summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
authorkhramshinr <khramshinr@gmail.com>2024-05-29 19:46:20 +0600
committerkhramshinr <khramshinr@gmail.com>2024-06-24 20:16:31 +0600
commitf6131611e15a644312e3c4baf5b8f6387c2930e7 (patch)
treeb7b710ca5c9f5f44838f4f4b5b25ed97f70fa1b6 /interface-definitions
parentc90a55375f6b60ba0d0d545b33927a2aae4d6aad (diff)
downloadvyos-1x-f6131611e15a644312e3c4baf5b8f6387c2930e7.tar.gz
vyos-1x-f6131611e15a644312e3c4baf5b8f6387c2930e7.zip
T5735: Stunnel CLI and configuration
Add CLI commands Add config Add conf_mode Add systemd config Add stunnel smoketests Add log level config
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/include/stunnel/address.xml.i20
-rw-r--r--interface-definitions/include/stunnel/connect.xml.i11
-rw-r--r--interface-definitions/include/stunnel/listen.xml.i11
-rw-r--r--interface-definitions/include/stunnel/protocol-options.xml.i75
-rw-r--r--interface-definitions/include/stunnel/protocol-value-cifs.xml.i6
-rw-r--r--interface-definitions/include/stunnel/protocol-value-connect.xml.i6
-rw-r--r--interface-definitions/include/stunnel/protocol-value-imap.xml.i6
-rw-r--r--interface-definitions/include/stunnel/protocol-value-nntp.xml.i6
-rw-r--r--interface-definitions/include/stunnel/protocol-value-pgsql.xml.i6
-rw-r--r--interface-definitions/include/stunnel/protocol-value-pop3.xml.i6
-rw-r--r--interface-definitions/include/stunnel/protocol-value-proxy.xml.i6
-rw-r--r--interface-definitions/include/stunnel/protocol-value-smtp.xml.i6
-rw-r--r--interface-definitions/include/stunnel/protocol-value-socks.xml.i6
-rw-r--r--interface-definitions/include/stunnel/psk.xml.i30
-rw-r--r--interface-definitions/include/stunnel/ssl.xml.i11
-rw-r--r--interface-definitions/service_stunnel.xml.in130
16 files changed, 342 insertions, 0 deletions
diff --git a/interface-definitions/include/stunnel/address.xml.i b/interface-definitions/include/stunnel/address.xml.i
new file mode 100644
index 000000000..d2901d595
--- /dev/null
+++ b/interface-definitions/include/stunnel/address.xml.i
@@ -0,0 +1,20 @@
+<!-- include start from stunnel/address.xml.i -->
+<leafNode name="address">
+ <properties>
+ <help>Hostname or IP address</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 address</description>
+ </valueHelp>
+ <valueHelp>
+ <format>hostname</format>
+ <description>hostname</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ip-address"/>
+ <validator name="fqdn"/>
+ </constraint>
+ <constraintErrorMessage>Invalid FQDN or IP address</constraintErrorMessage>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/stunnel/connect.xml.i b/interface-definitions/include/stunnel/connect.xml.i
new file mode 100644
index 000000000..cd6246a00
--- /dev/null
+++ b/interface-definitions/include/stunnel/connect.xml.i
@@ -0,0 +1,11 @@
+<!-- include start from stunnel/connect.xml.i -->
+<node name="connect">
+ <properties>
+ <help>Connect to a remote address</help>
+ </properties>
+ <children>
+ #include <include/stunnel/address.xml.i>
+ #include <include/port-number.xml.i>
+ </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/include/stunnel/listen.xml.i b/interface-definitions/include/stunnel/listen.xml.i
new file mode 100644
index 000000000..13d0986ee
--- /dev/null
+++ b/interface-definitions/include/stunnel/listen.xml.i
@@ -0,0 +1,11 @@
+<!-- include start from stunnel/listen.xml.i -->
+<node name="listen">
+ <properties>
+ <help>Accept connections on specified address</help>
+ </properties>
+ <children>
+ #include <include/stunnel/address.xml.i>
+ #include <include/port-number.xml.i>
+ </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/include/stunnel/protocol-options.xml.i b/interface-definitions/include/stunnel/protocol-options.xml.i
new file mode 100644
index 000000000..2f0202875
--- /dev/null
+++ b/interface-definitions/include/stunnel/protocol-options.xml.i
@@ -0,0 +1,75 @@
+<!-- include start from stunel/protocol-options.xml.i -->
+<node name="options">
+ <properties>
+ <help>Advanced protocol options</help>
