diff options
| author | Christian Breunig <christian@breunig.cc> | 2023-12-30 23:25:20 +0100 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2023-12-31 23:49:48 +0100 |
| commit | 4ef110fd2c501b718344c72d495ad7e16d2bd465 (patch) | |
| tree | e98bf08f93c029ec4431a3b6ca078e7562e0cc58 /interface-definitions/interfaces-openvpn.xml.in | |
| parent | 2286b8600da6c631b17e1d5b9b341843e50f9abf (diff) | |
| download | vyos-1x-4ef110fd2c501b718344c72d495ad7e16d2bd465.tar.gz vyos-1x-4ef110fd2c501b718344c72d495ad7e16d2bd465.zip | |
T5474: establish common file name pattern for XML conf mode commands
We will use _ as CLI level divider. The XML definition filename and also
the Python helper should match the CLI node.
Example:
set interfaces ethernet -> interfaces_ethernet.xml.in
set interfaces bond -> interfaces_bond.xml.in
set service dhcp-server -> service_dhcp-server-xml.in
Diffstat (limited to 'interface-definitions/interfaces-openvpn.xml.in')
| -rw-r--r-- | interface-definitions/interfaces-openvpn.xml.in | 809 |
1 files changed, 0 insertions, 809 deletions
diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in deleted file mode 100644 index b8b04334c..000000000 --- a/interface-definitions/interfaces-openvpn.xml.in +++ /dev/null @@ -1,809 +0,0 @@ -<?xml version="1.0"?> -<interfaceDefinition> - <node name="interfaces"> - <children> - <tagNode name="openvpn" owner="${vyos_conf_scripts_dir}/interfaces-openvpn.py"> - <properties> - <help>OpenVPN Tunnel Interface</help> - <priority>460</priority> - <constraint> - <regex>vtun[0-9]+</regex> - </constraint> - <constraintErrorMessage>OpenVPN tunnel interface must be named vtunN</constraintErrorMessage> - <valueHelp> - <format>vtunN</format> - <description>OpenVPN interface name</description> - </valueHelp> - </properties> - <children> - #include <include/interface/authentication.xml.i> - #include <include/generic-description.xml.i> - <leafNode name="device-type"> - <properties> - <help>OpenVPN interface device-type</help> - <completionHelp> - <list>tun tap</list> - </completionHelp> - <valueHelp> - <format>tun</format> - <description>TUN device, required for OSI layer 3</description> - </valueHelp> - <valueHelp> - <format>tap</format> - <description>TAP device, required for OSI layer 2</description> - </valueHelp> - <constraint> - <regex>(tun|tap)</regex> - </constraint> - </properties> - <defaultValue>tun</defaultValue> - </leafNode> - #include <include/interface/disable.xml.i> - <node name="encryption"> - <properties> - <help>Data Encryption settings</help> - </properties> - <children> - <leafNode name="cipher"> - <properties> - <help>Standard Data Encryption Algorithm</help> - <completionHelp> - <list>none 3des aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm</list> - </completionHelp> - <valueHelp> - <format>none</format> - <description>Disable encryption</description> - </valueHelp> - <valueHelp> - <format>3des</format> - <description>DES algorithm with triple encryption</description> - </valueHelp> - <valueHelp> - <format>aes128</format> - <description>AES algorithm with 128-bit key CBC</description> - </valueHelp> - <valueHelp> - <format>aes128gcm</format> - <description>AES algorithm with 128-bit key GCM</description> - </valueHelp> - <valueHelp> - <format>aes192</format> - <description>AES algorithm with 192-bit key CBC</description> - </valueHelp> - <valueHelp> - <format>aes192gcm</format> - <description>AES algorithm with 192-bit key GCM</description> - </valueHelp> - <valueHelp> - <format>aes256</format> - <description>AES algorithm with 256-bit key CBC</description> - </valueHelp> - <valueHelp> - <format>aes256gcm</format> - <description>AES algorithm with 256-bit key GCM</description> - </valueHelp> - <constraint> - <regex>(none|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="ncp-ciphers"> - <properties> - <help>Cipher negotiation list for use in server or client mode</help> - <completionHelp> - <list>none 3des aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm</list> - </completionHelp> - <valueHelp> - <format>none</format> - <description>Disable encryption</description> - </valueHelp> - <valueHelp> - <format>3des</format> - <description>DES algorithm with triple encryption</description> - </valueHelp> - <valueHelp> - <format>aes128</format> - <description>AES algorithm with 128-bit key CBC</description> - </valueHelp> - <valueHelp> - <format>aes128gcm</format> - <description>AES algorithm with 