diff options
| author | John Southworth <john.southworth@vyatta.com> | 2011-02-04 17:48:48 -0600 |
|---|---|---|
| committer | John Southworth <john.southworth@vyatta.com> | 2011-02-04 17:48:48 -0600 |
| commit | 19cb796fcb8fdb57ae5cb49867943d49a1452823 (patch) | |
| tree | e4ed197e9df0b46b128571155b068c50e377519b | |
| parent | 6c30c419e7afb5e74661a09254ef47bc0490a54a (diff) | |
| download | vyatta-cfg-vpn-19cb796fcb8fdb57ae5cb49867943d49a1452823.tar.gz vyatta-cfg-vpn-19cb796fcb8fdb57ae5cb49867943d49a1452823.zip | |
Add the ability to define a default esp group for tunnels under a peer to use
| -rwxr-xr-x | scripts/vpn-config.pl | 19 | ||||
| -rw-r--r-- | templates/vpn/ipsec/site-to-site/peer/node.tag/default-esp-group/node.def | 4 |
2 files changed, 22 insertions, 1 deletions
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl index e1a81fa..2ffabc8 100755 --- a/scripts/vpn-config.pl +++ b/scripts/vpn-config.pl @@ -423,6 +423,17 @@ if ( $vcVPN->exists('ipsec') ) { } } } + + # + # Default ESP group + # + my $def_esp_group = $vcVPN->returnValue("ipsec site-to-site peer $peer default-esp-group"); + $def_esp_group = '' if !defined($def_esp_group); + if ( !$vcVPN->exists("ipsec esp-group $def_esp_group") ) { + vpn_die(["vpn","ipsec","site-to-site","peer",$peer,"default-esp-group"], + "$vpn_cfg_err The ESP group \"$def_esp_group\" specified " + . "for peer \"$peer\" has not been configured.\n"); + } # # Name connection by peer and tunnel @@ -448,7 +459,9 @@ if ( $vcVPN->exists('ipsec') ) { my $peer_tunnel_esp_group = $vcVPN->returnValue( "ipsec site-to-site peer $peer tunnel $tunnel esp-group"); - if ( !defined($peer_tunnel_esp_group) || $peer_tunnel_esp_group eq '' ) { + $peer_tunnel_esp_group = '' if (!defined($peer_tunnel_esp_group)); + if ( (!defined($peer_tunnel_esp_group) || $peer_tunnel_esp_group eq '') && + (!defined($def_esp_group) || $def_esp_group eq '')) { vpn_die(["vpn","ipsec","site-to-site","peer",$peer,"tunnel",$tunnel,"esp-group"], "$vpn_cfg_err No ESP group specified for peer \"$peer\" " . "tunnel $tunnel.\n"); @@ -765,6 +778,10 @@ if ( $vcVPN->exists('ipsec') ) { $genout .= "\tesp="; my $esp_group = $vcVPN->returnValue( "ipsec site-to-site peer $peer tunnel $tunnel esp-group"); + if (!defined($esp_group) || $esp_group eq ''){ + $esp_group = $vcVPN->returnValue( + "ipsec site-to-site peer $peer default-esp-group"); + } if ( defined($esp_group) && $esp_group ne '' ) { my @esp_proposals = $vcVPN->listNodes("ipsec esp-group $esp_group proposal"); diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/default-esp-group/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/default-esp-group/node.def new file mode 100644 index 0000000..f754c32 --- /dev/null +++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/default-esp-group/node.def @@ -0,0 +1,4 @@ +help: Defult ESP group name +type: txt +allowed: cli-shell-api listActiveNodes vpn ipsec esp-group + |