diff --git a/interface-definitions/include/accel-ppp/ppp-options-ipv6.xml.i b/interface-definitions/include/accel-ppp/ppp-options-ipv6.xml.i new file mode 100644 index 000000000..cd40a1f96 --- /dev/null +++ b/interface-definitions/include/accel-ppp/ppp-options-ipv6.xml.i @@ -0,0 +1,30 @@ +<!-- include start from accel-ppp/ppp-options-ipv6.xml.i --> +<leafNode name="ipv6"> + <properties> + <help>IPv6 (IPCP6) negotiation algorithm</help> + <constraint> + <regex>^(deny|allow|prefer|require)$</regex> + </constraint> + <constraintErrorMessage>invalid value</constraintErrorMessage> + <valueHelp> + <format>deny</format> + <description>Do not negotiate IPv6</description> + </valueHelp> + <valueHelp> + <format>allow</format> + <description>Negotiate IPv6 only if client requests</description> + </valueHelp> + <valueHelp> + <format>prefer</format> + <description>Ask client for IPv6 negotiation, do not fail if it rejects</description> + </valueHelp> + <valueHelp> + <format>require</format> + <description>Require IPv6 negotiation</description> + </valueHelp> + <completionHelp> + <list>deny allow prefer require</list> + </completionHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/service_pppoe-server.xml.in b/interface-definitions/service_pppoe-server.xml.in index 9d0f887a9..788683868 100644 --- a/interface-definitions/service_pppoe-server.xml.in +++ b/interface-definitions/service_pppoe-server.xml.in @@ -1,380 +1,353 @@ <?xml version="1.0"?> <interfaceDefinition> <node name="service"> <children> <node name="pppoe-server" owner="${vyos_conf_scripts_dir}/service_pppoe-server.py"> <properties> <help>Point to Point over Ethernet (PPPoE) Server</help> <priority>900</priority> </properties> <children> <leafNode name="access-concentrator"> <properties> <help>Access concentrator name</help> <constraint> <regex>[a-zA-Z0-9]{1,100}</regex> </constraint> <constraintErrorMessage>access-concentrator name limited to alphanumerical characters only (max. 100)</constraintErrorMessage> </properties> <defaultValue>vyos-ac</defaultValue> </leafNode> <node name="authentication"> <properties> <help>Authentication for remote access PPPoE Server</help> </properties> <children> #include <include/accel-ppp/auth-local-users.xml.i> #include <include/accel-ppp/auth-mode.xml.i> #include <include/accel-ppp/auth-protocols.xml.i> #include <include/radius-server-ipv4.xml.i> #include <include/accel-ppp/radius-additions.xml.i> <node name="radius"> <children> #include <include/accel-ppp/radius-additions-rate-limit.xml.i> <leafNode name="called-sid-format"> <properties> <help>Format of Called-Station-Id attribute</help> <completionHelp> <list>ifname ifname:mac</list> </completionHelp> <constraint> <regex>^(ifname|ifname:mac)$</regex> </constraint> <constraintErrorMessage>Invalid Called-Station-Id format</constraintErrorMessage> <valueHelp> <format>ifname</format> <description>NAS-Port-Id - should contain root interface name (NAS-Port-Id=eth1)</description> </valueHelp> <valueHelp> <format>ifname:mac</format> <description>NAS-Port-Id - should contain root interface name and mac address (NAS-Port-Id=eth1:00:00:00:00:00:00)</description> </valueHelp> </properties> </leafNode> </children> </node> </children> </node> <node name="client-ip-pool"> <properties> <help>Pool of client IP addresses (must be within a /24)</help> </properties> <children> #include <include/accel-ppp/client-ip-pool-start-stop.xml.i> #include <include/accel-ppp/client-ip-pool-subnet.xml.i> </children> </node> #include <include/accel-ppp/client-ipv6-pool.xml.i> #include <include/accel-ppp/name-server.xml.i> <tagNode name="interface"> <properties> <help>interface(s) to listen on</help> <completionHelp> <script>${vyos_completion_dir}/list_interfaces.py</script> </completionHelp> </properties> <children> <leafNode name="vlan-id"> <properties> <help>VLAN monitor for the automatic creation of vlans (user per vlan)</help> <constraint> <validator name="numeric" argument="--range 1-4096"/> </constraint> <constraintErrorMessage>VLAN ID needs to be between 1 and 4096</constraintErrorMessage> <multi/> </properties> </leafNode> <leafNode name="vlan-range"> <properties> <help>VLAN monitor for the automatic creation of vlans (user per vlan)</help> <constraint> <regex>(409[0-6]|40[0-8][0-9]|[1-3][0-9]{3}|[1-9][0-9]{0,2})-(409[0-6]|40[0-8][0-9]|[1-3][0-9]{3}|[1-9][0-9]{0,2})</regex> </constraint> <multi/> </properties> </leafNode> </children> </tagNode> #include <include/accel-ppp/gateway-address.xml.i> #include <include/accel-ppp/mtu-128-16384.xml.i> <node name="limits"> <properties> <help>Limits the connection rate from a single source</help> </properties> <children> <leafNode name="connection-limit"> <properties> <help>Acceptable rate of connections (e.g. 1/min, 60/sec)</help> <constraint> <regex>[0-9]+\/(min|sec)$</regex> </constraint> <constraintErrorMessage>illegal value</constraintErrorMessage> </properties> </leafNode> <leafNode name="burst"> <properties> <help>Burst count</help> </properties> </leafNode> <leafNode name="timeout"> <properties> <help>Timeout in seconds</help> </properties> </leafNode> </children> </node> <leafNode name="service-name"> <properties> <help>Service name</help> <constraint> <regex>[a-zA-Z0-9\-]{1,100}</regex> </constraint> <constraintErrorMessage>servicename can contain aplhanumerical characters and dashes only (max. 100)</constraintErrorMessage> <multi/> </properties> </leafNode> #include <include/accel-ppp/wins-server.xml.i> <node name="ppp-options"> <properties> <help>Advanced protocol options</help> </properties> <children> <leafNode name="min-mtu"> <properties> <help>Minimum acceptable MTU (68-65535)</help> <constraint> <validator name="numeric" argument="--range 68-65535"/> </constraint> </properties> </leafNode> <leafNode name="mru"> <properties> <help>Preferred MRU (68-65535)</help> <constraint> <validator name="numeric" argument="--range 68-65535"/> </constraint> </properties> </leafNode> <leafNode name="ccp"> <properties> <help>CCP negotiation (default disabled)</help> <valueless /> </properties> </leafNode> #include <include/accel-ppp/ppp-mppe.xml.i> #include <include/accel-ppp/lcp-echo-interval-failure.xml.i> #include <include/accel-ppp/lcp-echo-timeout.xml.i> <leafNode name="ipv4"> <properties> <help>IPv4 (IPCP) negotiation algorithm</help> <constraint> <regex>^(deny|allow|prefer|require)$</regex> </constraint> <constraintErrorMessage>invalid value</constraintErrorMessage> <valueHelp> <format>deny</format> <description>Do not negotiate IPv4</description> </valueHelp> <valueHelp> <format>allow</format> <description>Negotiate IPv4 only if client requests</description> </valueHelp> <valueHelp> <format>prefer</format> <description>Ask client for IPv4 negotiation, do not fail if it rejects</description> </valueHelp> <valueHelp> <format>require</format> <description>Require IPv4 negotiation</description> </valueHelp> <completionHelp> <list>deny allow prefer require</list> </completionHelp> </properties> </leafNode> - <leafNode name="ipv6"> - <properties> - <help>IPv6 (IPCP6) negotiation algorithm</help> - <constraint> - <regex>^(deny|allow|prefer|require)$</regex> - </constraint> - <constraintErrorMessage>invalid value</constraintErrorMessage> - <valueHelp> - <format>deny</format> - <description>Do not negotiate IPv6</description> - </valueHelp> - <valueHelp> - <format>allow</format> - <description>Negotiate IPv6 only if client requests</description> - </valueHelp> - <valueHelp> - <format>prefer</format> - <description>Ask client for IPv6 negotiation, do not fail if it rejects</description> - </valueHelp> - <valueHelp> - <format>require</format> - <description>Require IPv6 negotiation</description> - </valueHelp> - <completionHelp> - <list>deny allow prefer require</list> - </completionHelp> - </properties> - </leafNode> + #include <include/accel-ppp/ppp-options-ipv6.xml.i> <leafNode name="ipv6-intf-id"> <properties> <help>Fixed or random interface identifier for IPv6</help> <completionHelp> <list>random</list> </completionHelp> <valueHelp> <format>random</format> <description>Random interface identifier for IPv6</description> </valueHelp> <valueHelp> <format>x:x:x:x</format> <description>specify interface identifier for IPv6</description> </valueHelp> </properties> </leafNode> <leafNode name="ipv6-peer-intf-id"> <properties> <help>Peer interface identifier for IPv6</help> <completionHelp> <list>random calling-sid ipv4</list> </completionHelp> <valueHelp> <format>x:x:x:x</format> <description>Interface identifier for IPv6</description> </valueHelp> <valueHelp> <format>random</format> <description>Use a random interface identifier for IPv6</description> </valueHelp> <valueHelp> <format>ipv4</format> <description>Calculate interface identifier from IPv4 address, for example 192:168:0:1</description> </valueHelp> <valueHelp> <format>calling-sid</format> <description>Calculate interface identifier from