From 0d4d4dd840e06c18250d73f27de61261ff141944 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 3 Dec 2019 22:01:19 +0100 Subject: T1843: run interface-definitions though GCC preprocessor A lot of XML code is duplicated (VLAN, interface address) for instance. Such XML definitions should be moved to feature.xml.i files and then just pulled in via GCC preprocessor #include definition in e.g. bond or ethernet definitions. This will give us the ability to single-source repeating node definitions as: * Interface Address * Interface Description * Interface Disable * VLAN (both vif-s and vif-c) The .in suffix of the interface-definitions is a marker that those files are input files to the GCC preprocessor. They will be rendered into proper XML files in the build directory. Some node definitions have been reworder to remove escaped double quote occurances which would have been warned about by the GCC preprocessor. --- interface-definitions/interfaces-openvpn.xml.in | 677 ++++++++++++++++++++++++ 1 file changed, 677 insertions(+) create mode 100644 interface-definitions/interfaces-openvpn.xml.in (limited to 'interface-definitions/interfaces-openvpn.xml.in') diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in new file mode 100644 index 000000000..ca97ad4ec --- /dev/null +++ b/interface-definitions/interfaces-openvpn.xml.in @@ -0,0 +1,677 @@ + + + + + + + OpenVPN tunnel interface name + 460 + + ^vtun[0-9]+$ + + OpenVPN tunnel interface must be named vtunN + + vtunN + OpenVPN interface name + + + + + + Authentication options + + + + + OpenVPN password used for authentication + + + + + OpenVPN username used for authentication + + + + + + + Description + + + + + OpenVPN interface device-type + + tun tap + + + tun + TUN device, required for OSI layer 3 + + + tap + TAP device, required for OSI layer 2 + + + (tun|tap) + + + + + + Disable interface + + + + + + Data Encryption settings + + + + + Standard Data Encryption Algorithm + + des 3des bf128 bf256 aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm + + + des + DES algorithm + + + 3des + DES algorithm with triple encryption + + + bf128 + Blowfish algorithm with 128-bit key + + + bf256 + Blowfish algorithm with 256-bit key + + + aes128 + AES algorithm with 128-bit key CBC + + + aes128gcm + AES algorithm with 128-bit key GCM + + + aes192 + AES algorithm with 192-bit key CBC + + + aes192gcm + AES algorithm with 192-bit key GCM + + + aes256 + AES algorithm with 256-bit key CBC + + + aes256gcm + AES algorithm with 256-bit key GCM + + + (des|3des|bf128|bf256|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm) + + + + + + Cipher negotiation list for use in server or client mode + + des 3des aes128 aes128gcm aes192 aes192gcm aes256 aes256gcm + + + des + DES algorithm + + + 3des + DES algorithm with triple encryption + + + aes128 + AES algorithm with 128-bit key CBC + + + aes128gcm + AES algorithm with 128-bit key GCM + + + aes192 + AES algorithm with 192-bit key CBC + + + aes192gcm + AES algorithm with 192-bit key GCM + + + aes256 + AES algorithm with 256-bit key CBC + + + aes256gcm + AES algorithm with 256-bit key GCM + + + (des|3des|aes128|aes128gcm|aes192|aes192gcm|aes256|aes256gcm) + + + + + + + Disable support for ncp-ciphers + + + + + + + + Hashing Algorithm + + md5 sha1 sha256 sha384 sha512 + + + md5 + MD5 algorithm + + + sha1 + SHA-1 algorithm + + + sha256 + SHA-256 algorithm + + + sha384 + SHA-384 algorithm + + + sha512 + SHA-512 algorithm + + + (md5|sha1|sha256|sha384|sha512) + + + + + + Keepalive helper options + + + + + Maximum number of keepalive packet failures [default 6] + + 0-1000 + Maximum number of keepalive packet failures + + + + + + + + + Keepalive packet interval (seconds) [default 10] + + 0-600 + Keepalive packet interval (seconds) + + + + + + + + + + + Local IP address of tunnel + + + + + + + + Subnet-mask for local IP