help>Privat Key of the Server Certificate</help>
-                      <completionHelp>
-                        <script>if [ -e /config/user-data/sstp ]; then ls /config/user-data/sstp; fi</script>
-                      </completionHelp>
-                    </properties>
-                  </leafNode>
-                </children>
-              </node>
-            </children>
-          </node>
-          <node name="network-settings">
-            <properties>
-              <help>Network settings</help>
-            </properties>
-            <children>
-              <node name="client-ip-settings">
-                <properties>
-                  <help>Client IP pools and gateway setting</help>
-                </properties>
-                <children>
-                  <leafNode name="subnet">
-                    <properties>
-                      <help>Client IP subnet (CIDR notation)</help>
-                      <valueHelp>
-                        <format>ipv4net</format>
-                        <description>IPv4 address and prefix length</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="ipv4-prefix"/>
-                      </constraint>
-                      <constraintErrorMessage>Not a valid CIDR formatted prefix</constraintErrorMessage>
-                      <multi />
-                    </properties>
-                  </leafNode>
-                  <leafNode name="gateway-address">
-                    <properties>
-                      <help>Gateway IP address</help>
-                      <constraint>
-                        <validator name="ipv4-address"/>
-                      </constraint>
-                      <constraintErrorMessage>invalid IPv4 address</constraintErrorMessage>
-                      <valueHelp>
-                        <format>ipv4</format>
-                        <description>Default Gateway send to the client</description>
-                      </valueHelp>
-                    </properties>
-                  </leafNode>
-                </children>
-              </node>
-              <node name="dns-server">
-                <properties>
-                  <help>DNS servers propagated to clients</help>
-                </properties>
-                <children>
-                  <leafNode name="primary-dns">
-                    <properties>
-                      <help>Primary DNS Server</help>
-                      <valueHelp>
-                        <format>ipv4</format>
-                        <description>IPv4 address</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="ipv4-address"/>
-                      </constraint>
-                    </properties>
-                  </leafNode>
-                  <leafNode name="secondary-dns">
-                    <properties>
-                      <help>Secondary DNS Server</help>
-                      <valueHelp>
-                        <format>ipv4</format>
-                        <description>IPv4 address</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="ipv4-address"/>
-                      </constraint>
-                    </properties>
-                  </leafNode>
-                </children>
-              </node>
-              #include <include/interface-mtu-68-1500.xml.i>
-            </children>
-          </node>
-          <node name="ppp-settings">
-            <properties>
-              <help>PPP (Point-to-Point Protocol) settings</help>
-            </properties>
-            <children>
-              <leafNode name="mppe">
-                <properties>
-                  <help>Specifies mppe negotiation preferences</help>
-                  <completionHelp>
-                    <list>require prefer deny</list>
-                  </completionHelp>
-                  <constraint>
-                    <regex>(^require|prefer|deny)</regex>
-                  </constraint>
-                  <valueHelp>
-                    <format>require</format>
-                    <description>send mppe request, if client rejects, drop the connection</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>prefer</format>
-                    <description>send mppe request, if client rejects continue</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>deny</format>
-                    <description>drop all mppe</description>
-                  </valueHelp>
-                </properties>
-              </leafNode>
-              <leafNode name="lcp-echo-interval">
-                <properties>
-                  <help>LCP echo-requests/sec</help>
-                  <constraint>
-                    <validator name="numeric" argument="--positive"/>
-                  </constraint>
-                </properties>
-              </leafNode>
-              <leafNode name="lcp-echo-failure">
-                <properties>
-                  <help>Maximum number of Echo-Requests may be sent without valid reply</help>
-                  <constraint>
-                    <validator name="numeric" argument="--positive"/>
-                  </constraint>
-                </properties>
-              </leafNode>
-              <leafNode name="lcp-echo-timeout">
-                <properties>
-                  <help>Timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and "lcp-echo-failure" is not used.</help>
-                  <constraint>
-                    <validator name="numeric" argument="--positive"/>
-                  </constraint>
-                </properties>
-              </leafNode>
-            </children>
-          </node>
-      </children>
-    </node>
-  </children>
-</node>
-</interfaceDefinition>
diff --git a/interface-definitions/vpn-sstp.xml.in b/interface-definitions/vpn-sstp.xml.in
new file mode 100644
