tag: priority: 380 type: txt help: Tunnel interface val_help: ; Tunnel interface name syntax:expression: pattern $VAR(@) "^tun[0-9]+$" \ ; "tunnel must be (tun0-tun999)" commit:expression: $VAR(./local-ip/) != "" ; \ "Must configure the tunnel local-ip for $VAR(@)" commit:expression: $VAR(./encapsulation/) != "" ; \ "Must configure the tunnel encapsulation for $VAR(@)" commit:expression: exec " if [ $VAR(./encapsulation/@) = gre ] && [ ! -n \"$VAR(./remote-ip/)\" ]; then \ echo \"No remote-ip configured for $VAR(@), tunnel can only be used for mGRE.\"; \ fi; \ if [ $VAR(./encapsulation/@) != gre ] && [ ! -n \"$VAR(./remote-ip/)\" ]; then \ echo \"Must configure the tunnel remote-ip for $VAR(@)\"; \ exit 1; \ fi; exit 0" commit:expression: (!(pattern $VAR(./local-ip/@) ".*:.*") && $VAR(./encapsulation/@) == "gre" && $VAR(./remote-ip/) == "") || \ $VAR(./encapsulation/@) != "gre" || ($VAR(./encapsulation/@) == "gre" && $VAR(./remote-ip/) != ""); "IPv6 local-ip ($VAR(./local-ip/@)) is forbidden for mGRE tunnels." commit:expression: (!(pattern $VAR(./address/@@) ".*:.*") && $VAR(./encapsulation/@) == "gre" && $VAR(./remote-ip/) == "") || \ $VAR(./encapsulation/@) != "gre" || ($VAR(./encapsulation/@) == "gre" && $VAR(./remote-ip/) != ""); "IPv6 addresses ($VAR(./address/@@)) are forbidden for mGRE tunnels." create: if [ $VAR(./encapsulation/@) == gre ] && [ -z $VAR(./remote-ip/) ]; then sudo invoke-rc.d opennhrp.init start; fi if [ x$VAR(./multicast/@) == xenable ]; then MC="multicast on allmulticast on"; fi case "$VAR(./encapsulation/@)" in "gre" | "ipip" | "sit") if [ -n "$VAR(./parameters/ip/bridge-group/)" ] ; then echo "interfaces tunnel $VAR(@): Tunnel encapsulation type must be gre-bridge if a bridge group is defined"; exit 1; fi if [ -z "$VAR(./parameters/ip/tos/@)" ]; then TOS="tos inherit" fi if [ -z "$VAR(./parameters/ip/ttl/@)" ]; then TTL="ttl 255" fi if [ -n "$VAR(./parameters/ip/key/@)" ]; then KEY="key $VAR(./parameters/ip/key/@)"; fi if [ "$VAR(./encapsulation/@)" == "gre" ] && [ -z $VAR(./remote-ip/) ]; then ip tunnel add $VAR(@) local $VAR(./local-ip/@) mode gre $KEY $TTL $TOS else ip tunnel add $VAR(@) local $VAR(./local-ip/@) remote $VAR(./remote-ip/@) mode $VAR(./encapsulation/@) $KEY $TTL $TOS fi if [ -z "`ip tun sh | grep $VAR(@)`" ]; then echo interfaces tunnel $VAR(@): error creating tunnel interface exit 1 fi ;; "gre-bridge") ip link add $VAR(@) type gretap local $VAR(./local-ip/@) remote $VAR(./remote-ip/@) || echo "interfaces tunnel $VAR(@): error creating tunnel interface" ;; "ipip6" | "ip6ip6") ip -6 tunnel add $VAR(@) local $VAR(./local-ip/@) remote $VAR(./remote-ip/@) mode $VAR(./encapsulation/@) || echo "interfaces tunnel $VAR(@): error creating tunnel interface" ;; esac ip link set $VAR(@) $MC up || echo "interfaces tunnel $VAR(@): error setting tunnel interface active" delete: /opt/vyatta/sbin/vyos-update-nhrp.pl --checkref --tun $VAR(@) ip link set $VAR(@) down case "$VAR(./encapsulation/@)" in "gre" | "ipip" | "sit") if [ -z $VAR(./remote-ip/) ]; then ip tunnel del $VAR(@) mode gre else ip tunnel del $VAR(@) mode $VAR(./encapsulation/@) fi;; "gre-bridge") ip link delete $VAR(@) ;; "ipip6" | "ip6ip6") ip -6 tunnel del $VAR(@) mode $VAR(./encapsulation/@);; esac end: if [ "${COMMIT_ACTION}" == DELETE ]; then /opt/vyatta/sbin/vyatta-tunnel-cleanup $VAR(@) fi