From a8920a1f13e6091355d33541802b1486c0cfa653 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Fri, 20 Mar 2020 23:07:43 +0100
Subject: sstp: T2008: remove req-limit config node

Limiting the amount of requests passed to a server seems to be the wrong
way to tackle a problem.
---
 src/conf_mode/vpn_sstp.py         | 8 ++------
 src/migration-scripts/sstp/0-to-1 | 5 +----
 2 files changed, 3 insertions(+), 10 deletions(-)

(limited to 'src')

diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py
index e8c5155dd..09de7d112 100755
--- a/src/conf_mode/vpn_sstp.py
+++ b/src/conf_mode/vpn_sstp.py
@@ -100,7 +100,7 @@ chap-secrets=/etc/accel-ppp/sstp/chap-secrets
 [radius]
 verbose=1
 {% for r in radius_server %}
-server={{ r.server }},{{ r.key }},auth-port={{ r.port }},req-limit={{ r.req_limit }},fail-time={{ r.fail_time }}
+server={{ r.server }},{{ r.key }},auth-port={{ r.port }},req-limit=0,fail-time={{ r.fail_time }}
 {% endfor -%}
 
 acct-timeout={{ radius_acct_tmo }}
@@ -286,8 +286,7 @@ def get_config():
                 'server' : server,
                 'key' : '',
                 'fail_time' : 0,
-                'port' : '1812',
-                'req_limit' : 0
+                'port' : '1812'
             }
 
             conf.set_level(base_path + ['authentication', 'radius', 'server', server])
@@ -298,9 +297,6 @@ def get_config():
             if conf.exists(['port']):
                 radius['port'] = conf.return_value(['port'])
 
-            if conf.exists(['req-limit']):
-                radius['req_limit'] = conf.return_value(['req-limit'])
-
             if conf.exists(['key']):
                 radius['key'] = conf.return_value(['key'])
 
diff --git a/src/migration-scripts/sstp/0-to-1 b/src/migration-scripts/sstp/0-to-1
index 652a2662f..2edf76a56 100755
--- a/src/migration-scripts/sstp/0-to-1
+++ b/src/migration-scripts/sstp/0-to-1
@@ -20,6 +20,7 @@
 # - migrate RADIUS configuration to a more uniform syntax accross the system
 #   - authentication radius-server x.x.x.x to authentication radius server x.x.x.x
 #   - authentication radius-settings to authentication radius
+#   - do not migrate radius server req-limit, use default of unlimited
 
 import os
 import sys
@@ -101,10 +102,6 @@ else:
                 tmp = config.return_value(base + ['fail-time'])
                 config.set(new + ['fail-time'], value=tmp)
 
-            if config.exists(base + ['req-limit']):
-                tmp = config.return_value(base + ['req-limit'])
-                config.set(new + ['req-limit'], value=tmp)
-
         config.set_tag(new_base + ['authentication', 'radius', 'server'])
         config.delete(radius_server)
 
-- 
cgit v1.2.3