From 3851818b7a2691f8cf016c4d15071cef8d235041 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 4 Jul 2021 20:52:36 +0200 Subject: ipsec: T2816: add include definition for ipsec local-address --- .../include/ipsec/local-address.xml.i | 27 ++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 interface-definitions/include/ipsec/local-address.xml.i (limited to 'interface-definitions/include') diff --git a/interface-definitions/include/ipsec/local-address.xml.i b/interface-definitions/include/ipsec/local-address.xml.i new file mode 100644 index 000000000..2de6ecb1f --- /dev/null +++ b/interface-definitions/include/ipsec/local-address.xml.i @@ -0,0 +1,27 @@ + + + + IPv4 or IPv6 address of a local interface to use for VPN + + any + + + ipv4 + IPv4 address of a local interface for VPN + + + ipv6 + IPv6 address of a local interface for VPN + + + any + Allow any IPv4 address present on the system to be used for VPN + + + + + ^(any)$ + + + + -- cgit v1.2.3 From 1c727bd25ef28fb729f66072f026be560978853d Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 4 Jul 2021 21:02:54 +0200 Subject: ipsec: T1210: T1251: add "local" traffic-selector include definition Used by both site2site and remote-access/road-warrior VPN connections. --- data/templates/ipsec/swanctl/remote_access.tmpl | 4 +- .../include/ipsec/local-traffic-selector.xml.i | 28 +++++++++++ interface-definitions/vpn_ipsec.xml.in | 54 +--------------------- 3 files changed, 32 insertions(+), 54 deletions(-) create mode 100644 interface-definitions/include/ipsec/local-traffic-selector.xml.i (limited to 'interface-definitions/include') diff --git a/data/templates/ipsec/swanctl/remote_access.tmpl b/data/templates/ipsec/swanctl/remote_access.tmpl index 004aace2e..a3a1cf0b2 100644 --- a/data/templates/ipsec/swanctl/remote_access.tmpl +++ b/data/templates/ipsec/swanctl/remote_access.tmpl @@ -30,8 +30,8 @@ rekey_time = {{ esp.lifetime }}s rand_time = 540s dpd_action = clear -{% set local_prefix = rw_conf.local_network.prefix if rw_conf.local_network is defined and rw_conf.local_network.prefix is defined else ['0.0.0.0/0', '::/0'] %} -{% set local_port = rw_conf.local_network.port if rw_conf.local_network is defined and rw_conf.local_network.port is defined else '' %} +{% set local_prefix = rw_conf.local.prefix if rw_conf.local is defined and rw_conf.local.prefix is defined else ['0.0.0.0/0', '::/0'] %} +{% set local_port = rw_conf.local.port if rw_conf.local is defined and rw_conf.local.port is defined else '' %} {% set local_suffix = '[%any/{1}]'.format(local_port) if local_port else '' %} local_ts = {{ local_prefix | join(local_suffix + ",") }}{{ local_suffix }} } diff --git a/interface-definitions/include/ipsec/local-traffic-selector.xml.i b/interface-definitions/include/ipsec/local-traffic-selector.xml.i new file mode 100644 index 000000000..d30a6d11a --- /dev/null +++ b/interface-definitions/include/ipsec/local-traffic-selector.xml.i @@ -0,0 +1,28 @@ + + + + Local parameters for interesting traffic + + + #include + + + Local IPv4 or IPv6 prefix + + ipv4 + Local IPv4 prefix + + + ipv6 + Local IPv6 prefix + + + + + + + + + + + diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in index 75fd6a92f..187bb1154 100644 --- a/interface-definitions/vpn_ipsec.xml.in +++ b/interface-definitions/vpn_ipsec.xml.in @@ -744,32 +744,7 @@ #include #include #include - - - Local traffic selectors - - - #include - - - Local IPv4 or IPv6 prefix - - ipv4 - Local IPv4 prefix - - - ipv6 - Local IPv6 prefix - - - - - - - - - - + #include IP address pool for remote-access users @@ -1008,32 +983,7 @@ #include #include - - - Local parameters for interesting traffic - - - #include - - - Local IPv4 or IPv6 prefix - - ipv4 - Local IPv4 prefix - - - ipv6 - Local IPv6 prefix - - - - - - - - - - + #include #include -- cgit v1.2.3