128-bit key GCM</description> - </valueHelp> - <valueHelp> - <format>aes192</format> - <description>AES algorithm with 192-bit key CBC</description> - </valueHelp> - <valueHelp> - <format>aes192gcm</format> - <description>AES algorithm with 192-bit key GCM</description> - </valueHelp> - <valueHelp> - <format>aes256</format> - <description>AES algorithm with 256-bit key CBC</description> - </valueHelp> - <valueHelp> - <format>aes256gcm</format> - <description>AES algorithm with 256-bit key GCM</description> - </valueHelp> - <constraint> - <regex>(none|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm)</regex> - </constraint> - <multi/> - </properties> - </leafNode> - </children> - </node> - #include <include/interface/ipv4-options.xml.i> - #include <include/interface/ipv6-options.xml.i> - #include <include/interface/mirror.xml.i> - <leafNode name="hash"> - <properties> - <help>Hashing Algorithm</help> - <completionHelp> - <list>md5 sha1 sha256 sha384 sha512</list> - </completionHelp> - <valueHelp> - <format>md5</format> - <description>MD5 algorithm</description> - </valueHelp> - <valueHelp> - <format>sha1</format> - <description>SHA-1 algorithm</description> - </valueHelp> - <valueHelp> - <format>sha256</format> - <description>SHA-256 algorithm</description> - </valueHelp> - <valueHelp> - <format>sha384</format> - <description>SHA-384 algorithm</description> - </valueHelp> - <valueHelp> - <format>sha512</format> - <description>SHA-512 algorithm</description> - </valueHelp> - <constraint> - <regex>(md5|sha1|sha256|sha384|sha512)</regex> - </constraint> - </properties> - </leafNode> - <node name="keep-alive"> - <properties> - <help>Keepalive helper options</help> - </properties> - <children> - <leafNode name="failure-count"> - <properties> - <help>Maximum number of keepalive packet failures</help> - <valueHelp> - <format>u32:0-1000</format> - <description>Maximum number of keepalive packet failures</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-1000"/> - </constraint> - </properties> - <defaultValue>60</defaultValue> - </leafNode> - <leafNode name="interval"> - <properties> - <help>Keepalive packet interval in seconds</help> - <valueHelp> - <format>u32:0-600</format> - <description>Keepalive packet interval (seconds)</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-600"/> - </constraint> - </properties> - <defaultValue>10</defaultValue> - </leafNode> - </children> - </node> - <tagNode name="local-address"> - <properties> - <help>Local IP address of tunnel (IPv4 or IPv6)</help> - <constraint> - <validator name="ip-address"/> - </constraint> - </properties> - <children> - <leafNode name="subnet-mask"> - <properties> - <help>Subnet-mask for local IP address of tunnel (IPv4 only)</help> - <constraint> - <validator name="ipv4-address"/> - </constraint> - </properties> - </leafNode> - </children> - </tagNode> - <leafNode name="local-host"> - <properties> - <help>Local IP address to accept connections (all if not set)</help> - <valueHelp> - <format>ipv4</format> - <description>Local IPv4 address</description> - </valueHelp> - <valueHelp> - <format>ipv6</format> - <description>Local IPv6 address</description> - </valueHelp> - <constraint> - <validator name="ip-address"/> - </constraint> - </properties> - </leafNode> - <leafNode name="local-port"> - <properties> - <help>Local port number to accept connections</help> - <valueHelp> - <format>u32:1-65535</format> - <description>Numeric IP port</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> - </leafNode> - <leafNode name="mode"> - <properties> - <help>OpenVPN mode of operation</help> - <completionHelp> - <list>site-to-site client server</list> - </completionHelp> - <valueHelp> - <format>site-to-site</format> - <description>Site-to-site mode</description> - </valueHelp> - <valueHelp> - <format>client</format> - <description>Client in client-server mode</description> - </valueHelp> - <valueHelp> - <format>server</format> - <description>Server in client-server mode</description> - </valueHelp> - <constraint> - <regex>(site-to-site|client|server)</regex> - </constraint> - </properties> - </leafNode> - <node name="offload"> - <properties> - <help>Configurable offload options</help> - </properties> - <children> - <leafNode name="dco"> - <properties> - <help>Enable data channel offload on this interface</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> - <leafNode name="openvpn-option"> - <properties> - <help>Additional OpenVPN options. You must use the syntax of openvpn.conf in this text-field. Using this without proper knowledge may result in a crashed OpenVPN server. Check system log to look for errors.