summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/firewall.xml.in18
-rw-r--r--interface-definitions/include/firewall/common-rule.xml.i2
-rw-r--r--interface-definitions/include/firewall/description.xml.i11
-rw-r--r--interface-definitions/include/generic-description.xml.i (renamed from interface-definitions/include/policy/description.xml.i)2
-rw-r--r--interface-definitions/policy.xml.in36
-rw-r--r--interface-definitions/vpn_ipsec.xml.in116
6 files changed, 91 insertions, 94 deletions
diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in
index 5528d6bc5..f07c619a8 100644
--- a/interface-definitions/firewall.xml.in
+++ b/interface-definitions/firewall.xml.in
@@ -91,7 +91,7 @@
<multi/>
</properties>
</leafNode>
- #include <include/firewall/description.xml.i>
+ #include <include/generic-description.xml.i>
</children>
</tagNode>
<tagNode name="ipv6-address-group">
@@ -112,7 +112,7 @@
<multi/>
</properties>
</leafNode>
- #include <include/firewall/description.xml.i>
+ #include <include/generic-description.xml.i>
</children>
</tagNode>
<tagNode name="ipv6-network-group">
@@ -120,7 +120,7 @@
<help>Network-group member</help>
</properties>
<children>
- #include <include/firewall/description.xml.i>
+ #include <include/generic-description.xml.i>
<leafNode name="network">
<properties>
<help>Network-group member</help>
@@ -141,7 +141,7 @@
<help>Firewall network-group</help>
</properties>
<children>
- #include <include/firewall/description.xml.i>
+ #include <include/generic-description.xml.i>
<leafNode name="network">
<properties>
<help>Network-group member</help>
@@ -162,7 +162,7 @@
<help>Firewall port-group</help>
</properties>
<children>
- #include <include/firewall/description.xml.i>
+ #include <include/generic-description.xml.i>
<leafNode name="port">
<properties>
<help>Port-group member</help>
@@ -210,15 +210,15 @@
</properties>
<children>
#include <include/firewall/name-default-action.xml.i>
- #include <include/firewall/description.xml.i>
#include <include/firewall/name-default-log.xml.i>
+ #include <include/generic-description.xml.i>
<tagNode name="rule">
<properties>
<help>Rule number (1-9999)</help>
</properties>
<children>
#include <include/firewall/action.xml.i>
- #include <include/firewall/description.xml.i>
+ #include <include/generic-description.xml.i>
<node name="destination">
<properties>
<help>Destination parameters</help>
@@ -578,15 +578,15 @@
</properties>
<children>
#include <include/firewall/name-default-action.xml.i>
- #include <include/firewall/description.xml.i>
#include <include/firewall/name-default-log.xml.i>
+ #include <include/generic-description.xml.i>
<tagNode name="rule">
<properties>
<help>Rule number (1-9999)</help>
</properties>
<children>
#include <include/firewall/action.xml.i>
- #include <include/firewall/description.xml.i>
+ #include <include/generic-description.xml.i>
<node name="destination">
<properties>
<help>Destination parameters</help>
diff --git a/interface-definitions/include/firewall/common-rule.xml.i b/interface-definitions/include/firewall/common-rule.xml.i
index 466599e0a..1ee8da73d 100644
--- a/interface-definitions/include/firewall/common-rule.xml.i
+++ b/interface-definitions/include/firewall/common-rule.xml.i
@@ -1,6 +1,6 @@
<!-- include start from firewall/common-rule.xml.i -->
#include <include/firewall/action.xml.i>
-#include <include/firewall/description.xml.i>
+#include <include/generic-description.xml.i>
<leafNode name="disable">
<properties>
<help>Option to disable firewall rule</help>
diff --git a/interface-definitions/include/firewall/description.xml.i b/interface-definitions/include/firewall/description.xml.i
deleted file mode 100644
index b6bae406b..000000000
--- a/interface-definitions/include/firewall/description.xml.i
+++ /dev/null
@@ -1,11 +0,0 @@
-<!-- include start from firewall/description.xml.i -->
-<leafNode name="description">
- <properties>
- <help>Description</help>
- <valueHelp>
- <format>txt</format>
- <description>Description</description>
- </valueHelp>
- </properties>
-</leafNode>
-<!-- include end -->
