diff options
author | Jeff Leung <jleung@v10networks.ca> | 2014-05-21 21:34:31 -0500 |
---|---|---|
committer | Jeff Leung <jleung@v10networks.ca> | 2014-05-21 21:47:43 -0500 |
commit | 000a81bb28ed23b4d4ee359cf5f12bfbb0275841 (patch) | |
tree | c99dcf9fbf514f111512e22d3e2e97ebffc41aea /scripts | |
parent | bdf73b3e470ea69332d69e67a757792ce5af3dbd (diff) | |
download | vyatta-cfg-vpn-000a81bb28ed23b4d4ee359cf5f12bfbb0275841.tar.gz vyatta-cfg-vpn-000a81bb28ed23b4d4ee359cf5f12bfbb0275841.zip |
Adding initial support for IKEv2/IKEv1 Site-to-Site VPN's by adding the optional "vpn ipsec ike-group <IKEGROUP> key-exchange" parameter.
Diffstat (limited to 'scripts')
-rwxr-xr-x | scripts/vpn-config.pl | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl index 4870d48..dd6113d 100755 --- a/scripts/vpn-config.pl +++ b/scripts/vpn-config.pl @@ -253,7 +253,7 @@ if ( $vcVPN->exists('ipsec') ) { $genout .= "version 2.0\n"; $genout .= "\n"; $genout .= "config setup\n"; - $genout .= "\tcharonstart=no\n"; # no need for charon unless we have ikev2 + $genout .= "\tcharonstart=yes\n"; # # Interfaces @@ -865,6 +865,26 @@ if ( $vcVPN->exists('ipsec') ) { } $genout .= "!\n"; + # + # Get IKE version setting + # + my $key_exchange = $vcVPN->returnValue( + "ipsec ike-group $ike_group key-exchange"); + if ( defined($key_exchange) ) { + if ($key_exchange eq 'auto') { + $genout .= "\tkeyexchange=ike\n"; + } + elsif ($key_exchange eq 'ikev1') { + $genout .= "\tkeyexchange=ikev1\n"; + } + elsif ($key_exchange eq 'ikev2') { + $genout .= "\tkeyexchange=ikev2\n"; + } + } + else { + $genout .= "\tkeyexchange=ikev1\n"; + } + my $t_ikelifetime = $vcVPN->returnValue("ipsec ike-group $ike_group lifetime"); if ( defined($t_ikelifetime) && $t_ikelifetime ne '' ) { |