{% if authentication.mode is vyos_defined('local') %} [chap-secrets] chap-secrets={{ chap_secrets_file }} {% elif authentication.mode is vyos_defined('radius') %} [radius] verbose=1 {% for server, options in authentication.radius.server.items() if not options.disable is vyos_defined %} server={{ server }},{{ options.key }},auth-port={{ options.port }},acct-port={{ options.acct_port }},req-limit=0,fail-time={{ options.fail_time }} {% endfor %} {% if authentication.radius.accounting_interim_interval is vyos_defined %} acct-interim-interval={{ authentication.radius.accounting_interim_interval }} {% endif %} {% if authentication.radius.acct_interim_jitter is vyos_defined %} acct-interim-jitter={{ authentication.radius.acct_interim_jitter }} {% endif %} acct-timeout={{ authentication.radius.acct_timeout }} timeout={{ authentication.radius.timeout }} max-try={{ authentication.radius.max_try }} {% if authentication.radius.nas_identifier is vyos_defined %} nas-identifier={{ authentication.radius.nas_identifier }} {% endif %} {% if authentication.radius.nas_ip_address is vyos_defined %} nas-ip-address={{ authentication.radius.nas_ip_address }} {% endif %} {% if authentication.radius.source_address is vyos_defined %} bind={{ authentication.radius.source_address }} {% endif %} {% if authentication.radius.dynamic_author.server is vyos_defined %} dae-server={{ authentication.radius.dynamic_author.server }}:{{ authentication.radius.dynamic_author.port }},{{ authentication.radius.dynamic_author.key }} {% endif %} {% endif %} {# Both chap-secrets and radius block required the gw-ip-address #} {% if authentication.mode is vyos_defined('local') or authentication.mode is vyos_defined('radius') %} {% if gateway_address is vyos_defined %} {% if server_type == 'ipoe' %} {% for gw in gateway_address %} {% set host_address, _ = gw.split('/') %} gw-ip-address={{ host_address }} {% endfor %} {% else %} gw-ip-address={{ gateway_address }} {% endif %} {% endif %} {% endif %}