diff options
| author | Christian Poessinger <christian@poessinger.com> | 2019-01-23 17:58:15 +0100 | 
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2019-01-23 17:58:15 +0100 | 
| commit | 39be522874db60ed575267a8b7866e5c519cb51b (patch) | |
| tree | 0ce3b1b9de583cc8afce3b6f9b49761b2817f6e0 | |
| parent | bc5ad9350e7444d5efc470340cb0c979c0606e0c (diff) | |
| download | vyos-documentation-39be522874db60ed575267a8b7866e5c519cb51b.tar.gz vyos-documentation-39be522874db60ed575267a8b7866e5c519cb51b.zip | |
VPN: adjust RADIUS server syntax for L2TP
| -rw-r--r-- | docs/vpn.rst | 20 | 
1 files changed, 13 insertions, 7 deletions
| diff --git a/docs/vpn.rst b/docs/vpn.rst index 46a7b957..786e0a8e 100644 --- a/docs/vpn.rst +++ b/docs/vpn.rst @@ -321,12 +321,13 @@ VyOS supports either `local` or `radius` user authentication:    set vpn l2tp remote-access authentication mode <local|radius>  In addition one or more RADIUS_ servers can be configured to server for user -authentication. This is done using the `radius-server` and `key` nodes: +authentication. This is done using the `radius server` and `radius server key` +nodes:  .. code-block:: sh -  set vpn l2tp remote-access authentication radius-server 1.1.1.1 key 'foo' -  set vpn l2tp remote-access authentication radius-server 2.2.2.2 key 'foo' +  set vpn l2tp remote-access authentication radius server 1.1.1.1 key 'foo' +  set vpn l2tp remote-access authentication radius server 2.2.2.2 key 'foo'  .. note:: Some RADIUS_ severs make use of an access control list who is allowed     to query the server. Please configure your VyOS router in the allowed client @@ -335,11 +336,16 @@ authentication. This is done using the `radius-server` and `key` nodes:  RADIUS source address  ********************* -Yet there is no way to configure the used RADIUS_ client source IP address on -the VyOS router, this is work in progres, see https://phabricator.vyos.net/T828. +If you are using e.g. OSPF as IGP always the nearest interface facing the RADIUS +server is used. With VyOS 1.2 you can bind all outgoing RADIUS requests to a +single source IP e.g. the loopback interface. -The IP address nearest to the radius server is currently used. If in doubt, -configure all IP addresses from the VyOS router in question. +.. code-block:: sh + +  set vpn l2tp remote-access authentication radius source-address 3.3.3.3 + +Above command will use `3.3.3.3` as source IPv4 address for all RADIUS queries +on this NAS.  Site-to-Site IPsec  ------------------ | 
