diff options
| author | Daniil Baturin <daniil@baturin.org> | 2016-02-11 12:31:36 -0500 |
|---|---|---|
| committer | Daniil Baturin <daniil@baturin.org> | 2016-02-11 12:31:36 -0500 |
| commit | a9d0b5972c64c1d32fe89def263df635525b1d7d (patch) | |
| tree | 1acaf6337af04ae30d315bd5cb1470832102437f /templates | |
| parent | 2cda998101aa8d83ab92e9d3d1abddf672ac2c2d (diff) | |
| parent | 5ee99ec9d5cca8c13804964eee23ce0b15578edf (diff) | |
| download | vyatta-cfg-vpn-a9d0b5972c64c1d32fe89def263df635525b1d7d.tar.gz vyatta-cfg-vpn-a9d0b5972c64c1d32fe89def263df635525b1d7d.zip | |
Merge branch 'lithium-strongswan5' of https://github.com/TriJetScud/vyatta-cfg-vpn into current
Diffstat (limited to 'templates')
8 files changed, 43 insertions, 13 deletions
diff --git a/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/encryption/node.def b/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/encryption/node.def index 0e8fd2d..ba66828 100644 --- a/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/encryption/node.def +++ b/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/encryption/node.def @@ -1,10 +1,10 @@ help: Encryption algorithm type: txt default: "aes128" -syntax:expression: $VAR(@) in "aes128", "aes256", "3des"; "must be aes128, or aes256, or 3des" -syntax:expression: $VAR(@) in "aes128", "aes256", "3des", "aes128gcm128", "aes256gcm128"; "must be aes128, or aes128gcm128, or aes256, or aes256gcm128, or 3des" +syntax:expression: $VAR(@) in "aes128", "aes256", "aes128gcm128", "aes256gcm128", "3des", "chacha20poly1305"; "must be aes128, aes256, 3des, or chacha20poly1305" val_help: aes128; AES-128 encryption (default) val_help: aes256; AES-256 encryption val_help: aes128gcm128; AES-128 encryption with Galois Counter Mode 128-bit val_help: aes256gcm128; AES-256 encryption with Galois Counter Mode 128-bit val_help: 3des; 3DES encryption +val_help: chacha20poly1305; ChaCha20-Poly1305 encryption diff --git a/templates/vpn/ipsec/ike-group/node.tag/mode/node.def b/templates/vpn/ipsec/ike-group/node.tag/mode/node.def new file mode 100644 index 0000000..2b67dad --- /dev/null +++ b/templates/vpn/ipsec/ike-group/node.tag/mode/node.def @@ -0,0 +1,5 @@ +help: IKEv1 Phase 1 Mode Selection +type: txt +syntax:expression: $VAR(@) in "main", "aggressive"; "must be main or aggressive" +val_help: main; Use Main mode for Key Exchanges in the IKEv1 Protocol (Recommended Default) +val_help: aggressive; Use Aggressive mode for Key Exchanges in the IKEv1 protocol - We do not recommend users to use aggressive mode as it is much more insecure compared to Main mode. diff --git a/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/encryption/node.def b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/encryption/node.def index 0e8fd2d..ba66828 100644 --- a/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/encryption/node.def +++ b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/encryption/node.def @@ -1,10 +1,10 @@ help: Encryption algorithm type: txt default: "aes128" -syntax:expression: $VAR(@) in "aes128", "aes256", "3des"; "must be aes128, or aes256, or 3des" -syntax:expression: $VAR(@) in "aes128", "aes256", "3des", "aes128gcm128", "aes256gcm128"; "must be aes128, or aes128gcm128, or aes256, or aes256gcm128, or 3des" +syntax:expression: $VAR(@) in "aes128", "aes256", "aes128gcm128", "aes256gcm128", "3des", "chacha20poly1305"; "must be aes128, aes256, 3des, or chacha20poly1305" val_help: aes128; AES-128 encryption (default) val_help: aes256; AES-256 encryption val_help: aes128gcm128; AES-128 encryption with Galois Counter Mode 128-bit val_help: aes256gcm128; AES-256 encryption with Galois Counter Mode 128-bit val_help: 3des; 3DES encryption +val_help: chacha20poly1305; ChaCha20-Poly1305 encryption diff --git