diff --git a/interface-definitions/include/policy/description.xml.i b/interface-definitions/include/generic-description.xml.i
index e2ff35d02..03fc564e6 100644
--- a/interface-definitions/include/policy/description.xml.i
+++ b/interface-definitions/include/generic-description.xml.i
@@ -1,4 +1,4 @@
-<!-- include start from policy/description.xml.i -->
+<!-- include start from generic-description.xml.i -->
<leafNode name="description">
<properties>
<help>Description</help>
diff --git a/interface-definitions/policy.xml.in b/interface-definitions/policy.xml.in
index 6a002cc20..5a3c58fa8 100644
--- a/interface-definitions/policy.xml.in
+++ b/interface-definitions/policy.xml.in
@@ -27,7 +27,7 @@
</valueHelp>
</properties>
<children>
- #include <include/policy/description.xml.i>
+ #include <include/generic-description.xml.i>
<tagNode name="rule">
<properties>
<help>Rule for this access-list</help>
@@ -41,7 +41,7 @@
</properties>
<children>
#include <include/policy/action.xml.i>
- #include <include/policy/description.xml.i>
+ #include <include/generic-description.xml.i>
<node name="destination">
<properties>
<help>Destination network or address</help>
@@ -87,7 +87,7 @@
</valueHelp>
</properties>
<children>
- #include <include/policy/description.xml.i>
+ #include <include/generic-description.xml.i>
<tagNode name="rule">
<properties>
<help>Rule for this access-list6</help>
@@ -101,7 +101,7 @@
</properties>
<children>
#include <include/policy/action.xml.i>
- #include <include/policy/description.xml.i>
+ #include <include/generic-description.xml.i>
<node name="source">
<properties>
<help>Source IPv6 network to match</help>
@@ -146,7 +146,7 @@
</valueHelp>
</properties>
<children>
- #include <include/policy/description.xml.i>
+ #include <include/generic-description.xml.i>
<tagNode name="rule">
<properties>
<help>Rule for this as-path-list</help>
@@ -160,7 +160,7 @@
</properties>
<children>
#include <include/policy/action.xml.i>
- #include <include/policy/description.xml.i>
+ #include <include/generic-description.xml.i>
<leafNode name="regex">
<properties>
<help>Regular expression to match against an AS path</help>
@@ -183,7 +183,7 @@
</valueHelp>
</properties>
<children>
- #include <include/policy/description.xml.i>
+ #include <include/generic-description.xml.i>
<tagNode name="rule">
<properties>
<help>Rule for this BGP community list</help>
@@ -197,7 +197,7 @@
</properties>
<children>
#include <include/policy/action.xml.i>
- #include <include/policy/description.xml.i>
+ #include <include/generic-description.xml.i>
<leafNode name="regex">
<properties>
<help>Regular expression to match against a community-list</help>
@@ -243,7 +243,7 @@
</valueHelp>
</properties>
<children>
- #include <include/policy/description.xml.i>
+ #include <include/generic-description.xml.i>
<tagNode name="rule">
<properties>
<help>Rule for this BGP extended community list</help>
@@ -257,7 +257,7 @@
</properties>
<children>
#include <include/policy/action.xml.i>
- #include <include/policy/description.xml.i>
+ #include <include/generic-description.xml.i>
<leafNode name="regex">
<properties>
<help>Regular expression to match against an extended community list</help>
@@ -288,7 +288,7 @@
</valueHelp>
</properties>
<children>
- #include <include/policy/description.xml.i>
+ #include <include/generic-description.xml.i>
<tagNode name="rule">
<properties>
<help>Rule for this BGP extended community list</help>
@@ -302,7 +302,7 @@
</properties>
<children>
#include <include/policy/action.xml.i>
- #include <include/policy/description.xml.i>
+ #include <include/generic-description.xml.i>
<leafNode name="regex">
<properties>
<help>Regular expression to match against a large community list</help>
@@ -329,7 +329,7 @@
<constraintErrorMessage>Name of prefix-list can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
</properties>
<children>
- #include <include/policy/description.xml.i>
+ #include <include/generic-description.xml.i>
<tagNode name="rule">
<properties>
<help>Rule for this prefix-list</help>
@@ -343,7 +343,7 @@