+ </properties>
+ <children>
+ <leafNode name="authentication">
+ <properties>
+ <help>Authentication type for the protocol negotiations</help>
+ <completionHelp>
+ <list>basic ntlm plain login</list>
+ </completionHelp>
+ <valueHelp>
+ <format>basic</format>
+ <description>The default 'connect' authentication type</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ntlm</format>
+ <description>Supported authentication types for the 'connect' protocol</description>
+ </valueHelp>
+ <valueHelp>
+ <format>plain</format>
+ <description>The default 'smtp' authentication type</description>
+ </valueHelp>
+ <valueHelp>
+ <format>login</format>
+ <description>Supported authentication types for the 'smtp' protocol</description>
+ </valueHelp>
+ <constraint>
+ <regex>(basic|ntlm|plain|login)</regex>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="domain">
+ <properties>
+ <help>Domain for the 'connect' protocol.</help>
+ <valueHelp>
+ <format>domain</format>
+ <description>domain</description>
+ </valueHelp>
+ <constraint>
+ <validator name="fqdn"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <node name="host">
+ <properties>
+ <help>Destination address for the 'connect' protocol</help>
+ </properties>
+ <children>
+ #include <include/stunnel/address.xml.i>
+ #include <include/port-number.xml.i>
+ </children>
+ </node>
+ <leafNode name="password">
+ <properties>
+ <help>Password for the protocol negotiations</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>Authentication password</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ <leafNode name="username">
+ <properties>
+ <help>Username for the protocol negotiations</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>Authentication username</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/include/stunnel/protocol-value-cifs.xml.i b/interface-definitions/include/stunnel/protocol-value-cifs.xml.i
new file mode 100644
index 000000000..5b9484750
--- /dev/null
+++ b/interface-definitions/include/stunnel/protocol-value-cifs.xml.i
@@ -0,0 +1,6 @@
+<!-- include start from stunnel/protocol-value-cifs.xml.i -->
+<valueHelp>
+ <format>cifs</format>
+ <description>Proprietary (undocummented) extension of CIFS protocol</description>
+</valueHelp>
+<!-- include end -->
diff --git a/interface-definitions/include/stunnel/protocol-value-connect.xml.i b/interface-definitions/include/stunnel/protocol-value-connect.xml.i
new file mode 100644
index 000000000..3c30e71ca
--- /dev/null
+++ b/interface-definitions/include/stunnel/protocol-value-connect.xml.i
@@ -0,0 +1,6 @@
+<!-- include start from stunnel/protocol-value-connect.xml.i -->
+<valueHelp>
+ <format>connect</format>
+ <description>Based on RFC 2817 - Upgrading to TLS Within HTTP/1.1, section 5.2 - Requesting a Tunnel with CONNECT</description>
+</valueHelp>
+<!-- include end -->
diff --git a/interface-definitions/include/stunnel/protocol-value-imap.xml.i b/interface-definitions/include/stunnel/protocol-value-imap.xml.i
new file mode 100644
index 000000000..033e5479b
--- /dev/null
+++ b/interface-definitions/include/stunnel/protocol-value-imap.xml.i
@@ -0,0 +1,6 @@
+<!-- include start from stunnel/protocol-value-imap.xml.i -->
+<valueHelp>
+ <format>imap</format>
+ <description>Based on RFC 2595 - Using TLS with IMAP, POP3 and ACAP</description>
+</valueHelp>
+<!-- include end -->
diff --git a/interface-definitions/include/stunnel/protocol-value-nntp.xml.i b/interface-definitions/include/stunnel/protocol-value-nntp.xml.i
new file mode 100644
index 000000000..60a6c02c6
--- /dev/null
+++ b/interface-definitions/include/stunnel/protocol-value-nntp.xml.i
@@ -0,0 +1,6 @@
+<!-- include start from stunnel/protocol-value-nntp.xml.i -->
+<valueHelp>
+ <format>nntp</format>
+ <description>Based on RFC 4642 - Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP)</description>
+</valueHelp>
+<!-- include end -->
diff --git a/interface-definitions/include/stunnel/protocol-value-pgsql.xml.i b/interface-definitions/include/stunnel/protocol-value-pgsql.xml.i