</help> - <multi/> - </properties> - </leafNode> - <leafNode name="persistent-tunnel"> - <properties> - <help>Do not close and reopen interface (TUN/TAP device) on client restarts</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="protocol"> - <properties> - <help>OpenVPN communication protocol</help> - <completionHelp> - <list>udp tcp-passive tcp-active</list> - </completionHelp> - <valueHelp> - <format>udp</format> - <description>UDP</description> - </valueHelp> - <valueHelp> - <format>tcp-passive</format> - <description>TCP and accepts connections passively</description> - </valueHelp> - <valueHelp> - <format>tcp-active</format> - <description>TCP and initiates connections actively</description> - </valueHelp> - <constraint> - <regex>(udp|tcp-passive|tcp-active)</regex> - </constraint> - </properties> - <defaultValue>udp</defaultValue> - </leafNode> - <leafNode name="remote-address"> - <properties> - <help>IP address of remote end of tunnel</help> - <valueHelp> - <format>ipv4</format> - <description>Remote end IPv4 address</description> - </valueHelp> - <valueHelp> - <format>ipv6</format> - <description>Remote end IPv6 address</description> - </valueHelp> - <constraint> - <validator name="ip-address"/> - </constraint> - <multi/> - </properties> - </leafNode> - <leafNode name="remote-host"> - <properties> - <help>Remote host to connect to (dynamic if not set)</help> - <valueHelp> - <format>ipv4</format> - <description>IPv4 address of remote host</description> - </valueHelp> - <valueHelp> - <format>ipv6</format> - <description>IPv6 address of remote host</description> - </valueHelp> - <valueHelp> - <format>txt</format> - <description>Hostname of remote host</description> - </valueHelp> - <multi/> - </properties> - </leafNode> - <leafNode name="remote-port"> - <properties> - <help>Remote port number to connect to</help> - <valueHelp> - <format>u32:1-65535</format> - <description>Numeric IP port</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> - </leafNode> - <node name="replace-default-route"> - <properties> - <help>OpenVPN tunnel to be used as the default route</help> - </properties> - <children> - <leafNode name="local"> - <properties> - <help>Tunnel endpoints are on the same subnet</help> - </properties> - </leafNode> - </children> - </node> - <node name="server"> - <properties> - <help>Server-mode options</help> - </properties> - <children> - <tagNode name="client"> - <properties> - <help>Client-specific settings</help> - <valueHelp> - <format>name</format> - <description>Client common-name in the certificate</description> - </valueHelp> - </properties> - <children> - #include <include/generic-disable-node.xml.i> - <leafNode name="ip"> - <properties> - <help>IP address of the client</help> - <valueHelp> - <format>ipv4</format> - <description>Client IPv4 address</description> - </valueHelp> - <valueHelp> - <format>ipv6</format> - <description>Client IPv6 address</description> - </valueHelp> - <constraint> - <validator name="ip-address"/> - </constraint> - <multi/> - </properties> - </leafNode> - <leafNode name="push-route"> - <properties> - <help>Route to be pushed to the client</help> - <valueHelp> - <format>ipv4net</format> - <description>IPv4 network and prefix length</description> - </valueHelp> - <valueHelp> - <format>ipv6net</format> - <description>IPv6 network and prefix length</description> - </valueHelp> - <constraint> - <validator name="ip-prefix"/> - </constraint> - <multi/> - </properties> - </leafNode> - <leafNode name="subnet"> - <properties> - <help>Subnet belonging to the client (iroute)</help> - <valueHelp> - <format>ipv4net</format> - <description>IPv4 network and prefix length belonging to the client</description> - </valueHelp> - <valueHelp> - <format>ipv6net</format> - <description>IPv6 network and prefix length belonging to the client</description> - </valueHelp> - <constraint> - <validator name="ip-prefix"/> - </constraint> - <multi/> - </properties> - </leafNode> - </children> - </tagNode> - <node name="client-ip-pool"> - <properties> - <help>Pool of client IPv4 addresses</help> - </properties> - <children> - #include <include/generic-disable-node.xml.i> - <leafNode name="start"> - <properties> - <help>First IP address in the