address of tunnel + + + + + + + + + + Local IP address to accept connections (all if not set) + + ipv4 + Local IPv4 address + + + + + + + + + Local port number to accept connections + + 1-65535 + Numeric IP port + + + + + + + + + OpenVPN mode of operation + + site-to-site client server + + + site-to-site + Site-to-site mode + + + client + Client in client-server mode + + + server + Server in client-server mode + + + (site-to-site|client|server) + + + + + + Additional OpenVPN options. You must + use the syntax of openvpn.conf in this text-field. Using this + without proper knowledge may result in a crashed OpenVPN server. + Check system log to look for errors. + + + + + + Do not close and reopen interface (TUN/TAP device) on client restarts + + + + + + OpenVPN communication protocol + + udp tcp-passive tcp-active + + + udp + Site-to-site mode + + + tcp-passive + TCP and accepts connections passively + + + tcp-active + TCP and initiates connections actively + + + (udp|tcp-passive|tcp-active) + + + + + + IP address of remote end of tunnel + + ipv4 + Remote end IPv4 address + + + + + + + + + Remote host to connect to (dynamic if not set) + + ipv4 + IP address of remote host + + + txt + Hostname of remote host + + + + + + + Remote port number to connect to + + 1-65535 + Numeric IP port + + + + + + + + + OpenVPN tunnel to be used as the default route + + + + + Tunnel endpoints are on the same subnet + + + + + + + Server-mode options + + + + + Client-specific settings + + name + Client common-name in the certificate + + + + + + Option to disable client connection + + + + + + IP address of the client + + ipv4 + Client IPv4 address + + + + + + + + + Route to be pushed to the client + + ipv4net + IPv4 network and prefix length + + + + + + + + + + Subnet belonging to the client + + ipv4net + IPv4 network and prefix length belonging to the client + + + + + + + + + + + + DNS suffix to be pushed to all clients + + txt + Domain Name Server suffix + + + + + + Number of maximum client connections + + 1-4096 + Number of concurrent clients + + + + + + + + + Domain Name Server (DNS) + + ipv4 + DNS server IPv4 address + + + + + + + + + + Route to be pushed to all clients + + ipv4net + IPv4 network and prefix length + + + + + + + + + + Reject connections from clients that are not explicitly configured + + + + + Server-mode subnet (from which client IPs are allocated) + + ipv4net + IPv4 address and prefix length + + + + + + + + + Topology for clients + + point-to-point subnet + + + point-to-point + Point-to-point topology + + + subnet + Subnet topology + + + (subnet|point-to-point) + + + + + + + + File containing the secret key shared with remote end of tunnel + + file + File in /config/auth directory + + + + + + + + + Transport Layer Security (TLS) options + + + + + File containing tls static key for tls-auth + + file + File in /config/auth directory + + + + + + + + + File containing certificate for Certificate Authority (CA) + + file + File in /config/auth directory + + + + + + + + + File containing certificate for this host + + file + File in /config/auth directory + + + + + + + + + File containing certificate revocation list (CRL) for this host + + file + File in /config/auth directory + + + + + + + + + File containing Diffie Hellman parameters (server only) + + file + File in /config/auth directory + + + + + + + + + Private key for this host + + file + File in /config/auth directory + + + + + + + + + Specify the minimum required TLS version + + 1.0 1.1 1.2 + + + 1.0 + TLS v1.0 + + + 1.1 + TLS v1.1 + + + 1.2 + TLS v1.2 + + + (1.0|1.1|1.2) + + + + + + Private key for this host + + active passive + + + active + Initiate TLS negotiation actively + + + passive + Waiting for TLS connections passively + + + (active|passive) + + + + + + + + Use fast LZO compression on this TUN/TAP interface + + + + + + + + -- cgit v1.2.3