index 000000000..c7c3c3ea5
--- /dev/null
+++ b/interface-definitions/vpn-sstp.xml.in
@@ -0,0 +1,413 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="vpn">
+    <children>
+      <node name="sstp" owner="${vyos_conf_scripts_dir}/vpn_sstp.py">
+        <properties>
+          <help>Secure Socket Tunneling Protocol (SSTP) server</help>
+          <priority>900</priority>
+        </properties>
+        <children>
+          <node name="authentication">
+            <properties>
+              <help>Authentication for remote access SSTP Server</help>
+            </properties>
+            <children>
+              <node name="local-users">
+                <properties>
+                  <help>Local user authentication for SSTP server</help>
+                </properties>
+                <children>
+                  <tagNode name="username">
+                    <properties>
+                      <help>User name for authentication</help>
+                    </properties>
+                    <children>
+                      <leafNode name="disable">
+                        <properties>
+                          <help>Option to disable a SSTP Server user</help>
+                          <valueless />
+                        </properties>
+                      </leafNode>
+                      <leafNode name="password">
+                        <properties>
+                          <help>Password for authentication</help>
+                        </properties>
+                      </leafNode>
+                      <leafNode name="static-ip">
+                        <properties>
+                          <help>Static client IP address</help>
+                        </properties>
+                      </leafNode>
+                      <node name="rate-limit">
+                        <properties>
+                          <help>Upload/Download speed limits</help>
+                        </properties>
+                        <children>
+                          <leafNode name="upload">
+                            <properties>
+                              <help>Upload bandwidth limit in kbits/sec</help>
+                              <constraint>
+                                <validator name="numeric" argument="--range 1-65535"/>
+                              </constraint>
+                            </properties>
+                          </leafNode>
+                          <leafNode name="download">
+                            <properties>
+                              <help>Download bandwidth limit in kbits/sec</help>
+                              <constraint>
+                                <validator name="numeric" argument="--range 1-65535"/>
+                              </constraint>
+                            </properties>
+                          </leafNode>
+                        </children>
+                      </node>
+                    </children>
+                  </tagNode>
+                </children>
+              </node>
+              <leafNode name="mode">
+                <properties>
+                  <help>Authentication mode for SSTP Server</help>
+                  <valueHelp>
+                    <format>local</format>
+                    <description>Use local username/password configuration</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>radius</format>
+                    <description>Use a RADIUS server to autenticate users</description>
+                  </valueHelp>
+                  <constraint>
+                    <regex>(local|radius)</regex>
+                  </constraint>
+                  <completionHelp>
+                    <list>local radius</list>
+                  </completionHelp>
+                </properties>
+              </leafNode>
+              <leafNode name="protocols">
+                <properties>
+                  <help>Authentication protocol for remote access peer SSTP VPN</help>
+                  <completionHelp>
+                    <list>pap chap mschap mschap-v2</list>
+                  </completionHelp>
+                  <valueHelp>
+                    <format>pap</format>
+                    <description>Authentication via PAP (Password Authentication Protocol)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>chap</format>
+                    <description>Authentication via CHAP (Challenge Handshake Authentication Protocol)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>mschap</format>
+                    <description>Authentication via MS-CHAP (Microsoft Challenge Handshake Authentication Protocol)</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>mschap-v2</format>
+                    <description>Authentication via MS-CHAPv2 (Microsoft Challenge Handshake Authentication Protocol, version 2)</description>
+                  </valueHelp>
+                  <constraint>
+                    <regex>(pap|chap|mschap|mschap-v2)</regex>
+                  </constraint>
+                    <multi />
+                </properties>
+              </leafNode>
+              <tagNode name="radius-server">
+                <properties>
+                  <help>IP address of RADIUS server</help>
+                  <valueHelp>
+                    <format>ipv4</format>
+                      <description>IP address of RADIUS server</description>
+                  </valueHelp>
+                </properties>
+                <children>
+                  <leafNode name="secret">
+                    <properties>
+                      <help>Key for accessing the specified server</help>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="req-limit">
+                    <properties>