new file mode 100644
index 000000000..fd3a166ec
--- /dev/null
+++ b/interface-definitions/include/stunnel/protocol-value-pgsql.xml.i
@@ -0,0 +1,6 @@
+<!-- include start from stunnel/protocol-value-pgsql.xml.i -->
+<valueHelp>
+ <format>pgsql</format>
+ <description>Based on PostgreSQL frontend/backend protocol</description>
+</valueHelp>
+<!-- include end -->
diff --git a/interface-definitions/include/stunnel/protocol-value-pop3.xml.i b/interface-definitions/include/stunnel/protocol-value-pop3.xml.i
new file mode 100644
index 000000000..1c8af53e5
--- /dev/null
+++ b/interface-definitions/include/stunnel/protocol-value-pop3.xml.i
@@ -0,0 +1,6 @@
+<!-- include start from stunnel/protocol-value-pop3.xml.i -->
+<valueHelp>
+ <format>pop3</format>
+ <description>Based on RFC 2449 - POP3 Extension Mechanism</description>
+</valueHelp>
+<!-- include end -->
diff --git a/interface-definitions/include/stunnel/protocol-value-proxy.xml.i b/interface-definitions/include/stunnel/protocol-value-proxy.xml.i
new file mode 100644
index 000000000..a4c20d1b0
--- /dev/null
+++ b/interface-definitions/include/stunnel/protocol-value-proxy.xml.i
@@ -0,0 +1,6 @@
+<!-- include start from stunnel/protocol-value-proxy.xml.i -->
+<valueHelp>
+ <format>proxy</format>
+ <description>Passing of the original client IP address with HAProxy PROXY protocol version 1</description>
+</valueHelp>
+<!-- include end -->
diff --git a/interface-definitions/include/stunnel/protocol-value-smtp.xml.i b/interface-definitions/include/stunnel/protocol-value-smtp.xml.i
new file mode 100644
index 000000000..66ca20426
--- /dev/null
+++ b/interface-definitions/include/stunnel/protocol-value-smtp.xml.i
@@ -0,0 +1,6 @@
+<!-- include start from stunnel/protocol-value-smtp.xml.i -->
+<valueHelp>
+ <format>smtp</format>
+ <description>Based on RFC 2487 - SMTP Service Extension for Secure SMTP over TLS</description>
+</valueHelp>
+<!-- include end -->
diff --git a/interface-definitions/include/stunnel/protocol-value-socks.xml.i b/interface-definitions/include/stunnel/protocol-value-socks.xml.i
new file mode 100644
index 000000000..e110be5db
--- /dev/null
+++ b/interface-definitions/include/stunnel/protocol-value-socks.xml.i
@@ -0,0 +1,6 @@
+<!-- include start from stunnel/protocol-value-socks.xml.i -->
+<valueHelp>
+ <format>socks</format>
+ <description>SOCKS versions 4, 4a, and 5 are supported</description>
+</valueHelp>
+<!-- include end -->
diff --git a/interface-definitions/include/stunnel/psk.xml.i b/interface-definitions/include/stunnel/psk.xml.i
new file mode 100644
index 000000000..db11a93d3
--- /dev/null
+++ b/interface-definitions/include/stunnel/psk.xml.i
@@ -0,0 +1,30 @@
+<!-- include start from stunnel/psk.xml.i -->
+<tagNode name="psk">
+ <properties>
+ <help>Pre-shared key name</help>
+ </properties>
+ <children>
+ <leafNode name="id">
+ <properties>
+ <help>ID for authentication</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>ID used for authentication</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ <leafNode name="secret">
+ <properties>
+ <help>pre-shared secret key</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>pre-shared secret key are required to be at least 16 bytes long, which implies at least 32 characters for hexadecimal key</description>
+ </valueHelp>
+ <constraint>
+ <validator name="psk-secret"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+</tagNode>
+<!-- include end -->
diff --git a/interface-definitions/include/stunnel/ssl.xml.i b/interface-definitions/include/stunnel/ssl.xml.i
new file mode 100644
index 000000000..8aba299e9
--- /dev/null
+++ b/interface-definitions/include/stunnel/ssl.xml.i
@@ -0,0 +1,11 @@
+<!-- include start from stunnel/ssl.xml.i -->
+<node name="ssl">
+ <properties>
+ <help>SSL Certificate, SSL Key and CA</help>
+ </properties>
+ <children>
+ #include <include/pki/ca-certificate-multi.xml.i>
+ #include <include/pki/certificate.xml.i>
