From 8d47a10b472b595661cd97f2b0b837ebf03f3ffd Mon Sep 17 00:00:00 2001 From: Viacheslav Date: Thu, 2 Sep 2021 14:38:58 +0000 Subject: nipsec: T3093: Delete temporarily generated code This code was generated before to rewrite IPSec to XML style And this was rewriten/fixed and used in the next 1.4 releases So we realy don't need it in 1.3 as we use old nodes for it. --- interface-definitions/vpn_ipsec.xml.in | 1167 -------------------------------- 1 file changed, 1167 deletions(-) delete mode 100644 interface-definitions/vpn_ipsec.xml.in (limited to 'interface-definitions/vpn_ipsec.xml.in') diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in deleted file mode 100644 index 426d7e71c..000000000 --- a/interface-definitions/vpn_ipsec.xml.in +++ /dev/null @@ -1,1167 +0,0 @@ - - - - - - - VPN IP security (IPsec) parameters - - - - - Set auto-update interval for IPsec daemon - - u32:30-65535 - Auto-update interval (s) - - - - - - - - - Option to disable requirement for unique IDs in the Security Database - - - - - - Name of Encapsulating Security Payload (ESP) group - - - - - ESP compression - - disable enable - - - disable - Disable ESP compression (default) - - - enable - Enable ESP compression - - - ^(disable|enable)$ - - - - - - ESP lifetime - - u32:30-86400 - ESP lifetime in seconds (default 3600) - - - - - - - - - ESP mode - - tunnel transport - - - tunnel - Tunnel mode (default) - - - transport - Transport mode - - - ^(tunnel|transport)$ - - - - - - ESP Perfect Forward Secrecy - - enable dh-group1 dh-group2 dh-group5 dh-group14 dh-group15 dh-group16 dh-group17 dh-group18 dh-group19 dh-group20 dh-group21 dh-group22 dh-group23 dh-group24 dh-group25 dh-group26 dh-group27 dh-group28 dh-group29 dh-group30 dh-group31 dh-group32 disable - - - enable - Enable PFS. Use ike-groups dh-group (default) - - - dh-group1 - Enable PFS. Use Diffie-Hellman group 1 (modp768) - - - dh-group2 - Enable PFS. Use Diffie-Hellman group 2 (modp1024) - - - dh-group5 - Enable PFS. Use Diffie-Hellman group 5 (modp1536) - - - dh-group14 - Enable PFS. Use Diffie-Hellman group 14 (modp2048) - - - dh-group15 - Enable PFS. Use Diffie-Hellman group 15 (modp3072) - - - dh-group16 - Enable PFS. Use Diffie-Hellman group 16 (modp4096) - - - dh-group17 - Enable PFS. Use Diffie-Hellman group 17 (modp6144) - - - dh-group18 - Enable PFS. Use Diffie-Hellman group 18 (modp8192) - - - dh-group19 - Enable PFS. Use Diffie-Hellman group 19 (ecp256) - - - dh-group20 - Enable PFS. Use Diffie-Hellman group 20 (ecp384) - - - dh-group21 - Enable PFS. Use Diffie-Hellman group 21 (ecp521) - - - dh-group22 - Enable PFS. Use Diffie-Hellman group 22 (modp1024s160) - - - dh-group23 - Enable PFS. Use Diffie-Hellman group 23 (modp2048s224) - - - dh-group24 - Enable PFS. Use Diffie-Hellman group 24 (modp2048s256) - - - dh-group25 - Enable PFS. Use Diffie-Hellman group 25 (ecp192) - - - dh-group26 - Enable PFS. Use Diffie-Hellman group 26 (ecp224) - - - dh-group27 - Enable PFS. Use Diffie-Hellman group 27 (ecp224bp) - - - dh-group28 - Enable PFS. Use Diffie-Hellman group 28 (ecp256bp) - - - dh-group29 - Enable PFS. Use Diffie-Hellman group 29 (ecp384bp) - - - dh-group30 - Enable PFS. Use Diffie-Hellman group 30 (ecp512bp) - - - dh-group31 - Enable PFS. Use Diffie-Hellman group 31 (curve25519) - - - dh-group32 - Enable PFS. Use Diffie-Hellman group 32 (curve448) - - - disable - Disable PFS - - - ^(enable|dh-group1|dh-group2|dh-group5|dh-group14|dh-group15|dh-group16|dh-group17|dh-group18|dh-group19|dh-group20|dh-group21|dh-group22|dh-group23|dh-group24|dh-group25|dh-group26|dh-group27|dh-group28|dh-group29|dh-group30|dh-group31|dh-group32|disable)$ - - - - - - ESP-group proposal [REQUIRED] - - u32:1-65535 - ESP-group proposal number - - - - #include - #include - - - - - - - Name of Internet Key Exchange (IKE) group - - - - - close-action_help - - none hold clear restart - - - none - Set action to none (default) - - - hold - Set action to hold - - - clear - Set action to clear - - - restart - Set action to restart - - - ^(none|hold|clear|restart)$ - - - - - - Dead Peer Detection (DPD) - - - - - Keep-alive failure action - - hold clear restart - - - hold - Set action to hold (default) - - - clear - Set action to clear - - - restart - Set action to restart - - - ^(hold|clear|restart)$ - - - - - - Keep-alive interval - - u32:2-86400 - Keep-alive interval in seconds (default 30) - - - - - - - - - Dead-Peer-Detection keep-alive timeout (IKEv1 only) - - u32:2-86400 - Keep-alive timeout in seconds (default 120) - - - - - - - - - - - ikev2-reauth_help - - yes no - - - yes - Enable remote host re-autentication during an IKE rekey. Currently broken due to a strong swan bug - - - no - Disable remote host re-authenticaton during an IKE rekey. (Default) - - - ^(yes|no)$ - - - - - - Key Exchange Version - - ikev1 ikev2 - - - ikev1 - Use IKEv1 for Key Exchange [DEFAULT] - - - ikev2 - Use IKEv2 for Key Exchange - - - ^(ikev1|ikev2)$ - - - - - - IKE lifetime - - u32:30-86400 - IKE lifetime in seconds (default 28800) - - - - - - - - - Enable MOBIKE Support. MOBIKE is only available for IKEv2. - - enable disable - - - enable - Enable MOBIKE (default for IKEv2) - - - disable - Disable MOBIKE - - - ^(enable|disable)$ - - - - - - IKEv1 Phase 1 Mode Selection - - main aggressive - - - main - Use Main mode for Key Exchanges in the IKEv1 Protocol (Recommended Default) - - - aggressive - Use Aggressive mode for Key Exchanges in the IKEv1 protocol - We do not recommend users to use aggressive mode as it is much more insecure compared to Main mode. - - - ^(main|aggressive)$ - - - - - - proposal_help - - u32:1-65535 - IKE-group proposal - - - - - - dh-grouphelp - - 1 2 5 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 - - - 1 - Diffie-Hellman group 1 (modp768) - - - 2 - Diffie-Hellman group 2 (modp1024) - - - 5 - Diffie-Hellman group 5 (modp1536) - - - 14 - Diffie-Hellman group 14 (modp2048) - - - 15 - Diffie-Hellman group 15 (modp3072) - - - 16 - Diffie-Hellman group 16 (modp4096) - - - 17 - Diffie-Hellman group 17 (modp6144) - - - 18 - Diffie-Hellman group 18 (modp8192) - - - 19 - Diffie-Hellman group 19 (ecp256) - - - 20 - Diffie-Hellman group 20 (ecp384) - - - 21 - Diffie-Hellman group 21 (ecp521) - - - 22 - Diffie-Hellman group 22 (modp1024s160) - - - 23 - Diffie-Hellman group 23 (modp2048s224) - - - 24 - Diffie-Hellman group 24 (modp2048s256) - - - 25 - Diffie-Hellman group 25 (ecp192) - - - 26 - Diffie-Hellman group 26 (ecp224) - - - 27 - Diffie-Hellman group 27 (ecp224bp) - - - 28 - Diffie-Hellman group 28 (ecp256bp) - - - 29 - Diffie-Hellman group 29 (ecp384bp) - - - 30 - Diffie-Hellman group 30 (ecp512bp) - - - 31 - Diffie-Hellman group 31 (curve25519) - - - 32 - Diffie-Hellman group 32 (curve448) - - - ^(1|2|5|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31|32)$ - - - - #include - #include - - - - - - - Sets to include an additional configuration directive file for strongSwan. Use an absolute path to specify the included file - - - - - Sets to include an additional secrets file for strongSwan. Use an absolute path to specify the included file. - - - - - Interface to use for VPN [REQUIRED] - - - - - IPsec interface [REQUIRED] - - - - - - - - - - - IPsec logging - - - - - strongSwan Logger Level - - u32:0-2 - Logger Verbosity Level (default 0) - - - - - - - - - Log mode. To see what each log mode exactly does, please refer to the strongSwan documentation - - dmn mgr ike chd job cfg knl net asn enc lib esp tls tnc imc imv pts any - - - dmn - Debug log option for strongSwan - - - mgr - Debug log option for strongSwan - - - ike - Debug log option for strongSwan - - - chd - Debug log option for strongSwan - - - job - Debug log option for strongSwan - - - cfg - Debug log option for strongSwan - - - knl - Debug log option for strongSwan - - - net - Debug log option for strongSwan - - - asn - Debug log option for strongSwan - - - enc - Debug log option for strongSwan - - - lib - Debug log option for strongSwan - - - esp - Debug log option for strongSwan - - - tls - Debug log option for strongSwan - - - tnc - Debug log option for strongSwan - - - imc - Debug log option for strongSwan - - - imv - Debug log option for strongSwan - - - pts - Debug log option for strongSwan - - - any - Debug log option for strongSwan - - - ^(dmn|mgr|ike|chd|job|cfg|knl|net|asn|enc|lib|esp|tls|tnc|imc|imv|pts|any)$ - - - - - - - - - Network Address Translation (NAT) networks - - - - - NAT networks to allow - - ipv4net - NAT networks to allow - - - - - - - - - NAT networks to exclude from allowed-networks - - ipv4net - NAT networks to exclude from allowed-networks - - - - - - - - - - - - - - Network Address Translation (NAT) traversal - - disable