calling-station-id</description> </valueHelp> </properties> </leafNode> <leafNode name="ipv6-accept-peer-intf-id"> <properties> <help>Accept peer interface identifier</help> <valueless /> </properties> </leafNode> </children> </node> <tagNode name="pado-delay"> <properties> <help>PADO delays</help> <valueHelp> <format>1-999999</format> <description>Number in ms</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-999999"/> </constraint> <constraintErrorMessage>Invalid PADO delay</constraintErrorMessage> </properties> <children> <leafNode name="sessions"> <properties> <help>Number of sessions</help> <valueHelp> <format>1-999999</format> <description>Number of sessions</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-999999"/> </constraint> <constraintErrorMessage>Invalid number of delayed sessions</constraintErrorMessage> </properties> </leafNode> </children> </tagNode> <leafNode name="session-control"> <properties> <help>control sessions count</help> <constraint> <regex>^(deny|disable|replace)$</regex> </constraint> <constraintErrorMessage>Invalid value</constraintErrorMessage> <valueHelp> <format>disable</format> <description>Disables session control</description> </valueHelp> <valueHelp> <format>deny</format> <description>Deny second session authorization</description> </valueHelp> <valueHelp> <format>replace</format> <description>Terminate first session when second is authorized</description> </valueHelp> <completionHelp> <list>deny disable replace</list> </completionHelp> </properties> <defaultValue>replace</defaultValue> </leafNode> <node name="snmp"> <properties> <help>Enable SNMP</help> </properties> <children> <leafNode name="master-agent"> <properties> <help>enable SNMP master agent mode</help> <valueless /> </properties> </leafNode> </children> </node> <node name="extended-scripts"> <properties> <help>Extended script execution</help> </properties> <children> <leafNode name="on-pre-up"> <properties> <help>Script to run before PPPoE session interface comes up</help> <constraint> <validator name="script"/> </constraint> </properties> </leafNode> <leafNode name="on-up"> <properties> <help>Script to run when PPPoE session interface is completely configured and started</help> <constraint> <validator name="script"/> </constraint> </properties> </leafNode> <leafNode name="on-down"> <properties> <help>Script to run when PPPoE session interface going to terminate</help> <constraint> <validator name="script"/> </constraint> </properties> </leafNode> <leafNode name="on-change"> <properties> <help>Script to run when PPPoE session interface changed by RADIUS CoA handling</help> <constraint> <validator name="script"/> </constraint> </properties> </leafNode> </children> </node> </children> </node> </children> </node> </interfaceDefinition> diff --git a/interface-definitions/vpn_l2tp.xml.in b/interface-definitions/vpn_l2tp.xml.in index 5bdebcb05..4fbf3fa44 100644 --- a/interface-definitions/vpn_l2tp.xml.in +++ b/interface-definitions/vpn_l2tp.xml.in @@ -1,319 +1,320 @@ <?xml version="1.0"?> <interfaceDefinition> <node name="vpn"> <children> <node name="l2tp" owner="${vyos_conf_scripts_dir}/vpn_l2tp.py"> <properties> <help>L2TP Virtual Private Network (VPN)</help> </properties> <children> <node name="remote-access"> <properties> <help>Remote access L2TP VPN</help> </properties> <children> #include <include/accel-ppp/mtu-128-16384.xml.i> <leafNode name="outside-address"> <properties> <help>External IP address to which VPN clients will connect</help> <constraint> <validator name="ipv4-address"/> </constraint> </properties> </leafNode> #include <include/accel-ppp/gateway-address.xml.i> #include <include/accel-ppp/name-server.xml.i> <node name="lns"> <properties> <help>L2TP Network Server (LNS)</help> </properties> <children> <leafNode name="shared-secret"> <properties> <help>Tunnel password used to authenticate the client (LAC)</help> </properties> </leafNode> </children> </node> <leafNode name="ccp-disable"> <properties> <help>Disable Compression Control Protocol (CCP)</help> <valueless /> </properties> </leafNode> <node name="ipsec-settings"> <properties> <help>Internet Protocol Security (IPsec) for remote access L2TP VPN</help> </properties> <children> <node name="authentication"> <properties> <help>IPsec authentication settings</help> </properties> <children> <leafNode name="mode"> <properties> <help>Authentication mode for IPsec</help> <valueHelp> <format>pre-shared-secret</format> <description>Use