</properties>
<children>
#include <include/policy/action.xml.i>
- #include <include/policy/description.xml.i>
+ #include <include/generic-description.xml.i>
<leafNode name="ge">
<properties>
<help>Prefix length to match a netmask greater than or equal to it</help>
@@ -397,7 +397,7 @@
<constraintErrorMessage>Name of prefix-list6 can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
</properties>
<children>
- #include <include/policy/description.xml.i>
+ #include <include/generic-description.xml.i>
<tagNode name="rule">
<properties>
<help>Rule for this prefix-list6</help>
@@ -411,7 +411,7 @@
</properties>
<children>
#include <include/policy/action.xml.i>
- #include <include/policy/description.xml.i>
+ #include <include/generic-description.xml.i>
<leafNode name="ge">
<properties>
<help>Prefix length to match a netmask greater than or equal to it</help>
@@ -465,7 +465,7 @@
<constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
</properties>
<children>
- #include <include/policy/description.xml.i>
+ #include <include/generic-description.xml.i>
<tagNode name="rule">
<properties>
<help>Rule for this route-map</help>
@@ -500,7 +500,7 @@
</valueHelp>
</properties>
</leafNode>
- #include <include/policy/description.xml.i>
+ #include <include/generic-description.xml.i>
<node name="match">
<properties>
<help>Route parameters to match</help>
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in
index 7b1b3a595..fdd091dd9 100644
--- a/interface-definitions/vpn_ipsec.xml.in
+++ b/interface-definitions/vpn_ipsec.xml.in
@@ -64,6 +64,7 @@
<validator name="numeric" argument="--range 30-86400"/>
</constraint>
</properties>
+ <defaultValue>3600</defaultValue>
</leafNode>
<leafNode name="mode">
<properties>
@@ -83,6 +84,7 @@
<regex>^(tunnel|transport)$</regex>
</constraint>
</properties>
+ <defaultValue>tunnel</defaultValue>
</leafNode>
<leafNode name="pfs">
<properties>
@@ -92,95 +94,95 @@
</completionHelp>
<valueHelp>
<format>enable</format>
- <description>Enable PFS. Use ike-groups dh-group (default)</description>
+ <description>Use Diffie-Hellman group 2 (modp1024) - default</description>
</valueHelp>
<valueHelp>
<format>dh-group1</format>
- <description>Enable PFS. Use Diffie-Hellman group 1 (modp768)</description>
+ <description>Use Diffie-Hellman group 1 (modp768)</description>
</valueHelp>
<valueHelp>
<format>dh-group2</format>
- <description>Enable PFS. Use Diffie-Hellman group 2 (modp1024)</description>
+ <description>Use Diffie-Hellman group 2 (modp1024)</description>
</valueHelp>
<valueHelp>
<format>dh-group5</format>
- <description>Enable PFS. Use Diffie-Hellman group 5 (modp1536)</description>
+ <description>Use Diffie-Hellman group 5 (modp1536)</description>
</valueHelp>
<valueHelp>
<format>dh-group14</format>
- <description>Enable PFS. Use Diffie-Hellman group 14 (modp2048)</description>
+ <description>Use Diffie-Hellman group 14 (modp2048)</description>
</valueHelp>
<valueHelp>
<format>dh-group15</format>
- <description>Enable PFS. Use Diffie-Hellman group 15 (modp3072)</description>
+ <description>Use Diffie-Hellman group 15 (modp3072)</description>
</valueHelp>
<valueHelp>
<format>dh-group16</format>
- <description>Enable PFS. Use Diffie-Hellman group 16 (modp4096)</description>
+ <description>Use Diffie-Hellman group 16 (modp4096)</description>
</valueHelp>
<valueHelp>
<format>dh-group17</format>
- <description>Enable PFS. Use Diffie-Hellman group 17 (modp6144)</description>
+ <description>Use Diffie-Hellman group 17 (modp6144)</description>
</valueHelp>
<valueHelp>
<format>dh-group18</format>
- <description>Enable PFS. Use Diffie-Hellman group 18 (modp8192)</description>
+ <description>Use Diffie-Hellman group 18 (modp8192)</description>
</valueHelp>
<valueHelp>
<format>dh-group19</format>
- <description>Enable PFS. Use Diffie-Hellman group 19 (ecp256)</description>
+ <description>Use Diffie-Hellman group 19 (ecp256)</description>
</valueHelp>
<valueHelp>
<format>dh-group20</format>
- <description>Enable PFS. Use Diffie-Hellman group 20 (ecp384)</description>
