diff options
| author | aapostoliuk <a.apostoliuk@vyos.io> | 2024-01-25 16:13:49 +0200 | 
|---|---|---|
| committer | aapostoliuk <a.apostoliuk@vyos.io> | 2024-02-05 10:41:34 +0200 | 
| commit | dd3537443d71b8a5481ad0e8fb1a8e4edd0ecb71 (patch) | |
| tree | 9c5c6e3df59e95c3f5fe317376a99ab56caa54b0 /docs | |
| parent | c1716052eba00ad6c612755f55015e840e946828 (diff) | |
| download | vyos-documentation-dd3537443d71b8a5481ad0e8fb1a8e4edd0ecb71.tar.gz vyos-documentation-dd3537443d71b8a5481ad0e8fb1a8e4edd0ecb71.zip | |
T5971: Added PPP options documentation
Added PPP options documentation
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/configuration/vpn/l2tp.rst | 2 | ||||
| -rw-r--r-- | docs/configuration/vpn/sstp.rst | 71 | 
2 files changed, 68 insertions, 5 deletions
| diff --git a/docs/configuration/vpn/l2tp.rst b/docs/configuration/vpn/l2tp.rst index 4a7657e7..ce3b6711 100644 --- a/docs/configuration/vpn/l2tp.rst +++ b/docs/configuration/vpn/l2tp.rst @@ -98,7 +98,7 @@ Below is an example to configure a LNS:    set vpn l2tp remote-access client-ip-pool L2TP-POOL range 192.168.255.2-192.168.255.254    set vpn l2tp remote-access default-pool 'L2TP-POOL'    set vpn l2tp remote-access lns shared-secret 'secret' -  set vpn l2tp remote-access ccp-disable +  set vpn l2tp remote-access ppp-options disable-ccp    set vpn l2tp remote-access authentication mode local    set vpn l2tp remote-access authentication local-users username test password 'test' diff --git a/docs/configuration/vpn/sstp.rst b/docs/configuration/vpn/sstp.rst index 2c5cef6d..a9def827 100644 --- a/docs/configuration/vpn/sstp.rst +++ b/docs/configuration/vpn/sstp.rst @@ -179,35 +179,98 @@ SSL Certificates  PPP Settings  ------------ +.. cfgcmd:: set vpn sstp ppp-options disable-ccp + +  Disable Compression Control Protocol (CCP). +  CCP is enabled by default. + +.. cfgcmd:: set vpn sstp ppp-options interface-cache <number> + +  Specifies number of interfaces to keep in cache. It means that don’t +  destroy interface after corresponding session is destroyed, instead +  place it to cache and use it later for new sessions repeatedly. +  This should reduce kernel-level interface creation/deletion rate lack. +  Default value is **0**. + +.. cfgcmd:: set vpn sstp ppp-options ipv4 <require | prefer | allow | deny> + +  Specifies IPv4 negotiation preference. + +  * **require** - Require IPv4 negotiation +  * **prefer** - Ask client for IPv4 negotiation, do not fail if it rejects +  * **allow** - Negotiate IPv4 only if client requests (Default value) +  * **deny** - Do not negotiate IPv4 + +.. cfgcmd:: set vpn sstp ppp-options ipv6 <require | prefer | allow | deny> + +  Specifies IPv6 negotiation preference. + +  * **require** - Require IPv6 negotiation +  * **prefer** - Ask client for IPv6 negotiation, do not fail if it rejects +  * **allow** - Negotiate IPv6 only if client requests +  * **deny** - Do not negotiate IPv6 (default value) + +.. cfgcmd:: set vpn sstp ppp-options ipv6-accept-peer-interface-id + +  Accept peer interface identifier. By default is not defined. + +.. cfgcmd:: set vpn sstp ppp-options ipv6-interface-id <random | x:x:x:x> + +  Specifies fixed or random interface identifier for IPv6. +  By default is fixed. + +  * **random** - Random interface identifier for IPv6 +  * **x:x:x:x** - Specify interface identifier for IPv6 + +.. cfgcmd:: set vpn sstp ppp-options ipv6-interface-id <random | x:x:x:x> + +  Specifies peer interface identifier for IPv6. By default is fixed. + +  * **random** - Random interface identifier for IPv6 +  * **x:x:x:x** - Specify interface identifier for IPv6 +  * **ipv4-addr** - Calculate interface identifier from IPv4 address. +  * **calling-sid** - Calculate interface identifier from calling-station-id. +  .. cfgcmd:: set vpn sstp ppp-options lcp-echo-failure <number>    Defines the maximum `<number>` of unanswered echo requests. Upon reaching the -  value `<number>`, the session will be reset. +  value `<number>`, the session will be reset. Default value is **3**.  .. cfgcmd:: set vpn sstp ppp-options lcp-echo-interval <interval>    If this option is specified and is greater than 0, then the PPP module will    send LCP pings of the echo request every `<interval>` seconds. +  Default value is **30**.  .. cfgcmd:: set vpn sstp ppp-options lcp-echo-timeout    Specifies timeout in seconds to wait for any peer activity. If this option    specified it turns on adaptive lcp echo functionality and "lcp-echo-failure" -  is not used. +  is not used. Default value is **0**. + +.. cfgcmd:: set vpn sstp ppp-options min-mtu <number> + +  Defines minimum acceptable MTU. If client will try to negotiate less then +  specified MTU then it will be NAKed or disconnected if rejects greater MTU. +  Default value is **100**.  .. cfgcmd:: set vpn sstp ppp-options mppe <require | prefer | deny> -  Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotioation +  Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotiation    preference.    * **require** - ask client for mppe, if it rejects drop connection -  * **prefer** - ask client for mppe, if it rejects don't fail +  * **prefer** - ask client for mppe, if it rejects don't fail. (Default value)    * **deny** - deny mppe    Default behavior - don't ask client for mppe, but allow it if client wants.    Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy    attribute. +.. cfgcmd:: set vpn sstp ppp-options mru <number> + +  Defines preferred MRU. By default is not defined. +  RADIUS  ------ | 