pre-shared secret for IPsec authentication</description> </valueHelp> <valueHelp> <format>x509</format> <description>Use X.509 certificate for IPsec authentication</description> </valueHelp> <constraint> <regex>^(pre-shared-secret|x509)$</regex> </constraint> <completionHelp> <list>pre-shared-secret x509</list> </completionHelp> </properties> </leafNode> <leafNode name="pre-shared-secret"> <properties> <help>Pre-shared secret for IPsec</help> </properties> </leafNode> <node name="x509"> <properties> <help>X.509 certificate</help> </properties> <children> #include <include/certificate-ca.xml.i> <leafNode name="crl-file"> <properties> <help>File containing the X.509 Certificate Revocation List (CRL)</help> <valueHelp> <format>txt</format> <description>File in /config/auth</description> </valueHelp> </properties> </leafNode> <leafNode name="server-cert-file"> <properties> <help>File containing the X.509 certificate for the remote access VPN server (this host)</help> <valueHelp> <format>txt</format> <description>File in /config/auth</description> </valueHelp> </properties> </leafNode> <leafNode name="server-key-file"> <properties> <help>File containing the private key for the X.509 certificate for the remote access VPN server (this host)</help> <valueHelp> <format>txt</format> <description>File in /config/auth</description> </valueHelp> </properties> </leafNode> <leafNode name="server-key-password"> <properties> <help>Password that protects the private key</help> </properties> </leafNode> </children> </node> </children> </node> <leafNode name="ike-lifetime"> <properties> <help>IKE lifetime</help> <valueHelp> <format>u32:30-86400</format> <description>IKE lifetime in seconds (default 3600)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 30-86400"/> </constraint> </properties> </leafNode> <leafNode name="lifetime"> <properties> <help>ESP lifetime</help> <valueHelp> <format>u32:30-86400</format> <description>IKE lifetime in seconds (default 3600)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 30-86400"/> </constraint> </properties> </leafNode> </children> </node> #include <include/accel-ppp/wins-server.xml.i> <node name="client-ip-pool"> <properties> <help>Pool of client IP addresses (must be within a /24)</help> </properties> <children> #include <include/accel-ppp/client-ip-pool-start-stop.xml.i> #include <include/accel-ppp/client-ip-pool-subnet.xml.i> </children> </node> #include <include/accel-ppp/client-ipv6-pool.xml.i> <leafNode name="description"> <properties> <help>Description for L2TP remote-access settings</help> </properties> </leafNode> <leafNode name="dhcp-interface"> <properties> <help>DHCP interface to listen on</help> </properties> </leafNode> <leafNode name="idle"> <properties> <help>PPP idle timeout</help> <valueHelp> <format>u32:30-86400</format> <description>PPP idle timeout in seconds (default 1800)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 30-86400"/> </constraint> </properties> </leafNode> <node name="authentication"> <properties> <help>Authentication for remote access L2TP VPN</help> </properties> <children> <leafNode name="require"> <properties> <help>Authentication protocol for remote access peer L2TP VPN</help> <valueHelp> <format>pap</format> <description>Require the peer to authenticate itself using PAP [Password Authentication Protocol].</description> </valueHelp> <valueHelp> <format>chap</format> <description>Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol].</description> </valueHelp> <valueHelp> <format>mschap</format> <description>Require the peer to authenticate itself using CHAP [Challenge Handshake Authentication Protocol].</description> </valueHelp> <valueHelp> <format>mschap-v2</format> <description>Require the peer to authenticate itself using MS-CHAPv2 [Microsoft Challenge Handshake Authentication Protocol, Version 2].