From e61f7abdb2136d8dfbf73729dbc14c3b5ab2ecba Mon Sep 17 00:00:00 2001 From: Jamie Austin Date: Fri, 27 Jan 2023 17:32:29 +1100 Subject: T4958: ocserv: openconnect: adds support for configuring RADIUS accounting Adds CLI configuration options to configure RADIUS accounting for OpenConnect VPN sessions. This functionality cannot be used outside of the RADIUS OpenConnect VPN authentication mode --- .../include/radius-acct-server-ipv4.xml.i | 26 +++++++++++++++++++++ .../include/radius-auth-server-ipv4.xml.i | 27 ++++++++++++++++++++++ .../include/radius-server-acct-port.xml.i | 15 ++++++++++++ .../include/radius-server-auth-port.xml.i | 15 ++++++++++++ .../include/radius-server-ipv4-ipv6.xml.i | 2 +- .../include/radius-server-ipv4.xml.i | 27 ---------------------- .../include/radius-server-port.xml.i | 15 ------------ interface-definitions/interfaces-wireless.xml.in | 2 +- interface-definitions/service-ipoe-server.xml.in | 2 +- interface-definitions/service-pppoe-server.xml.in | 2 +- interface-definitions/vpn-ipsec.xml.in | 2 +- interface-definitions/vpn-l2tp.xml.in | 2 +- interface-definitions/vpn-openconnect.xml.in | 23 +++++++++++++++++- interface-definitions/vpn-pptp.xml.in | 2 +- interface-definitions/vpn-sstp.xml.in | 2 +- 15 files changed, 113 insertions(+), 51 deletions(-) create mode 100644 interface-definitions/include/radius-acct-server-ipv4.xml.i create mode 100644 interface-definitions/include/radius-auth-server-ipv4.xml.i create mode 100644 interface-definitions/include/radius-server-acct-port.xml.i create mode 100644 interface-definitions/include/radius-server-auth-port.xml.i delete mode 100644 interface-definitions/include/radius-server-ipv4.xml.i delete mode 100644 interface-definitions/include/radius-server-port.xml.i (limited to 'interface-definitions') diff --git a/interface-definitions/include/radius-acct-server-ipv4.xml.i b/interface-definitions/include/radius-acct-server-ipv4.xml.i new file mode 100644 index 000000000..9365aa8e9 --- /dev/null +++ b/interface-definitions/include/radius-acct-server-ipv4.xml.i @@ -0,0 +1,26 @@ + + + + RADIUS accounting for users OpenConnect VPN sessions OpenConnect authentication mode radius + + + + + RADIUS server configuration + + ipv4 + RADIUS server IPv4 address + + + + + + + #include + #include + #include + + + + + diff --git a/interface-definitions/include/radius-auth-server-ipv4.xml.i b/interface-definitions/include/radius-auth-server-ipv4.xml.i new file mode 100644 index 000000000..dc6f4d878 --- /dev/null +++ b/interface-definitions/include/radius-auth-server-ipv4.xml.i @@ -0,0 +1,27 @@ + + + + RADIUS based user authentication + + + #include + + + RADIUS server configuration + + ipv4 + RADIUS server IPv4 address + + + + + + + #include + #include + #include + + + + + diff --git a/interface-definitions/include/radius-server-acct-port.xml.i b/interface-definitions/include/radius-server-acct-port.xml.i new file mode 100644 index 000000000..0b356fa18 --- /dev/null +++ b/interface-definitions/include/radius-server-acct-port.xml.i @@ -0,0 +1,15 @@ + + + + Accounting port + + u32:1-65535 + Numeric IP port + + + + + + 1813 + + diff --git a/interface-definitions/include/radius-server-auth-port.xml.i b/interface-definitions/include/radius-server-auth-port.xml.i new file mode 100644 index 000000000..660fa540f --- /dev/null +++ b/interface-definitions/include/radius-server-auth-port.xml.i @@ -0,0 +1,15 @@ + + + + Authentication port + + u32:1-65535 + Numeric IP port + + + + + + 1812 + + diff --git a/interface-definitions/include/radius-server-ipv4-ipv6.xml.i b/interface-definitions/include/radius-server-ipv4-ipv6.xml.i index 