enable - - - disable - Disable NAT-T - - - enable - Enable NAT-T - - - ^(disable|enable)$ - - - - - - Global IPsec settings - - - - - Do not automatically install routes to remote networks - - - - - - - - VPN IPSec Profile - - - - - Authentication [REQUIRED] - - - - - Authentication mode - - - - - Use pre-shared secret key - - - - - - - - Pre-shared secret key - - txt - Pre-shared secret key - - - - - - - - DMVPN crypto configuration - - - - - bind_child_help - - - - - - - - Esp group name [REQUIRED] - - vpn ipsec esp-group - - - - - - Ike group name [REQUIRED] - - vpn ipsec ike-group - - - - - - - - Site to site VPN - - - - - VPN peer - - ipv4 - IPv4 address of the peer - - - ipv6 - IPv6 address of the peer - - - txt - Hostname of the peer - - - <@text> - ID of the peer - - - - - - Peer authentication [REQUIRED] - - - - - ID for peer authentication - - txt - ID used for peer authentication - - - - - - Authentication mode - - pre-shared-secret rsa x509 - - - pre-shared-secret - pre-shared-secret_description - - - rsa - rsa_description - - - x509 - x509_description - - - ^(pre-shared-secret|rsa|x509)$ - - - - - - Pre-shared secret key - - txt - Pre-shared secret key - - - - - - ID for remote authentication - - txt - ID used for peer authentication - - - - - - RSA key name - - - - - Use certificate common name as ID - - - - - - X.509 certificate - - - #include - #include - - - File containing the X.509 Certificate Revocation List (CRL) - - txt - File in /config/auth - - - - - - Key file and password to open it - - - - - File containing the private key for the X.509 certificate for this host - - txt - File in /config/auth - - - - - - Password that protects the private key - - txt - Password that protects the private key - - - - - - - - - - - - Connection type - - initiate respond - - - initiate - initiate_description - - - respond - respond_description - - - ^(initiate|respond)$ - - - - - - Defult ESP group name - - - - - VPN peer description - - - - - - DHCP interface to listen on - - - - - - Force UDP Encapsulation for ESP Payloads - - enable disable - - - enable - This endpoint will force UDP encapsulation for this peer - - - disable - This endpoint will not force UDP encapsulation for this peer - - - ^(enable|disable)$ - - - - - - Internet Key Exchange (IKE) group name [REQUIRED] - - vpn ipsec ike-group - - - - - - Re-authentication of the remote peer during an IKE re-key. IKEv2 option only - - yes no inherit - - - yes - Enable remote host re-autentication during an IKE re-key. Currently broken due to a strong swan bug - - - no - Disable remote host re-authenticaton during an IKE re-key. - - - inherit - Inherit the reauth configuration form your IKE-group (Default) - - - ^(yes|no|inherit)$ - - - - - - IPv4 or IPv6 address of a local interface to use for VPN - - any - - - ipv4 - IPv4 address of a local interface for VPN - - - ipv6 - IPv6 address of a local interface for VPN - - - any - Allow any IPv4 address present on the system to be used for VPN - - - - - ^(any)$ - - - - - - Peer tunnel [REQUIRED] - - u32 - Peer tunnel [REQUIRED] - - - - - - Option to allow NAT networks - - enable disable - - - enable - Enable NAT networks - - - disable - Disable NAT networks (default) - - - ^(enable|disable)$ - - - - - - Option to allow public networks - - enable disable - - - enable - Enable public networks - - - disable - Disable public networks (default) - - - ^(enable|disable)$ - - - - #include - - - ESP group name - - vpn ipsec esp-group - - - - - - Local parameters for interesting traffic - - - - - Any TCP or UDP port - - port name - Named port (any name in /etc/services, e.g., http) - - - u32:1-65535 - Numbered port - - - - - - Local IPv4 or IPv6 prefix - - ipv4 - Local IPv4 prefix - - - ipv6 - Local IPv6 prefix - - - - - - - - - - - - Protocol to encrypt - - - - - - Remote parameters for interesting traffic - - - - - Any TCP or UDP port - - port name - Named port (any name in /etc/services, e.g., http) - - - u32:1-65535 - Numbered port - - - - - - Remote IPv4 or IPv6 prefix - - ipv4 - Remote IPv4 prefix - - - ipv6 - Remote IPv6 prefix - - - - - - - - - - - - - - Virtual tunnel interface [REQUIRED] - - - - - VTI tunnel interface associated with this configuration [REQUIRED] - - - - - ESP group name [REQUIRED] - - vpn ipsec esp-group - - - - - - - - - - - - - - -- cgit v1.2.3