+ </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/service_stunnel.xml.in b/interface-definitions/service_stunnel.xml.in
new file mode 100644
index 000000000..d88909bc9
--- /dev/null
+++ b/interface-definitions/service_stunnel.xml.in
@@ -0,0 +1,130 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+ <node name="service">
+ <properties>
+ <help>System services</help>
+ </properties>
+ <children>
+ <node name="stunnel" owner="${vyos_conf_scripts_dir}/service_stunnel.py">
+ <properties>
+ <help>Stunnel TLS Proxy</help>
+ <priority>1000</priority>
+ </properties>
+ <children>
+ <tagNode name="server">
+ <properties>
+ <help>Stunnel server config</help>
+ </properties>
+ <children>
+ #include <include/stunnel/connect.xml.i>
+ #include <include/stunnel/listen.xml.i>
+ #include <include/stunnel/ssl.xml.i>
+ #include <include/stunnel/psk.xml.i>
+ <leafNode name="protocol">
+ <properties>
+ <help>Application protocol to negotiate TLS</help>
+ <completionHelp>
+ <list>cifs imap pgsql pop3 proxy smtp socks</list>
+ </completionHelp>
+ #include <include/stunnel/protocol-value-cifs.xml.i>
+ #include <include/stunnel/protocol-value-imap.xml.i>
+ #include <include/stunnel/protocol-value-pgsql.xml.i>
+ #include <include/stunnel/protocol-value-pop3.xml.i>
+ #include <include/stunnel/protocol-value-proxy.xml.i>
+ #include <include/stunnel/protocol-value-smtp.xml.i>
+ #include <include/stunnel/protocol-value-socks.xml.i>
+ <constraint>
+ <regex>(cifs|imap|pgsql|pop3|proxy|smtp|socks)</regex>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ <tagNode name="client">
+ <properties>
+ <help>Stunnel client config</help>
+ </properties>
+ <children>
+ #include <include/stunnel/connect.xml.i>
+ #include <include/stunnel/listen.xml.i>
+ #include <include/stunnel/ssl.xml.i>
+ #include <include/stunnel/psk.xml.i>
+ <leafNode name="protocol">
+ <properties>
+ <help>Application protocol to negotiate TLS</help>
+ <completionHelp>
+ <list>cifs connect imap nntp pgsql pop3 proxy smtp socks</list>
+ </completionHelp>
+ #include <include/stunnel/protocol-value-cifs.xml.i>
+ #include <include/stunnel/protocol-value-connect.xml.i>
+ #include <include/stunnel/protocol-value-imap.xml.i>
+ #include <include/stunnel/protocol-value-nntp.xml.i>
+ #include <include/stunnel/protocol-value-pgsql.xml.i>
+ #include <include/stunnel/protocol-value-pop3.xml.i>
+ #include <include/stunnel/protocol-value-proxy.xml.i>
+ #include <include/stunnel/protocol-value-smtp.xml.i>
+ #include <include/stunnel/protocol-value-socks.xml.i>
+ <constraint>
+ <regex>(cifs|connect|imap|nntp|pgsql|pop3|proxy|smtp|socks)</regex>
+ </constraint>
+ </properties>
+ </leafNode>
+ #include <include/stunnel/protocol-options.xml.i>
+ </children>
+ </tagNode>
+ <node name="log">
+ <properties>
+ <help>Service logging</help>
+ </properties>
+ <children>
+ <leafNode name="level">
+ <properties>
+ <help>Specifies log level.</help>
+ <completionHelp>
+ <list>emerg alert crit err warning notice info debug</list>
+ </completionHelp>
+ <valueHelp>
+ <format>emerg</format>
+ <description>Emerg log level</description>
+ </valueHelp>
+ <valueHelp>
+ <format>alert</format>
+ <description>Alert log level</description>
+ </valueHelp>
+ <valueHelp>
+ <format>crit</format>
+ <description>Critical log level</description>
+ </valueHelp>
+ <valueHelp>
+ <format>err</format>
+ <description>Error log level</description>
+ </valueHelp>
+ <valueHelp>
+ <format>warning</format>
+ <description>Warning log level</description>
+ </valueHelp>
+ <valueHelp>
+ <format>notice</format>
+ <description>Notice log level</description>
+ </valueHelp>
+ <valueHelp>
+ <format>info</format>
+ <description>Info log level</description>
+ </valueHelp>
+ <valueHelp>
+ <format>debug</format>
+ <description>Debug log level</description>
+ </valueHelp>
+ <constraint>
+ <regex>(emerg|alert|crit|err|warning|notice|info|debug)</regex>
+ </constraint>
+ </properties>
+ <defaultValue>notice</defaultValue>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </node>
+ </children>
+ </node>
+</interfaceDefinition>