Merge pull request #6 from TriJetScud/helium-pull-req

Initial MOBIKE Configuration Support

2 files changed, 26 insertions, 0 deletions

diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl
index 822c9c3..f1d4e46 100755
--- a/scripts/vpn-config.pl
+++ b/scripts/vpn-config.pl
@@ -910,6 +910,27 @@ if ( $vcVPN->exists('ipsec') ) {
         else {
           $genout .= "\tkeyexchange=ikev1\n";
         }
+        
+        #
+        # Allow the user to disable MOBIKE for IKEv2 connections
+        #
+        my $mob_ike = $vcVPN->returnValue(
+          "ipsec ike-group $ike_group mobike");
+
+        if ( defined($mob_ike) ) {
+          if ( defined($key_exchange) && $key_exchange eq 'ikev2' ) {
+            if ($mob_ike eq 'enabled') {
+                $genout .= "\tmobike=yes\n";
+            }
+            if ($mob_ike eq 'disabled') {
+                $genout .= "\tmobike=no\n";
+            }
+          }
+          else {
+            vpn_die(["vpn","ipsec","ike-group", $ike_group, "mobike"], 
+            "$vpn_cfg_err MOBIKE is only valid for IKEv2 configurations.\n");
+          }
+        }
 
         my $t_ikelifetime =
           $vcVPN->returnValue("ipsec ike-group $ike_group lifetime");
diff --git a/templates/vpn/ipsec/ike-group/node.tag/mobike/node.def b/templates/vpn/ipsec/ike-group/node.tag/mobike/node.def
new file mode 100644
index 0000000..fe2656f
--- /dev/null
+++ b/templates/vpn/ipsec/ike-group/node.tag/mobike/node.def
@@ -0,0 +1,5 @@
+help: Enable MOBIKE Support. MOBIKE is only valid for IKEv2 configurations.
+type: txt
+syntax:expression: $VAR(@) in "enabled", "disabled"; "must be enabled or disabled"
+val_help: enabled; Enable MOBIKE ([DEFAULT] if IKEv2)
+val_help: disabled; Disable MOBIKE