+ <description>Use Diffie-Hellman group 20 (ecp384)</description>
</valueHelp>
<valueHelp>
<format>dh-group21</format>
- <description>Enable PFS. Use Diffie-Hellman group 21 (ecp521)</description>
+ <description>Use Diffie-Hellman group 21 (ecp521)</description>
</valueHelp>
<valueHelp>
<format>dh-group22</format>
- <description>Enable PFS. Use Diffie-Hellman group 22 (modp1024s160)</description>
+ <description>Use Diffie-Hellman group 22 (modp1024s160)</description>
</valueHelp>
<valueHelp>
<format>dh-group23</format>
- <description>Enable PFS. Use Diffie-Hellman group 23 (modp2048s224)</description>
+ <description>Use Diffie-Hellman group 23 (modp2048s224)</description>
</valueHelp>
<valueHelp>
<format>dh-group24</format>
- <description>Enable PFS. Use Diffie-Hellman group 24 (modp2048s256)</description>
+ <description>Use Diffie-Hellman group 24 (modp2048s256)</description>
</valueHelp>
<valueHelp>
<format>dh-group25</format>
- <description>Enable PFS. Use Diffie-Hellman group 25 (ecp192)</description>
+ <description>Use Diffie-Hellman group 25 (ecp192)</description>
</valueHelp>
<valueHelp>
<format>dh-group26</format>
- <description>Enable PFS. Use Diffie-Hellman group 26 (ecp224)</description>
+ <description>Use Diffie-Hellman group 26 (ecp224)</description>
</valueHelp>
<valueHelp>
<format>dh-group27</format>
- <description>Enable PFS. Use Diffie-Hellman group 27 (ecp224bp)</description>
+ <description>Use Diffie-Hellman group 27 (ecp224bp)</description>
</valueHelp>
<valueHelp>
<format>dh-group28</format>
- <description>Enable PFS. Use Diffie-Hellman group 28 (ecp256bp)</description>
+ <description>Use Diffie-Hellman group 28 (ecp256bp)</description>
</valueHelp>
<valueHelp>
<format>dh-group29</format>
- <description>Enable PFS. Use Diffie-Hellman group 29 (ecp384bp)</description>
+ <description>Use Diffie-Hellman group 29 (ecp384bp)</description>
</valueHelp>
<valueHelp>
<format>dh-group30</format>
- <description>Enable PFS. Use Diffie-Hellman group 30 (ecp512bp)</description>
+ <description>Use Diffie-Hellman group 30 (ecp512bp)</description>
</valueHelp>
<valueHelp>
<format>dh-group31</format>
- <description>Enable PFS. Use Diffie-Hellman group 31 (curve25519)</description>
+ <description>Use Diffie-Hellman group 31 (curve25519)</description>
</valueHelp>
<valueHelp>
<format>dh-group32</format>
- <description>Enable PFS. Use Diffie-Hellman group 32 (curve448)</description>
+ <description>Use Diffie-Hellman group 32 (curve448)</description>
</valueHelp>
<valueHelp>
<format>disable</format>
@@ -190,6 +192,7 @@
<regex>^(enable|dh-group1|dh-group2|dh-group5|dh-group14|dh-group15|dh-group16|dh-group17|dh-group18|dh-group19|dh-group20|dh-group21|dh-group22|dh-group23|dh-group24|dh-group25|dh-group26|dh-group27|dh-group28|dh-group29|dh-group30|dh-group31|dh-group32|disable)$</regex>
</constraint>
</properties>
+ <defaultValue>enable</defaultValue>
</leafNode>
<tagNode name="proposal">
<properties>
@@ -341,6 +344,7 @@
<validator name="numeric" argument="--range 30-86400"/>
</constraint>
</properties>
+ <defaultValue>28800</defaultValue>
</leafNode>
<leafNode name="mobike">
<properties>
@@ -521,100 +525,109 @@
</leafNode>
</children>
</node>
- <node name="logging">
+ <node name="log">
<properties>
<help>IPsec logging</help>
</properties>
<children>
- <leafNode name="log-level">
+ <leafNode name="level">
<properties>
<help>strongSwan Logger Level</help>
<valueHelp>
- <format>u32:0-2</format>
- <description>Logger Verbosity Level (default 0)</description>
+ <format>u32:0</format>
+ <description>Very basic auditing logs e.g. SA up/SA down (default)</description>
+ </valueHelp>
+ <valueHelp>
+ <format>u32:1</format>
+ <description>Generic control flow with errors, a good default to see whats going on</description>
+ </valueHelp>
+ <valueHelp>
+ <format>u32:2</format>
+ <description>More detailed debugging control flow</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-2"/>
</constraint>
</properties>
+ <defaultValue>0</defaultValue>
</leafNode>
- <leafNode name="log-modes">