+                      <help>Maximum number of simultaneous requests to server (default: unlimited)</help>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="fail-time">
+                    <properties>
+                      <help>If server does not responds mark it as unavailable for this time (seconds)</help>
+                    </properties>
+                  </leafNode>
+                </children>
+              </tagNode>
+              <node name="radius-settings">
+                <properties>
+                  <help>RADIUS settings</help>
+                </properties>
+                <children>
+                  <leafNode name="timeout">
+                    <properties>
+                      <help>Timeout to wait response from server (seconds)</help>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="acct-timeout">
+                    <properties>
+                      <help>Timeout to wait reply for Interim-Update packets. (default 3 seconds)</help>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="max-try">
+                    <properties>
+                      <help>Maximum number of tries to send Access-Request/Accounting-Request queries</help>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="nas-identifier">
+                    <properties>
+                      <help>Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests.</help>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="nas-ip-address">
+                    <properties>
+                      <help>Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address.</help>
+                       <constraint>
+                        <validator name="ipv4-address"/>
+                      </constraint>
+                      <constraintErrorMessage>invalid IPv4 address</constraintErrorMessage>
+                      <valueHelp>
+                        <format>ipv4</format>
+                        <description>NAS-IP-Address Attribute Value</description>
+                      </valueHelp>
+                    </properties>
+                  </leafNode>
+                  <node name="dae-server">
+                    <properties>
+                      <help>IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA)</help>
+                    </properties>
+                    <children>
+                      <leafNode name="ip-address">
+                        <properties>
+                          <help>IP address for Dynamic Authorization Extension server (DM/CoA)</help>
+                          <constraint>
+                            <validator name="ipv4-address"/>
+                          </constraint>
+                          <constraintErrorMessage>invalid IPv4 address</constraintErrorMessage>
+                          <valueHelp>
+                            <format>ipv4</format>
+                            <description>Specifies IP address for Dynamic Authorization Extension server (DM/CoA)</description>
+                          </valueHelp>
+                        </properties>
+                      </leafNode>
+                      <leafNode name="port">
+                        <properties>
+                          <help>Port for Dynamic Authorization Extension server (DM/CoA)</help>
+                          <valueHelp>
+                            <format>number</format>
+                            <description>TCP port</description>
+                          </valueHelp>
+                          <constraint>
+                            <validator name="numeric" argument="--range 1-65535"/>
+                          </constraint>
+                        </properties>
+                      </leafNode>
+                      <leafNode name="secret">
+                        <properties>
+                          <help>Secret for Dynamic Authorization Extension server (DM/CoA)</help>
+                        </properties>
+                      </leafNode>
+                    </children>
+                  </node>
+                  <node name="rate-limit">
+                    <properties>
+                      <help>Upload/Download speed limits</help>
+                    </properties>
+                    <children>
+                      <leafNode name="attribute">
+                        <properties>
+                          <help>Specifies which radius attribute contains rate information. (default is Filter-Id)</help>
+                        </properties>
+                      </leafNode>
+                      <leafNode name="vendor">
+                        <properties>
+                          <help>Specifies the vendor dictionary. (dictionary needs to be in /usr/share/accel-ppp/radius)</help>
+                        </properties>
+                      </leafNode>
+                      <leafNode name="enable">
+                        <properties>
+                          <help>Enables Bandwidth shaping via RADIUS</help>
+                          <valueless />
+                        </properties>
+                      </leafNode>
+                    </children>
+                  </node>
+                </children>
+              </node>
+            </children>
+          </node>
+          <node name="sstp-settings">
+            <properties>
+              <help>SSTP settings</help>
+            </properties>
+            <children>
+              <node name="ssl-certs">
+                <properties>
+                  <help>SSL Certificate, SSL Key and CA (/config/user-data/sstp)</help>
+                </properties>
+                <children>
+                  <leafNode name="ca">
+                    <properties>
+                      <help>Certificate Authority certificate</help>
+                      <completionHelp>