</description> </valueHelp> <constraint> <regex>^(pap|chap|mschap|mschap-v2)$</regex> </constraint> <completionHelp> <list>pap chap mschap mschap-v2</list> </completionHelp> <multi /> </properties> </leafNode> #include <include/accel-ppp/ppp-mppe.xml.i> #include <include/accel-ppp/auth-mode.xml.i> #include <include/accel-ppp/auth-local-users.xml.i> #include <include/radius-server-ipv4.xml.i> <node name="radius"> <children> <tagNode name="server"> <children> #include <include/accel-ppp/radius-additions-disable-accounting.xml.i> <leafNode name="fail-time"> <properties> <help>Mark server unavailable for <n> seconds on failure</help> <valueHelp> <format>0-600</format> <description>Fail time penalty</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-600"/> </constraint> <constraintErrorMessage>Fail time must be between 0 and 600 seconds</constraintErrorMessage> </properties> </leafNode> </children> </tagNode> <leafNode name="timeout"> <properties> <help>Timeout to wait response from server (seconds)</help> </properties> </leafNode> <leafNode name="acct-timeout"> <properties> <help>Timeout to wait reply for Interim-Update packets. (default 3 seconds)</help> </properties> </leafNode> <leafNode name="max-try"> <properties> <help>Maximum number of tries to send Access-Request/Accounting-Request queries</help> </properties> </leafNode> <leafNode name="nas-identifier"> <properties> <help>Value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests.</help> </properties> </leafNode> <node name="dae-server"> <properties> <help>IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA)</help> </properties> <children> <leafNode name="ip-address"> <properties> <help>IP address for Dynamic Authorization Extension server (DM/CoA)</help> </properties> </leafNode> <leafNode name="port"> <properties> <help>Port for Dynamic Authorization Extension server (DM/CoA)</help> </properties> </leafNode> <leafNode name="secret"> <properties> <help>Secret for Dynamic Authorization Extension server (DM/CoA)</help> </properties> </leafNode> </children> </node> <node name="rate-limit"> <properties> <help>Upload/Download speed limits</help> </properties> <children> <leafNode name="attribute"> <properties> <help>Specifies which radius attribute contains rate information. (default is Filter-Id)</help> </properties> </leafNode> <leafNode name="vendor"> <properties> <help>Specifies the vendor dictionary. (dictionary needs to be in /usr/share/accel-ppp/radius)</help> </properties> </leafNode> <leafNode name="enable"> <properties> <help>Enables Bandwidth shaping via RADIUS</help> <valueless /> </properties> </leafNode> </children> </node> </children> </node> </children> </node> <node name="ppp-options"> <properties> <help>Advanced protocol options</help> </properties> <children> #include <include/accel-ppp/lcp-echo-interval-failure.xml.i> + #include <include/accel-ppp/ppp-options-ipv6.xml.i> </children> </node> </children> </node> </children> </node> </children> </node> </interfaceDefinition> diff --git a/interface-definitions/vpn_sstp.xml.in b/interface-definitions/vpn_sstp.xml.in index e4ade844d..c09603028 100644 --- a/interface-definitions/vpn_sstp.xml.in +++ b/interface-definitions/vpn_sstp.xml.in @@ -1,64 +1,65 @@ <?xml version="1.0"?> <interfaceDefinition> <node name="vpn"> <children> <node name="sstp" owner="${vyos_conf_scripts_dir}/vpn_sstp.py"> <properties> <help>Secure Socket Tunneling Protocol (SSTP) server</help> <priority>901</priority> </properties> <children> <node name="authentication"> <properties> <help>Authentication for remote access SSTP Server</help> </properties> <children> #include <include/accel-ppp/auth-local-users.xml.i> #include <include/accel-ppp/auth-mode.xml.i> #include <include/accel-ppp/auth-protocols.xml.i> #include <include/radius-server-ipv4.xml.i> #include <include/accel-ppp/radius-additions.xml.i> <node name="radius"> <children> #include <include/accel-ppp/radius-additions-rate-limit.xml.i> </children> </node> </children> </node> #include <include/interface/interface-mtu-68-1500.xml.i> #include <include/accel-ppp/gateway-address.xml.i> #include <include/accel-ppp/name-server.xml.i> <node name="client-ip-pool"> <properties> <help>Client IP pools and gateway setting</help> </properties> <children> #include <include/accel-ppp/client-ip-pool-subnet.xml.i> </children> </node> #include <include/accel-ppp/client-ipv6-pool.xml.i> <node name="ppp-options"> <properties> <help>PPP (Point-to-Point Protocol) settings</help> </properties> <children> #include <include/accel-ppp/ppp-mppe.xml.i> + #include <include/accel-ppp/ppp-options-ipv6.xml.i> #include <include/accel-ppp/lcp-echo-interval-failure.xml.i> #include <include/accel-ppp/lcp-echo-timeout.xml.i> </children> </node> <node name="ssl"> <properties> <help>SSL Certificate, SSL Key and CA (/config/user-data/sstp)</help> </properties> <children> #include <include/certificate.xml.i> #include <include/certificate-ca.xml.i> #include <include/certificate-key.xml.i> </children> </node> </children> </node> </children> </node> </interfaceDefinition>