+ <leafNode name="subsystem">
<properties>
- <help>Log mode. To see what each log mode exactly does, please refer to the strongSwan documentation</help>
+ <help>Subsystem in the daemon the log comes from</help>
<completionHelp>
<list>dmn mgr ike chd job cfg knl net asn enc lib esp tls tnc imc imv pts any</list>
</completionHelp>
<valueHelp>
<format>dmn</format>
- <description>Debug log option for strongSwan</description>
+ <description>Main daemon setup/cleanup/signal handling</description>
</valueHelp>
<valueHelp>
<format>mgr</format>
- <description>Debug log option for strongSwan</description>
+ <description>IKE_SA manager, handling synchronization for IKE_SA access</description>
</valueHelp>
<valueHelp>
<format>ike</format>
- <description>Debug log option for strongSwan</description>
+ <description>IKE_SA/ISAKMP SA</description>
</valueHelp>
<valueHelp>
<format>chd</format>
- <description>Debug log option for strongSwan</description>
+ <description>CHILD_SA/IPsec SA</description>
</valueHelp>
<valueHelp>
<format>job</format>
- <description>Debug log option for strongSwan</description>
+ <description>Jobs queuing/processing and thread pool management</description>
</valueHelp>
<valueHelp>
<format>cfg</format>
- <description>Debug log option for strongSwan</description>
+ <description>Configuration management and plugins</description>
</valueHelp>
<valueHelp>
<format>knl</format>
- <description>Debug log option for strongSwan</description>
+ <description>IPsec/Networking kernel interface</description>
</valueHelp>
<valueHelp>
<format>net</format>
- <description>Debug log option for strongSwan</description>
+ <description>IKE network communication</description>
</valueHelp>
<valueHelp>
<format>asn</format>
- <description>Debug log option for strongSwan</description>
+ <description>Low-level encoding/decoding (ASN.1, X.509 etc.)</description>
</valueHelp>
<valueHelp>
<format>enc</format>
- <description>Debug log option for strongSwan</description>
+ <description>Packet encoding/decoding encryption/decryption operations</description>
</valueHelp>
<valueHelp>
<format>lib</format>
- <description>Debug log option for strongSwan</description>
+ <description>libstrongswan library messages</description>
</valueHelp>
<valueHelp>
<format>esp</format>
- <description>Debug log option for strongSwan</description>
+ <description>libipsec library messages</description>
</valueHelp>
<valueHelp>
<format>tls</format>
- <description>Debug log option for strongSwan</description>
+ <description> libtls library messages</description>
</valueHelp>
<valueHelp>
<format>tnc</format>
- <description>Debug log option for strongSwan</description>
+ <description>Trusted Network Connect</description>
</valueHelp>
<valueHelp>
<format>imc</format>
- <description>Debug log option for strongSwan</description>
+ <description>Integrity Measurement Collector</description>
</valueHelp>
<valueHelp>
<format>imv</format>
- <description>Debug log option for strongSwan</description>
+ <description>Integrity Measurement Verifier</description>
</valueHelp>
<valueHelp>
<format>pts</format>
- <description>Debug log option for strongSwan</description>
+ <description> Platform Trust Service</description>
</valueHelp>
<valueHelp>
<format>any</format>
- <description>Debug log option for strongSwan</description>
+ <description>Any subsystem</description>
</valueHelp>
<constraint>
<regex>^(dmn|mgr|ike|chd|job|cfg|knl|net|asn|enc|lib|esp|tls|tnc|imc|imv|pts|any)$</regex>
@@ -708,7 +721,7 @@
</tagNode>
<node name="site-to-site">
<properties>
- <help>Site to site VPN</help>
+ <help>Site-to-site VPN</help>
</properties>
<children>
<tagNode name="peer">
@@ -837,12 +850,7 @@
</completionHelp>
</properties>
</leafNode>
- <leafNode name="description">
- <properties>
- <help>VPN peer description</help>
- <valueless/>
- </properties>
- </leafNode>
+ #include <include/generic-description.xml.i>
<leafNode name="dhcp-interface">
<properties>
<help>DHCP interface to listen on</help>
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-27 16:13:56 +0000