diff options
| author | Daniil Baturin <daniil@baturin.org> | 2014-05-29 09:12:39 -0700 |
|---|---|---|
| committer | Daniil Baturin <daniil@baturin.org> | 2014-05-29 09:12:39 -0700 |
| commit | 9d556bd960086e60b997a60fd3a94499755d87c8 (patch) | |
| tree | 2292a8101ff3babc772725f4787eeb2b0e73fbd1 | |
| parent | d152b56e4ea84a1bdcd79f2619bcd5d7dd7a0aff (diff) | |
| parent | f3131ceca70e295b455fc9dd9f97842339a84d26 (diff) | |
| download | vyatta-cfg-vpn-hydrogen.tar.gz vyatta-cfg-vpn-hydrogen.zip | |
Merge pull request #7 from m-asama/hydrogen-ipv4idhydrogen
Add support for IPsec phase 1 ID of IPv4 address format
3 files changed, 22 insertions, 4 deletions
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl index 4870d48..bda6318 100755 --- a/scripts/vpn-config.pl +++ b/scripts/vpn-config.pl @@ -591,7 +591,13 @@ if ( $vcVPN->exists('ipsec') ) { $genout .= "\tleft=$lip\n"; $leftsourceip = "\tleftsourceip=$lip\n"; } - $genout .= "\tleftid=$authid\n" if defined $authid; + if ( defined($authid) ) { + if ( $authid =~ m/^\@/ ) { + $genout .= "\tleftid=\"$authid\"\n"; + } else { + $genout .= "\tleftid=$authid\n"; + } + } } # @SM Todo: must have explicit settings for VTI. @@ -601,9 +607,13 @@ if ( $vcVPN->exists('ipsec') ) { if ( $peer =~ /^\@/ ) { # peer is an "ID" - $rightid = $peer; + if ( defined($authremoteid) ) { + $rightid = $authremoteid; + } else { + $rightid = $peer; + } $any_peer = 1; - } elsif ($authremoteid) { + } elsif ( defined($authremoteid) ) { $rightid = $authremoteid; } if ( ( $peer eq 'any' ) @@ -621,7 +631,13 @@ if ( $vcVPN->exists('ipsec') ) { $right = $peer; } $genout .= "\tright=$right\n"; - $genout .= "\trightid=\"$rightid\"\n" if ( defined($rightid) ); + if ( defined($rightid) ) { + if ( $rightid =~ m/^\@/ ) { + $genout .= "\trightid=\"$rightid\"\n"; + } else { + $genout .= "\trightid=$rightid\n"; + } + } if ($any_peer) { $genout .= "\trekey=no\n"; } diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/id/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/id/node.def index a8f1df9..9808e87 100644 --- a/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/id/node.def +++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/id/node.def @@ -2,4 +2,5 @@ help: ID for peer authentication type: txt syntax:expression: pattern $VAR(@) "^[[:print:]]+" ; "invalid ID \"$VAR(@)\"" +val_help: ipv4; ID used for peer authentication val_help: @<text>; ID used for peer authentication diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/remote-id/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/remote-id/node.def index e2ba16d..2893e1d 100644 --- a/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/remote-id/node.def +++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/remote-id/node.def @@ -2,4 +2,5 @@ help: ID for remote authentication type: txt syntax:expression: pattern $VAR(@) "^[[:print:]]+" ; "invalid ID \"$VAR(@)\"" +val_help: ipv4; ID used for peer authentication val_help: @<text>; ID used for peer authentication |