L2TP: change to 80 characters column width

docs/vpn/l2tp.rst

@@ -3,7 +3,8 @@
 L2TP
 -----------
 
-VyOS utilizes accel-ppp_ to provide SSTP server functionality. It can be used with local authentication or a connected RADIUS server. 
+VyOS utilizes accel-ppp_ to provide SSTP server functionality. It can be used
+with local authentication or a connected RADIUS server.
 
 L2TP over IPsec
 ===============
@@ -26,7 +27,8 @@ with native Windows and Mac VPN clients):
   set vpn l2tp remote-access authentication mode local
   set vpn l2tp remote-access authentication local-users username test password 'test'
 
-In the example above an external IP of 192.0.2.2 is assumed. Nexthop IP address 192.168.255.1 uses as client tunnel termination point.
+In the example above an external IP of 192.0.2.2 is assumed. Nexthop IP address
+192.168.255.1 uses as client tunnel termination point.
 
 If a local firewall policy is in place on your external interface you will need
 to allow the ports below:
@@ -66,7 +68,8 @@ To allow VPN-clients access via your external address, a NAT rule is required:
   set nat source rule 110 translation address masquerade
 
 
-VPN-clients will request configuration parameters, optionally you can DNS parameter to the client.
+VPN-clients will request configuration parameters, optionally you can DNS
+parameter to the client.
 
 .. code-block:: sh
 
@@ -105,9 +108,12 @@ Below is an example to configure a LNS:
   set vpn l2tp remote-access authentication mode local
   set vpn l2tp remote-access authentication local-users username test password 'test'
 
-The example above uses 192.0.2.2 as external IP address, the nexthop is supposed to be 192.168.255.1 and is used as client termination point.
+The example above uses 192.0.2.2 as external IP address, the nexthop is supposed
-A LAC normally requires an authentication password, which is set in the example configuration to ``lns shared-secret 'secret'``.
+to be 192.168.255.1 and is used as client termination point. A LAC normally
-This setup requires the Compression Control Protocol (CCP) being disabled, the command ``set vpn l2tp remote-access ccp-disable`` accomplishes that. 
+requires an authentication password, which is set in the example configuration
+to ``lns shared-secret 'secret'``. This setup requires the Compression Control
+Protocol (CCP) being disabled, the command ``set vpn l2tp remote-access ccp-disable``
+accomplishes that.
 
 
 Bandwidth Shaping
@@ -139,23 +145,26 @@ The rate-limit is set in kbit/sec.
 RADIUS authentication
 ======================
 
-To enable RADIUS based authentication, the authentication mode needs to be changed withing the configuration.
+To enable RADIUS based authentication, the authentication mode needs to be
-Previous settings like the local users, still exists within the configuration, however they are not used if the mode
+changed withing the configuration. Previous settings like the local users, still
-has been changed from local to radius. Once changed back to local, it will use all local accounts again.
+exists within the configuration, however they are not used if the mode has been
+changed from local to radius. Once changed back to local, it will use all local
+accounts again.
 
 .. code-block:: sh
 
   set vpn l2tp remote-access authentication mode <local|radius>
 
-Since the RADIUS server would be a single point of failure, multiple RADIUS server can be setup and will be used subsequentially. 
+Since the RADIUS server would be a single point of failure, multiple RADIUS
+servers can be setup and will be used subsequentially.
 
 .. code-block:: sh
 
   set vpn l2tp remote-access authentication radius server 10.0.0.1 key 'foo'
   set vpn l2tp remote-access authentication radius server 10.0.0.2 key 'foo'
 
-.. note:: Some RADIUS_ severs use an access control list which allows or denies queries,  
+.. note:: Some RADIUS_ severs use an access control list which allows or denies
-   make sure to add your VyOS router to the allowed client list.
+   queries, make sure to add your VyOS router to the allowed client list.
 
 RADIUS source address
 ^^^^^^^^^^^^^^^^^^^^^
@@ -171,8 +180,8 @@ single source IP e.g. the loopback interface.
 Above command will use `10.0.0.3` as source IPv4 address for all RADIUS queries
 on this NAS.
 
-.. note::
+.. note:: The ``source-address`` must be configured on one of VyOS interface.
-  The ``source-address`` must be configured on one of VyOS interface.
+   Best proctice would be a loopback or dummy interface.
 
 RADIUS bandwidth shaping attribute
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -183,31 +192,40 @@ To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enable
 
   set vpn l2tp remote-access authentication radius rate-limit enable
 
-The default RADIUS attribute for rate limiting is ``Filter-Id``, but you may also redefine it.
+The default RADIUS attribute for rate limiting is ``Filter-Id``, but you may also
+redefine it.
 
 .. code-block:: sh
 
   set vpn l2tp remote-access authentication radius rate-limit attribute Download-Speed
 
-.. note:: If you set a custom RADIUS attribute you must define it on both dictionaries at RADIUS server and client, which is the vyos router in our example.
+.. note:: If you set a custom RADIUS attribute you must define it on both
+   dictionaries at RADIUS server and client, which is the vyos router in our
+   example.
 
 The RADIUS dictionaries in VyOS are located at ``/usr/share/accel-ppp/radius/``
 
 RADIUS advanced features
 ^^^^^^^^^^^^^^^^^^^^^^^^
-Received RADIUS attributes have a higher priority than parameters defined withm the cli configuration, refer to the explanation below.
+
+Received RADIUS attributes have a higher priority than parameters defined within
+the CLI configuration, refer to the explanation below.
 
 Allocation clients ip addresses by RADIUS
 *****************************************
 
-If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ip-pool within the cli config is being ignored.
+If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP
+address will be allocated to the client and the option ip-pool within the CLI
+config is being ignored.
 
 Renaming clients interfaces by RADIUS
 *************************************
 
-If the RADIUS server uses the attribute ``NAS-Port-Id``, ppp tunnels will be renamed.
+If the RADIUS server uses the attribute ``NAS-Port-Id``, ppp tunnels will be
+renamed.
 
-.. note:: The value of the attribute ``NAS-Port-Id`` must be less than 16 characters, otherwise the interface won't be renamed.
+.. note:: The value of the attribute ``NAS-Port-Id`` must be less than 16
+   characters, otherwise the interface won't be renamed.
 
 
 .. _`Google Public DNS`: https://developers.google.com/speed/public-dns