a/templates/vpn/ipsec/include-ipsec-conf/node.def b/templates/vpn/ipsec/include-ipsec-conf/node.def new file mode 100644 index 0000000..fc82a45 --- /dev/null +++ b/templates/vpn/ipsec/include-ipsec-conf/node.def @@ -0,0 +1,2 @@ +type: txt +help: Sets to include an additional configuration directive file for strongSwan. Use an absolute path to specify the included file. diff --git a/templates/vpn/ipsec/include-ipsec-secrets/node.def b/templates/vpn/ipsec/include-ipsec-secrets/node.def new file mode 100644 index 0000000..37b73e1 --- /dev/null +++ b/templates/vpn/ipsec/include-ipsec-secrets/node.def @@ -0,0 +1,2 @@ +type: txt +help: Sets to include an additional secrets file for strongSwan. Use an absolute path to specify the included file. diff --git a/templates/vpn/ipsec/logging/log-level/node.def b/templates/vpn/ipsec/logging/log-level/node.def new file mode 100644 index 0000000..54cf698 --- /dev/null +++ b/templates/vpn/ipsec/logging/log-level/node.def @@ -0,0 +1,5 @@ +help: strongSwan Logger Level +type: u32 +default: 1 +syntax:expression: ($VAR(@) >= 0 && $VAR(@) <= 2) ; "must be between levels 0-2" +val_help: u32:0-2; Logger Verbosity Level (default 0) diff --git a/templates/vpn/ipsec/logging/log-modes/node.def b/templates/vpn/ipsec/logging/log-modes/node.def index f0dd9f4..5662a4e 100644 --- a/templates/vpn/ipsec/logging/log-modes/node.def +++ b/templates/vpn/ipsec/logging/log-modes/node.def @@ -1,11 +1,21 @@ multi: -help: Log mode +help: Log mode. To see what each log mode exactly does, please refer to the strongSwan documentation type: txt -syntax:expression: $VAR(@) in "raw", "crypt", "parsing", "emitting", "control", "all", "private" ; "must be one of the following: raw, crypt, parsing, emitting, control, all, private" -val_help: raw; Debug log option for pluto -val_help: crypt; Debug log option for pluto -val_help: parsing; Debug log option for pluto -val_help: emitting; Debug log option for pluto -val_help: control; Debug log option for pluto -val_help: all; Debug log option for pluto -val_help: private; Debug log option for pluto +syntax:expression: $VAR(@) in "dmn", "mgr", "ike", "chd", "job", "cfg", "knl", "net", "asn", "enc", "lib", "esp", "tls", "tnc", "imc", "imv", "pts" ; "must be one of the following: dmn, mgr, ike, chd, job, cfg, knl, net, asn, enc, lib, esp, tls, tnc, imc, imv, pts" +val_help: dmn; Debug log option for strongSwan +val_help: mgr; Debug log option for strongSwan +val_help: ike; Debug log option for strongSwan +val_help: chd; Debug log option for strongSwan +val_help: job; Debug log option for strongSwan +val_help: cfg; Debug log option for strongSwan +val_help: knl; Debug log option for strongSwan +val_help: net; Debug log option for strongSwan +val_help: asn; Debug log option for strongSwan +val_help: enc; Debug log option for strongSwan +val_help: lib; Debug log option for strongSwan +val_help: esp; Debug log option for strongSwan +val_help: tls; Debug log option for strongSwan +val_help: tnc; Debug log option for strongSwan +val_help: imc; Debug log option for strongSwan +val_help: imv; Debug log option for strongSwan +val_help: pts; Debug log option for strongSwan diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/force-encapsulation/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/force-encapsulation/node.def new file mode 100644 index 0000000..bc71729 --- /dev/null +++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/force-encapsulation/node.def @@ -0,0 +1,6 @@ +help: Force UDP Encapsulation for ESP Payloads +type: txt +syntax:expression: $VAR(@) in "enable", "disable"; "Must be enable or disable" +val_help: enable; This endpoint will force UDP encapsulation for this peer +val_help: disable; This endpoint will not force UDP encapsulation for this peer + |