diff options
| author | Stig Thormodsrud <stig@vyatta.com> | 2007-12-19 18:09:06 -0800 |
|---|---|---|
| committer | Stig Thormodsrud <stig@vyatta.com> | 2007-12-19 18:09:06 -0800 |
| commit | 2b188e0c9ca392a7c54f4169378e523c355873c1 (patch) | |
| tree | 0ac0524531ab4033af0da006cf39f8736b52beed /templates/vpn/ipsec/ike-group | |
| download | vyatta-cfg-vpn-2b188e0c9ca392a7c54f4169378e523c355873c1.tar.gz vyatta-cfg-vpn-2b188e0c9ca392a7c54f4169378e523c355873c1.zip | |
Port vpn cfg from fairfield to glendale.
Diffstat (limited to 'templates/vpn/ipsec/ike-group')
11 files changed, 40 insertions, 0 deletions
diff --git a/templates/vpn/ipsec/ike-group/node.def b/templates/vpn/ipsec/ike-group/node.def new file mode 100644 index 0000000..19dfb49 --- /dev/null +++ b/templates/vpn/ipsec/ike-group/node.def @@ -0,0 +1,4 @@ +tag: +type: txt +help: "Internet Key Exchange configuration" +syntax: pattern $(@) "^[-_a-zA-Z0-9.]+$" ; "invalid IKE group name \"$(@)\"" diff --git a/templates/vpn/ipsec/ike-group/node.tag/aggressive-mode/node.def b/templates/vpn/ipsec/ike-group/node.tag/aggressive-mode/node.def new file mode 100644 index 0000000..b462e61 --- /dev/null +++ b/templates/vpn/ipsec/ike-group/node.tag/aggressive-mode/node.def @@ -0,0 +1,4 @@ +help: "IKE aggressive-mode configuration" +type: txt +default: "disable" +syntax: $(@) in "enable", "disable"; "enable or disable" diff --git a/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/action/node.def b/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/action/node.def new file mode 100644 index 0000000..fbc1aef --- /dev/null +++ b/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/action/node.def @@ -0,0 +1,4 @@ +help: "Set keep-alive failure action" +type: txt +default: "hold" +syntax: $(@) in "hold", "clear", "restart"; "must be hold, or clear, or restart" diff --git a/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/interval/node.def b/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/interval/node.def new file mode 100644 index 0000000..241edf0 --- /dev/null +++ b/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/interval/node.def @@ -0,0 +1,4 @@ +help: "Set keep-alive interval" +type: u32 +default: 30 +syntax: ($(@) >= 15 && $(@) <= 86400) ; "must be in the range 15 to 86400 seconds inclusive" diff --git a/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/node.def b/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/node.def new file mode 100644 index 0000000..a326d23 --- /dev/null +++ b/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/node.def @@ -0,0 +1 @@ +help: "Configure DPD" diff --git a/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/timeout/node.def b/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/timeout/node.def new file mode 100644 index 0000000..8b46cbb --- /dev/null +++ b/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/timeout/node.def @@ -0,0 +1,4 @@ +help: "Set keep-alive timeout" +type: u32 +default: 120 +syntax: ($(@) >= 30 && $(@) <= 86400) ; "must be in the range 30 to 86400 seconds inclusive" diff --git a/templates/vpn/ipsec/ike-group/node.tag/lifetime/node.def b/templates/vpn/ipsec/ike-group/node.tag/lifetime/node.def new file mode 100644 index 0000000..2a1500a --- /dev/null +++ b/templates/vpn/ipsec/ike-group/node.tag/lifetime/node.def @@ -0,0 +1,4 @@ +help: "IKE lifetime configuration" +type: u32 +default: 28800 +syntax: ($(@) >= 30 && $(@) <= 86400) ; "must be in the range 30 to 86400 seconds inclusive" diff --git a/templates/vpn/ipsec/ike-group/node.tag/proposal/node.def b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.def new file mode 100644 index 0000000..b61a016 --- /dev/null +++ b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.def @@ -0,0 +1,4 @@ +tag: +help: "Configure a ike-group proposal" +type: u32 +syntax: ($(@) >= 1 && $(@) <= 65535) ; "must be in the range 1 to 65535 inclusive" diff --git a/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/dh-group/node.def b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/dh-group/node.def new file mode 100644 index 0000000..58c800b --- /dev/null +++ b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/dh-group/node.def @@ -0,0 +1,3 @@ +help: "Set Diffie-Hellman key exchange" +type: u32 +syntax: ($(@) == 2 || $(@) == 5); "must be 2 or 5" diff --git a/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/encryption/node.def b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/encryption/node.def new file mode 100644 index 0000000..f345008 --- /dev/null +++ b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/encryption/node.def @@ -0,0 +1,4 @@ +help: "Set encryption" +type: txt +default: "aes128" +syntax: $(@) in "aes128", "aes256", "3des"; "must be aes128, or aes256, or 3des" diff --git a/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/hash/node.def b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/hash/node.def new file mode 100644 index 0000000..7cdd3f4 --- /dev/null +++ b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/hash/node.def @@ -0,0 +1,4 @@ +help: "Set hash algorithm" +type: txt +default: "sha1" +syntax: $(@) in "md5", "sha1"; "must be md5 or sha1" |