From 9556d78b1d54c7320a0154990c61d23c6197c38f Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 19 Jul 2021 19:01:43 +0200 Subject: ipsec: T1210: split out pool from remote-access configuration Remote access IP pools can now be defined at a global level and referenced in IPSec remote-access connections. To defined a pool use: set vpn ipsec remote-access pool global-ipv4 name-server '172.16.1.1' set vpn ipsec remote-access pool global-ipv4 prefix '192.168.0.0/24' set vpn ipsec remote-access pool global-ipv6 name-server '2001:db8::1' set vpn ipsec remote-access pool global-ipv6 prefix '2001:db8:1000::/64' A connection can then reference the pool: set vpn ipsec remote-access connection foo pool 'global-ipv4' set vpn ipsec remote-access connection foo pool 'global-ipv6' --- interface-definitions/vpn_ipsec.xml.in | 179 ++++++++++++++++++--------------- 1 file changed, 98 insertions(+), 81 deletions(-) (limited to 'interface-definitions/vpn_ipsec.xml.in') diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in index 14063091d..5272b57cc 100644 --- a/interface-definitions/vpn_ipsec.xml.in +++ b/interface-definitions/vpn_ipsec.xml.in @@ -647,7 +647,7 @@ remote-access global options - + DHCP pool options for remote-access @@ -665,8 +665,11 @@ DHCP server address ipv4 - IPv4 address of the DHCP server + DHCP server IPv4 address + + + @@ -725,98 +728,126 @@ #include - + - Remote access IKEv2 VPN + IKEv2 remote access VPN - + - Authentication for remote access + IKEv2 VPN connection name - #include - #include - - - Client authentication mode - - eap-tls eap-mschapv2 - - - eap-tls - EAP-TLS - - - eap-mschapv2 - EAP-MSCHAPv2 - - - ^(eap-tls|eap-mschapv2)$ - - - eap-mschapv2 - - + - Local user authentication for PPPoE server + Authentication for remote access - + #include + #include + + + Client authentication mode + + eap-tls eap-mschapv2 + + + eap-tls + EAP-TLS + + + eap-mschapv2 + EAP-MSCHAPv2 + + + ^(eap-tls|eap-mschapv2)$ + + + eap-mschapv2 + + - User name for authentication + Local user authentication for PPPoE server - #include - + - Password for authentication + User name for authentication - + + #include + + + Password for authentication + + + + - + + + + Server authentication mode + + pre-shared-secret x509 + + + pre-shared-secret + pre-shared-secret_description + + + x509 + x509_description + + + ^(pre-shared-secret|x509)$ + + + x509 + + #include - + #include + #include + #include + #include + #include + #include + - Server authentication mode - - pre-shared-secret x509 - - - pre-shared-secret - pre-shared-secret_description - + Timeout to close connection if no data is transmitted - x509 - x509_description + u32:10-86400 + Timeout in seconds (default 28800) - ^(pre-shared-secret|x509)$ + - x509 + 28800 + + + + Pool name used for IP address assignments + + vpn ipsec remote-access pool + dhcp + + + txt + Pool name + + + - #include - - #include - #include - #include - #include - #include - #include - + + IP address pool for remote-access users - - - Enable DHCP pool for clients on this connection - - - Local IPv4 or IPv6 pool prefix exclusions @@ -850,28 +881,14 @@ - #include - - - - Timeout to close connection if no data is transmitted - - u32:10-86400 - Timeout in seconds (default 28800) - - - - - - 28800 - + - + Site-to-site VPN -- cgit v1.2.3