+                        <script>if [ -e /config/user-data/sstp ]; then ls /config/user-data/sstp; fi</script>
+                      </completionHelp>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="server-cert">
+                    <properties>
+                      <help>Server Certificate</help>
+                      <completionHelp>
+                        <script>if [ -e /config/user-data/sstp ]; then ls /config/user-data/sstp; fi</script>
+                      </completionHelp>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="server-key">
+                    <properties>
+                      <help>Privat Key of the Server Certificate</help>
+                      <completionHelp>
+                        <script>if [ -e /config/user-data/sstp ]; then ls /config/user-data/sstp; fi</script>
+                      </completionHelp>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+            </children>
+          </node>
+          <node name="network-settings">
+            <properties>
+              <help>Network settings</help>
+            </properties>
+            <children>
+              <node name="client-ip-settings">
+                <properties>
+                  <help>Client IP pools and gateway setting</help>
+                </properties>
+                <children>
+                  <leafNode name="subnet">
+                    <properties>
+                      <help>Client IP subnet (CIDR notation)</help>
+                      <valueHelp>
+                        <format>ipv4net</format>
+                        <description>IPv4 address and prefix length</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="ipv4-prefix"/>
+                      </constraint>
+                      <constraintErrorMessage>Not a valid CIDR formatted prefix</constraintErrorMessage>
+                      <multi />
+                    </properties>
+                  </leafNode>
+                  <leafNode name="gateway-address">
+                    <properties>
+                      <help>Gateway IP address</help>
+                      <constraint>
+                        <validator name="ipv4-address"/>
+                      </constraint>
+                      <constraintErrorMessage>invalid IPv4 address</constraintErrorMessage>
+                      <valueHelp>
+                        <format>ipv4</format>
+                        <description>Default Gateway send to the client</description>
+                      </valueHelp>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+              <node name="dns-server">
+                <properties>
+                  <help>DNS servers propagated to clients</help>
+                </properties>
+                <children>
+                  <leafNode name="primary-dns">
+                    <properties>
+                      <help>Primary DNS Server</help>
+                      <valueHelp>
+                        <format>ipv4</format>
+                        <description>IPv4 address</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="ipv4-address"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="secondary-dns">
+                    <properties>
+                      <help>Secondary DNS Server</help>
+                      <valueHelp>
+                        <format>ipv4</format>
+                        <description>IPv4 address</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="ipv4-address"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+              #include <include/interface-mtu-68-1500.xml.i>
+            </children>
+          </node>
+          <node name="ppp-settings">
+            <properties>
+              <help>PPP (Point-to-Point Protocol) settings</help>
+            </properties>
+            <children>
+              <leafNode name="mppe">
+                <properties>
+                  <help>Specifies mppe negotiation preferences</help>
+                  <completionHelp>
+                    <list>require prefer deny</list>
+                  </completionHelp>
+                  <constraint>
+                    <regex>(^require|prefer|deny)</regex>
+                  </constraint>
+                  <valueHelp>
+                    <format>require</format>
+                    <description>send mppe request, if client rejects, drop the connection</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>prefer</format>
+                    <description>send mppe request, if client rejects continue</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>deny</format>
+                    <description>drop all mppe</description>
+                  </valueHelp>
+                </properties>
+              </leafNode>
+              <leafNode name="lcp-echo-interval">
+                <properties>
+                  <help>LCP echo-requests/sec</help>
+                  <constraint>
+                    <validator name="numeric" argument="--positive"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="lcp-echo-failure">
+                <properties>
+                  <help>Maximum number of Echo-Requests may be sent without valid reply</help>
+                  <constraint>
+                    <validator name="numeric" argument="--positive"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="lcp-echo-timeout">
+                <properties>
+                  <help>Timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and "lcp-echo-failure" is not used.</help>
+                  <constraint>
+                    <validator name="numeric" argument="--positive"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+            </children>
+          </node>
+      </children>
+    </node>
+  </children>
+</node>
+</interfaceDefinition>
-- 
cgit v1.2.3