DMVPN support with profiles.

9 files changed, 85 insertions, 0 deletions

diff --git a/templates/vpn/ipsec/profile/node.def b/templates/vpn/ipsec/profile/node.def
new file mode 100644
index 0000000..cbe1349
--- /dev/null
+++ b/templates/vpn/ipsec/profile/node.def
@@ -0,0 +1,4 @@
+tag:
+type: txt
+help: VPN IPSec Profile
+val_help: txt; Name of the VPN IPSec profile
diff --git a/templates/vpn/ipsec/profile/node.tag/authentication/mode/node.def b/templates/vpn/ipsec/profile/node.tag/authentication/mode/node.def
new file mode 100644
index 0000000..a6896a1
--- /dev/null
+++ b/templates/vpn/ipsec/profile/node.tag/authentication/mode/node.def
@@ -0,0 +1,5 @@
+help: Authentication mode
+type: txt 
+default: "pre-shared-secret"
+syntax:expression: $VAR(@) in "pre-shared-secret"; "must be pre-shared-secret; x509 and rsa are not supported for DMVPN"
+val_help: pre-shared-secret; Use pre-shared secret key
diff --git a/templates/vpn/ipsec/profile/node.tag/authentication/node.def b/templates/vpn/ipsec/profile/node.tag/authentication/node.def
new file mode 100644
index 0000000..d6b17dc
--- /dev/null
+++ b/templates/vpn/ipsec/profile/node.tag/authentication/node.def
@@ -0,0 +1 @@
+help: Authentication [REQUIRED]
diff --git a/templates/vpn/ipsec/profile/node.tag/authentication/pre-shared-secret/node.def b/templates/vpn/ipsec/profile/node.tag/authentication/pre-shared-secret/node.def
new file mode 100644
index 0000000..3b59835
--- /dev/null
+++ b/templates/vpn/ipsec/profile/node.tag/authentication/pre-shared-secret/node.def
@@ -0,0 +1,19 @@
+help: Pre-shared secret key
+type: txt
+syntax:expression: pattern $VAR(@) "^[-\+\&\!\@\#\$\%\^\*\(\)\,\.\:_a-zA-Z0-9]+$" ; "invalid pre-shared secret key \"$VAR(@)\"
+
+Only these characters are allowed to be used for setting pre-shared secret key :
+ alphanumeric characters      a-z A-Z 0-9
+ special characters           - + & ! @ # $ % ^ * ( ) , . : _
+
+Use of single quotes to set pre-shared secret key is recommended.
+Example usage : 'aA1-&!@,.:_2Bb'
+"
+
+comp_help:
+These characters are allowed to be used for setting pre-shared secret key :
+ alphanumeric characters      a-z A-Z 0-9
+ special characters           - + & ! @ # $ %% ^ * ( ) , . : _
+
+Use of single quotes to set pre-shared secret key is recommended.
+Example usage : 'aA1-&!@,.:_2Bb'
diff --git a/templates/vpn/ipsec/profile/node.tag/bind/node.def b/templates/vpn/ipsec/profile/node.tag/bind/node.def
new file mode 100644
index 0000000..9576c96
--- /dev/null
+++ b/templates/vpn/ipsec/profile/node.tag/bind/node.def
@@ -0,0 +1 @@
+help: DMVPN crypto configuration
diff --git a/templates/vpn/ipsec/profile/node.tag/bind/tunnel/node.def b/templates/vpn/ipsec/profile/node.tag/bind/tunnel/node.def
new file mode 100644
index 0000000..3b05bb5
--- /dev/null
+++ b/templates/vpn/ipsec/profile/node.tag/bind/tunnel/node.def
@@ -0,0 +1,13 @@
+tag:
+type: txt
+help: Tunnel interface associated with this configuration profile
+allowed: cli-shell-api listActiveNodes interfaces tunnel
+
+commit:expression: $VAR(../../esp-group/) != ""; "Must configure esp-group"
+commit:expression: $VAR(../../ike-group/) != ""; "Must configure ike-group"
+commit:expression: $VAR(../../authentication/) != ""; "Must configure authentication"
+commit:expression: `cli-shell-api returnValue interfaces tunnel $VAR(@) encapsulation` == "gre-multipoint"; "Must be mgre tunnel"
+
+end:
+
+    sudo /opt/vyatta/sbin/vyatta-update-nhrp.pl --tunnel "$VAR(@)" --ipsec_profile "$VAR(../../@)" --commit_ipsec 
diff --git a/templates/vpn/ipsec/profile/node.tag/esp-group/node.def b/templates/vpn/ipsec/profile/node.tag/esp-group/node.def
new file mode 100644
index 0000000..1e9eef9
--- /dev/null
+++ b/templates/vpn/ipsec/profile/node.tag/esp-group/node.def
@@ -0,0 +1,19 @@
+type: txt
+help: Esp group name [REQUIRED]
+val_help: Esp group name
+
+allowed: sudo /opt/vyatta/sbin/vyatta-update-nhrp.pl --get_esp_gr_names;
+
+syntax:expression:
+exec "
+      RET=`sudo /opt/vyatta/sbin/vyatta-update-nhrp.pl --get_esp_gr_names`
+      if  echo \"$RET\" | grep -q \"$VAR(@)\"
+      then
+        exit 0
+      fi
+      if [ -z \"$RET\" ]; then
+         echo \"There are no available group names\"
+      else
+         echo \"Must be ($RET)\"
+      fi
+      exit 1"
diff --git a/templates/vpn/ipsec/profile/node.tag/ike-group/node.def b/templates/vpn/ipsec/profile/node.tag/ike-group/node.def
new file mode 100644
index 0000000..0c80e58
--- /dev/null
+++ b/templates/vpn/ipsec/profile/node.tag/ike-group/node.def
@@ -0,0 +1,19 @@
+type: txt
+help: Ike group name [REQUIRED]
+val_help: Ike group name
+
+allowed: sudo /opt/vyatta/sbin/vyatta-update-nhrp.pl --get_ike_gr_names;
+
+syntax:expression:
+exec "
+      RET=`sudo /opt/vyatta/sbin/vyatta-update-nhrp.pl --get_ike_gr_names`
+      if  echo \"$RET\" | grep -q \"$VAR(@)\"
+      then
+        exit 0
+      fi
+      if [ -z \"$RET\" ]; then
+         echo \"There are no available group names\"
+      else
+         echo \"Must be ($RET)\"
+      fi
+      exit 1"
diff --git a/templates/vpn/node.def b/templates/vpn/node.def
index a504791..b727afa 100644
--- a/templates/vpn/node.def
+++ b/templates/vpn/node.def
@@ -5,5 +5,9 @@ end:sudo /opt/vyatta/sbin/vyatta-vti-config.pl || exit 1
 	      --config_file='/etc/ipsec.conf' \
               --secrets_file='/etc/ipsec.secrets' \
               --init_script='/etc/init.d/ipsec' || exit 1
+    sudo /opt/vyatta/sbin/dmvpn-config.pl \
+              --config_file='/etc/dmvpn.conf' \
+              --secrets_file='/etc/dmvpn.secrets' \
+              --init_script='/etc/init.d/ipsec' || exit 1
         sudo /opt/vyatta/sbin/vyatta-update-l2tp.pl || exit 1
         sudo /opt/vyatta/sbin/vyatta-update-pptp.pl || exit 1