pool</help> - <constraint> - <validator name="ipv4-address"/> - </constraint> - <valueHelp> - <format>ipv4</format> - <description>IPv4 address</description> - </valueHelp> - </properties> - </leafNode> - <leafNode name="stop"> - <properties> - <help>Last IP address in the pool</help> - <constraint> - <validator name="ipv4-address"/> - </constraint> - <valueHelp> - <format>ipv4</format> - <description>IPv4 address</description> - </valueHelp> - </properties> - </leafNode> - <leafNode name="subnet-mask"> - <properties> - <help>Subnet mask pushed to dynamic clients. If not set the server subnet mask will be used. Only used with topology subnet or device type tap. Not used with bridged interfaces.</help> - <constraint> - <validator name="ipv4-address"/> - </constraint> - <valueHelp> - <format>ipv4</format> - <description>IPv4 subnet mask</description> - </valueHelp> - </properties> - </leafNode> - </children> - </node> - <node name="client-ipv6-pool"> - <properties> - <help>Pool of client IPv6 addresses</help> - </properties> - <children> - <leafNode name="base"> - <properties> - <help>Client IPv6 pool base address with optional prefix length</help> - <valueHelp> - <format>ipv6net</format> - <description>Client IPv6 pool base address with optional prefix length (defaults: base = server subnet + 0x1000, prefix length = server prefix length)</description> - </valueHelp> - <constraint> - <validator name="ipv6"/> - </constraint> - </properties> - </leafNode> - #include <include/generic-disable-node.xml.i> - </children> - </node> - <leafNode name="domain-name"> - <properties> - <help>DNS suffix to be pushed to all clients</help> - <valueHelp> - <format>txt</format> - <description>Domain Name Server suffix</description> - </valueHelp> - </properties> - </leafNode> - <leafNode name="max-connections"> - <properties> - <help>Number of maximum client connections</help> - <valueHelp> - <format>u32:1-4096</format> - <description>Number of concurrent clients</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-4096"/> - </constraint> - </properties> - </leafNode> - #include <include/name-server-ipv4-ipv6.xml.i> - <tagNode name="push-route"> - <properties> - <help>Route to be pushed to all clients</help> - <valueHelp> - <format>ipv4net</format> - <description>IPv4 network and prefix length</description> - </valueHelp> - <valueHelp> - <format>ipv6net</format> - <description>IPv6 network and prefix length</description> - </valueHelp> - <constraint> - <validator name="ip-prefix"/> - </constraint> - </properties> - <children> - <leafNode name="metric"> - <properties> - <help>Set metric for this route</help> - <valueHelp> - <format>u32:0-4294967295</format> - <description>Metric for this route</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 0-4294967295"/> - </constraint> - </properties> - <defaultValue>0</defaultValue> - </leafNode> - </children> - </tagNode> - <leafNode name="reject-unconfigured-clients"> - <properties> - <help>Reject connections from clients that are not explicitly configured</help> - <valueless/> - </properties> - </leafNode> - <leafNode name="subnet"> - <properties> - <help>Server-mode subnet (from which client IPs are allocated)</help> - <valueHelp> - <format>ipv4net</format> - <description>IPv4 network and prefix length</description> - </valueHelp> - <valueHelp> - <format>ipv6net</format> - <description>IPv6 network and prefix length</description> - </valueHelp> - <constraint> - <validator name="ip-prefix"/> - </constraint> - <multi/> - </properties> - </leafNode> - <leafNode name="topology"> - <properties> - <help>Topology for clients</help> - <completionHelp> - <list>net30 point-to-point subnet</list> - </completionHelp> - <valueHelp> - <format>net30</format> - <description>net30 topology</description> - </valueHelp> - <valueHelp> - <format>point-to-point</format> - <description>Point-to-point topology</description> - </valueHelp> - <valueHelp> - <format>subnet</format> - <description>Subnet topology</description> - </valueHelp> - <constraint> - <regex>(subnet|point-to-point|net30)</regex> - </constraint> - </properties> - <defaultValue>net30</defaultValue> - </leafNode> - <node name="mfa"> - <properties> - <help>multi-factor authentication</help> - </properties> - <children> - <node name="totp"> - <properties> - <help>Time-based one-time passwords</help> - </properties> - <children> - <leafNode name="slop"> - <properties> - <help>Maximum allowed clock