Some VPN parameters are mistyped in the source, fix them
and update documentation. Add deprecated-label to
OpenVPN.TLSRemote.
---
I went through all of the VPN parameters, and I believe the parameters are
correct now (I don't have means to properly test them). Turns out xl2tpd.conf's
man page is actually incorrect about itself; the client or whatever it is
parses more options than mentioned in the man page and for example, the man
page says the option is 'flow bits' but the program parses the option 'flow
bit'...
Also worth of notice is that there is an option called 'PPPD.UseAccomp' which
when set to true disables accomp.
doc/vpn-config-format.txt | 17 +
vpn/plugins/l2tp.c| 4 ++--
vpn/plugins/pptp.c| 2 +-
vpn/plugins/vpnc.c| 2 +-
4 files changed, 13 insertions(+), 12 deletions(-)
diff --git a/doc/vpn-config-format.txt b/doc/vpn-config-format.txt
index 23c9c14..0bccdf1 100644
--- a/doc/vpn-config-format.txt
+++ b/doc/vpn-config-format.txt
@@ -88,7 +88,8 @@ OpenVPN VPN supports following options (see openvpn(8) for
details):
--auth-user-pass value (O)
OpenVPN.TLSRemote --tls-remote Accept connections only from a host
with X509 name or common name equal
- to name parameter (O)
+ to name parameter (O). Deprecated in
+ OpenVPN 2.3+.
OpenVPN.TLSAuthsub-option of --tls-remote (O)
OpenVPN.TLSAuthDir sub-option of --tls-remote (O)
OpenVPN.Cipher --cipher Encrypt packets with cipher algorithm
@@ -113,14 +114,14 @@ VPNC VPN supports following options (see vpnc(8) for
details):
VPNC.Xauth.Password Xauth passwordyour password (cleartext) (O)
VPNC.IKE.Authmode IKE Authmode IKE Authentication mode (O)
VPNC.IKE.DHGroupIKE DH Group name of the IKE DH Group (O)
- VPNC.PFS PerfectForward Secrecy Diffie-Hellman group to use for PFS
(O)
+ VPNC.PFSPerfect Forward SecrecyDiffie-Hellman group to use
for PFS (O)
VPNC.Domain DomainDomain name for authentication (O)
VPNC.Vendor Vendorvendor of your IPSec gateway (O)
VPNC.LocalPort Local Portlocal ISAKMP port number to use
- VPNC.CiscoPort Cisco UDP Encapsulation Port Local UDP port number to
use (O)
- VPNC.AppVersion Application Version Application Version to report (O)
+ VPNC.CiscoPort Cisco UDP Encapsulation PortLocal UDP port number to
use (O)
+ VPNC.AppVersion Application version Application Version to report (O)
VPNC.NATTMode NAT Traversal ModeWhich NAT-Traversal Method to use
(O)
- VPNC.DPDTimeout DPD idle timeout (our side) Send DPD packet after
timeout (O)
+ VPNC.DPDTimeout DPD idle timeout (our side)Send DPD packet after
timeout (O)
VPNC.SingleDES Enable Single DES enables single DES encryption (O)
VPNC.NoEncryption Enable no encryption enables using no encryption for
data traffic (O)
@@ -162,13 +163,13 @@ L2TP VPN supports following options (see xl2tpd.conf(5)
and pppd(8) for details)
PPPD.RefuseMSCHAP2 refuse-mschapv2Deny mschapv2 auth (O)
PPPD.NoBSDComp nobsdcomp Disables BSD compression (O)
PPPD.NoPcompnopcompDisable protocol compression (O)
- PPPD.UseAccomp accomp Disable address/control
compression (O)
+ PPPD.UseAccomp noaccomp Disable address/control
compression (O)
PPPD.NoDeflate nodeflate Disable deflate compression (O)
PPPD.ReqMPPErequire-mppe Require the use of MPPE (O)
PPPD.ReqMPPE40 require-mppe-40Require the use of MPPE 40 bit (O)
PPPD.ReqMPPE128 require-mppe-128 Require the use of MPPE 128 bit (O)
PPPD.ReqMPPEStateful mppe-stateful Allow MPPE to use stateful mode (O)
- PPPD.NoVJ no-vj-comp No Van Jacobson compression (O)
+ PPPD.NoVJ novj No Van Jacobson compression (O)
PPTP VPN supports following options (see pptp(8) and pppd(8) for details)
@@ -193,7 +194,7 @@ PPTP VPN supports following options (see pptp(8) and
pppd(8) for details)
PPPD.RequirMPPE40 require-mppe-40 Require the use of MPPE 40 bit (O)
PPPD.RequirMPPE128 require-mppe-128 Require the use of MPPE 128 bit (O)
PPPD.RequirMPPEStateful mppe-statefulAllow MPPE to use stateful mode (O)
- PPPD.NoVJ no-vj-comp No Van Jacobson compression (O)
+ PPPD.NoVJ novj No Van Jacobson compression (O)
Example
diff --git a/vpn/plugins/l2tp.c b/vpn/plugins/l2tp.c
index 372e2ed..a0d22c4 100644
--- a/vpn/plugins/l2tp.c
+++ b/vpn/plugins/l2tp.c
@@ -108,13 +108,13 @@ struct {
{ "PPPD.RefuseMSCHAP2", "refus