5b12bec62..c593512b4 100644 --- a/interface-definitions/include/radius-server-ipv4-ipv6.xml.i +++ b/interface-definitions/include/radius-server-ipv4-ipv6.xml.i @@ -23,7 +23,7 @@ #include #include - #include + #include diff --git a/interface-definitions/include/radius-server-ipv4.xml.i b/interface-definitions/include/radius-server-ipv4.xml.i deleted file mode 100644 index ab4c8e10e..000000000 --- a/interface-definitions/include/radius-server-ipv4.xml.i +++ /dev/null @@ -1,27 +0,0 @@ - - - - RADIUS based user authentication - - - #include - - - RADIUS server configuration - - ipv4 - RADIUS server IPv4 address - - - - - - - #include - #include - #include - - - - - diff --git a/interface-definitions/include/radius-server-port.xml.i b/interface-definitions/include/radius-server-port.xml.i deleted file mode 100644 index c6b691a0f..000000000 --- a/interface-definitions/include/radius-server-port.xml.i +++ /dev/null @@ -1,15 +0,0 @@ - - - - Authentication port - - u32:1-65535 - Numeric IP port - - - - - - 1812 - - diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in index aff5071b2..a9538d577 100644 --- a/interface-definitions/interfaces-wireless.xml.in +++ b/interface-definitions/interfaces-wireless.xml.in @@ -725,7 +725,7 @@ Invalid WPA pass phrase, must be 8 to 63 printable characters! - #include + #include diff --git a/interface-definitions/service-ipoe-server.xml.in b/interface-definitions/service-ipoe-server.xml.in index ef8569437..d778f9de0 100644 --- a/interface-definitions/service-ipoe-server.xml.in +++ b/interface-definitions/service-ipoe-server.xml.in @@ -220,7 +220,7 @@ #include - #include + #include #include diff --git a/interface-definitions/service-pppoe-server.xml.in b/interface-definitions/service-pppoe-server.xml.in index 47ad96582..68592b96b 100644 --- a/interface-definitions/service-pppoe-server.xml.in +++ b/interface-definitions/service-pppoe-server.xml.in @@ -20,7 +20,7 @@ #include #include #include - #include + #include #include diff --git a/interface-definitions/vpn-ipsec.xml.in b/interface-definitions/vpn-ipsec.xml.in index fa12d999c..4bb9ad145 100644 --- a/interface-definitions/vpn-ipsec.xml.in +++ b/interface-definitions/vpn-ipsec.xml.in @@ -923,7 +923,7 @@ #include - #include + #include #include diff --git a/interface-definitions/vpn-l2tp.xml.in b/interface-definitions/vpn-l2tp.xml.in index 86aeb324e..0a92017bd 100644 --- a/interface-definitions/vpn-l2tp.xml.in +++ b/interface-definitions/vpn-l2tp.xml.in @@ -178,7 +178,7 @@ #include #include #include - #include + #include diff --git a/interface-definitions/vpn-openconnect.xml.in b/interface-definitions/vpn-openconnect.xml.in index 82fe2bbc9..a426f604d 100644 --- a/interface-definitions/vpn-openconnect.xml.in +++ b/interface-definitions/vpn-openconnect.xml.in @@ -8,6 +8,27 @@ 901 + + + Accounting for users OpenConnect VPN Sessions + + + + + Accounting mode used by this server + + + + + Use RADIUS server for accounting + + + + + + #include + + Authentication for remote access SSL VPN Server @@ -137,7 +158,7 @@ - #include + #include #include diff --git a/interface-definitions/vpn-pptp.xml.in b/interface-definitions/vpn-pptp.xml.in index 5e52965fd..00ffd26f9 100644 --- a/interface-definitions/vpn-pptp.xml.in +++ b/interface-definitions/vpn-pptp.xml.in @@ -108,7 +108,7 @@ - #include + #include #include #include diff --git a/interface-definitions/vpn-sstp.xml.in b/interface-definitions/vpn-sstp.xml.in index 195d581df..9e912063f 100644 --- a/interface-definitions/vpn-sstp.xml.in +++ b/interface-definitions/vpn-sstp.xml.in @@ -16,7 +16,7 @@ #include #include #include - #include + #include #include -- cgit v1.2.3