slop in seconds</help> - <valueHelp> - <format>1-65535</format> - <description>Seconds</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> - <defaultValue>180</defaultValue> - </leafNode> - <leafNode name="drift"> - <properties> - <help>Time drift in seconds</help> - <valueHelp> - <format>1-65535</format> - <description>Seconds</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> - <defaultValue>0</defaultValue> - </leafNode> - <leafNode name="step"> - <properties> - <help>Step value for totp in seconds</help> - <valueHelp> - <format>1-65535</format> - <description>Seconds</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> - <defaultValue>30</defaultValue> - </leafNode> - <leafNode name="digits"> - <properties> - <help>Number of digits to use for totp hash</help> - <valueHelp> - <format>1-65535</format> - <description>Seconds</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> - <defaultValue>6</defaultValue> - </leafNode> - <leafNode name="challenge"> - <properties> - <help>Expect password as result of a challenge response protocol</help> - <completionHelp> - <list>disable enable</list> - </completionHelp> - <valueHelp> - <format>disable</format> - <description>Disable challenge-response</description> - </valueHelp> - <valueHelp> - <format>enable</format> - <description>Enable chalenge-response</description> - </valueHelp> - <constraint> - <regex>(disable|enable)</regex> - </constraint> - </properties> - <defaultValue>enable</defaultValue> - </leafNode> - </children> - </node> - </children> - </node> - </children> - </node> - <leafNode name="shared-secret-key"> - <properties> - <help>Secret key shared with remote end of tunnel</help> - <completionHelp> - <path>pki openvpn shared-secret</path> - </completionHelp> - </properties> - </leafNode> - <node name="tls"> - <properties> - <help>Transport Layer Security (TLS) options</help> - </properties> - <children> - <leafNode name="auth-key"> - <properties> - <help>TLS shared secret key for tls-auth</help> - <completionHelp> - <path>pki openvpn shared-secret</path> - </completionHelp> - </properties> - </leafNode> - #include <include/pki/certificate.xml.i> - #include <include/pki/ca-certificate-multi.xml.i> - <leafNode name="dh-params"> - <properties> - <help>Diffie Hellman parameters (server only)</help> - <completionHelp> - <path>pki dh</path> - </completionHelp> - </properties> - </leafNode> - <leafNode name="crypt-key"> - <properties> - <help>Static key to use to authenticate control channel</help> - <completionHelp> - <path>pki openvpn shared-secret</path> - </completionHelp> - </properties> - </leafNode> - <leafNode name="peer-fingerprint"> - <properties> - <multi/> - <help>Peer certificate SHA256 fingerprint</help> - <constraint> - <regex>[0-9a-fA-F]{2}:([0-9a-fA-F]{2}:){30}[0-9a-fA-F]{2}</regex> - </constraint> - <constraintErrorMessage>Peer certificate fingerprint must be a colon-separated SHA256 hex digest</constraintErrorMessage> - </properties> - </leafNode> - <leafNode name="tls-version-min"> - <properties> - <help>Specify the minimum required TLS version</help> - <completionHelp> - <list>1.0 1.1 1.2 1.3</list> - </completionHelp> - <valueHelp> - <format>1.0</format> - <description>TLS v1.0</description> - </valueHelp> - <valueHelp> - <format>1.1</format> - <description>TLS v1.1</description> - </valueHelp> - <valueHelp> - <format>1.2</format> - <description>TLS v1.2</description> - </valueHelp> - <valueHelp> - <format>1.3</format> - <description>TLS v1.3</description> - </valueHelp> - <constraint> - <regex>(1.0|1.1|1.2|1.3)</regex> - </constraint> - </properties> - </leafNode> - <leafNode name="role"> - <properties> - <help>TLS negotiation role</help> - <completionHelp> - <list>active passive</list> - </completionHelp> - <valueHelp> - <format>active</format> - <description>Initiate TLS negotiation actively</description> - </valueHelp> - <valueHelp> - <format>passive</format> - <description>Wait for incoming TLS connection</description> - </valueHelp> - <constraint> - <regex>(active|passive)</regex> - </constraint> - </properties> - </leafNode> - </children> - </node> - <leafNode name="use-lzo-compression"> - <properties> - <help>Use fast LZO compression on this TUN/TAP interface</help> - <valueless/> - </properties> - </leafNode> - #include <include/interface/redirect.xml.i> - #include <include/interface/vrf.xml.i> - </children> - </tagNode> - </children> - </node> -</interfaceDefinition> |