blob: 48659c343f6f43eaf41e67ffa0652540a42abd76 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
tag:
priority: 380
type: txt
help: Tunnel interface
val_help: <tunN>; Tunnel interface name
syntax:expression: pattern $VAR(@) "^tun[0-9]+$" \
; "tunnel must be (tun0-tun999)"
commit:expression: $VAR(./local-ip/) != "" || $VAR(./dhcp-interface/) != ""; \
"Must configure either local-ip or dhcp-interface for tunnel $VAR(@)"
commit:expression: $VAR(./local-ip/) == "" || $VAR(./dhcp-interface/) == ""; \
"Must configure only one of local-ip or dhcp-interface for tunnel $VAR(@)"
commit:expression: $VAR(./encapsulation/) != "" ; \
"Must configure the tunnel encapsulation for $VAR(@)"
commit:expression:
exec "
if [ $VAR(./encapsulation/@) = gre ] && [ ! -n \"$VAR(./remote-ip/)\" ]; then \
echo \"No remote-ip configured for $VAR(@), tunnel can only be used for mGRE.\"; \
if [ $VAR(./local-ip/@) == \"0.0.0.0\" ] && [ ! -n \"$VAR(./parameters/ip/key/)\" ]; then \
echo \"Tunnel $VAR(@) parameters ip key must be set!\"; \
exit 1; \
fi \
fi; \
if [ -n \"$VAR(./6rd-prefix/)\" ]; then \
if [ $VAR(./encapsulation/@) != sit ]; then \
echo \"6rd-prefix can only be set for SIT tunnels\"; \
exit 1; \
fi \
fi; \
if [ $VAR(./encapsulation/@) != gre ] && [ ! -n \"$VAR(./remote-ip/)\" ]; then \
echo \"Must configure the tunnel remote-ip for $VAR(@)\"; \
exit 1; \
fi;
exit 0"
commit:expression: (!(pattern $VAR(./local-ip/@) ".*:.*") && $VAR(./encapsulation/@) == "gre" && $VAR(./remote-ip/) == "") || \
$VAR(./encapsulation/@) != "gre" || ($VAR(./encapsulation/@) == "gre" && $VAR(./remote-ip/) != ""); "IPv6 local-ip ($VAR(./local-ip/@)) is forbidden for mGRE tunnels."
commit:expression: (!(pattern $VAR(./address/@@) ".*:.*") && $VAR(./encapsulation/@) == "gre" && $VAR(./remote-ip/) == "") || \
$VAR(./encapsulation/@) != "gre" || ($VAR(./encapsulation/@) == "gre" && $VAR(./remote-ip/) != ""); "IPv6 addresses ($VAR(./address/@@)) are forbidden for mGRE tunnels."
commit:expression: !($VAR(./encapsulation/@) == "gre" && ((pattern $VAR(./local-ip/@@) ".*:.*") || (pattern $VAR(./remote-ip/@@) ".*:.*"))); \
"Using IPv6 address in local-ip or remote-ip is not possible with \"encapsulation gre\". Use \"encapsulation ip6gre\" instead."
create:
if [ $VAR(./encapsulation/@) == gre ] && [ -z $VAR(./remote-ip/) ]; then
sudo invoke-rc.d opennhrp.init start;
fi
if [ x$VAR(./multicast/@) == xenable ]; then
MC="multicast on allmulticast on";
fi
if [ -n "$VAR(./local-ip/@)" ]; then
LIP=$VAR(./local-ip/@)
else
LIP=$(/opt/vyatta/sbin/vyatta-dhcp-helper.pl --interface=$VAR(./dhcp-interface/@) --want=local)
fi
case "$VAR(./encapsulation/@)" in
"gre" | "ipip" | "sit" | "ip6gre")
if [ -n "$VAR(./parameters/ip/bridge-group/)" ] ; then
echo "interfaces tunnel $VAR(@): Tunnel encapsulation type must be gre-bridge if a bridge group is defined";
exit 1;
fi
if [ -n "$VAR(./parameters/ip/tos/@)" ]; then
TOS="tos $VAR(./parameters/ip/tos/@)"
else
TOS="tos inherit"
fi
if [ -n "$VAR(./parameters/ip/ttl/@)" ]; then
TTL="ttl $VAR(./parameters/ip/ttl/@)"
else
TTL="ttl 255"
fi
if [ -n "$VAR(./parameters/ip/key/@)" ]; then
KEY="key $VAR(./parameters/ip/key/@)"
fi
if [ "$VAR(./encapsulation/@)" == "gre" ] && [ -z $VAR(./remote-ip/) ]; then
sudo ip tunnel add $VAR(@) local $LIP mode gre $KEY $TTL $TOS
elif [ "$VAR(./encapsulation/@)" == "ip6gre" ] && [ -z $VAR(./remote-ip/) ]; then
sudo ip tunnel add $VAR(@) local $LIP mode ip6gre $KEY $TTL $TOS
elif [ "$VAR(./encapsulation/@)" == "sit" ] && [ -n "$VAR(./6rd-prefix/@)" ]; then
if [ -n "$VAR(./6rd-relay-prefix/@)" ]; then
RP="6rd-relay_prefix $VAR(./6rd-relay-prefix/@)"
fi
sudo ip tunnel add $VAR(@) remote $VAR(./remote-ip/@) mode sit
sudo ip tunnel 6rd dev $VAR(@) 6rd-prefix $VAR(./6rd-prefix/@) $RP
else
sudo ip tunnel add $VAR(@) local $LIP remote $VAR(./remote-ip/@) mode $VAR(./encapsulation/@) $KEY $TTL $TOS
fi
if [ -z "`ip tunnel show | grep $VAR(@)`" ] && [ -z "`ip -6 tunnel show | grep $VAR(@)`" ]; then
echo interfaces tunnel $VAR(@): error creating tunnel interface
exit 1
fi
;;
"gre-bridge")
sudo ip link add $VAR(@) type gretap local $LIP remote $VAR(./remote-ip/@) ||
echo "interfaces tunnel $VAR(@): error creating tunnel interface"
;;
"ipip6" | "ip6ip6")
sudo ip -6 tunnel add $VAR(@) local $LIP remote $VAR(./remote-ip/@) mode $VAR(./encapsulation/@) ||
echo "interfaces tunnel $VAR(@): error creating tunnel interface"
;;
esac
sudo ip link set $VAR(@) $MC up ||
echo "interfaces tunnel $VAR(@): error setting tunnel interface active"
delete:
/opt/vyatta/sbin/vyos-update-nhrp.pl --checkref --tun $VAR(@)
sudo ip link set $VAR(@) down
case "$VAR(./encapsulation/@)" in
"gre" | "ipip" | "sit")
if [ -z $VAR(./remote-ip/) ]; then
sudo ip tunnel del $VAR(@) mode gre
else
sudo ip tunnel del $VAR(@) mode $VAR(./encapsulation/@)
fi;;
"gre-bridge")
sudo ip link delete $VAR(@) ;;
"ipip6" | "ip6ip6")
sudo ip -6 tunnel del $VAR(@) mode $VAR(./encapsulation/@);;
esac
end:
if [ "${COMMIT_ACTION}" == DELETE ]; then
/opt/vyatta/sbin/vyatta-tunnel-cleanup $VAR(@)
fi
|
