Page MenuHomeVyOS Platform

Allow setting host-name in l2tp section of accel-ppp
Closed, ResolvedPublicFEATURE REQUEST

Description

Discovered today: a national broadband carrier in the UK provides wholesale L2TP handoff.

They authenticate not just with an LNS shared secret, but also with the hostname sent through during tunnel establishment.

I think there are two ways we could phrase the configuration item:

  1. set vpn l2tp remote-access lns host-name example.com

or

  1. set vpn l2tp remote-access host-name example.com

To my mind *1* makes more sense, because it's related specifically to the LNS-to-LAC connection, and is part of the authentication (like the shared-secret). However, I could also argue for *2* as many of the options in the [l2tp] section of accel-ppp.conf are directly under set vpn l2tp remote-access.

All this option will do is add an extra line, as in the example below:

[l2tp]
verbose=1
ifname=l2tp%d
ppp-max-mtu=1460
mppe=prefer
bind=192.0.2.1
secret=hunter2
host-name=example.com

I'm happy to submit a PR for this, but would like to agree the command structure here first.

Many thanks!

Details

Difficulty level
Easy (less than an hour)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Config syntax change (migratable)
Issue type
Unspecified (please specify)

Event Timeline

Unknown Object (User) added a subscriber: Unknown Object (User).Aug 6 2021, 4:49 AM

Hello @maznu , I also prefer the first variant set vpn l2tp remote-access lns host-name example.com I'm sure that we no need to overload l2tp remote-access root noded

Hello, @Dmitry, I agree. I'll prepare patches for 1.3 and 1.4.

maznu changed Difficulty level from Unknown (require assessment) to Easy (less than an hour).
maznu changed Is it a breaking change? from Unspecified (possibly destroys the router) to Config syntax change (migratable).

I think all that is required is in: https://github.com/maznu/vyos-1x/commit/68d7897622ddaa4b2e5a98d79154500b33959567

I don't have a build environment, but I'll go try setting one up now.

Not having much luck with the build environment — and it doesn't seem to be something I've caused, because I get the same error building vyos-1x from mainline:

test_is_addr_assigned (test_validate.TestVyOSValidate) ... FAIL
test_is_ipv6_link_local (test_validate.TestVyOSValidate) ... ok

======================================================================
FAIL: test_is_addr_assigned (test_validate.TestVyOSValidate)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/vyos/vyos-1x/src/tests/test_validate.py", line 26, in test_is_addr_assigned
    self.assertTrue(vyos.validate.is_addr_assigned('::1'))
AssertionError: False is not true

@maznu
Add these lines:

$ sudo cat /etc/docker/daemon.json 
{
  "ipv6": true,
  "fixed-cidr-v6": "2001:db8:1::/64"
}

And restart the docker.service

Another option (which I use) is to specify --sysctl net.ipv6.conf.lo.disable_ipv6=0 during the container startup.

https://docs.vyos.io/en/equuleus/contributing/build-vyos.html?highlight=docker%20run#tips-and-tricks

c-po changed the task status from Open to Backport candidate.Oct 16 2021, 5:07 PM
c-po triaged this task as Normal priority.
c-po set Issue type to Unspecified (please specify).
c-po moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved this task from Finished to Backport Candidates on the VyOS 1.4 Sagitta board.
c-po moved this task from In Progress to Finished on the VyOS 1.3 Equuleus (1.3.0) board.