diff options
| -rwxr-xr-x | scripts/vpn-config.pl | 26 | ||||
| -rw-r--r-- | templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/protocol/node.def (renamed from templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/local/protocol/node.def) | 6 | ||||
| -rw-r--r-- | templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/remote/protocol/node.def | 11 |
3 files changed, 18 insertions, 25 deletions
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl index 28c965b..e1a81fa 100755 --- a/scripts/vpn-config.pl +++ b/scripts/vpn-config.pl @@ -607,44 +607,42 @@ if ( $vcVPN->exists('ipsec') ) { # # Protocol/port # - my $lprotocol = $vcVPN->returnValue( - "ipsec site-to-site peer $peer tunnel $tunnel local protocol"); + my $protocol = $vcVPN->returnValue( + "ipsec site-to-site peer $peer tunnel $tunnel protocol"); my $lprotoport = ''; - if (defined($lprotocol)){ - $lprotoport .= $lprotocol; + if (defined($protocol)){ + $lprotoport .= $protocol; } my $lport = $vcVPN->returnValue( "ipsec site-to-site peer $peer tunnel $tunnel local port"); if (defined($lport)){ - if (!defined($lprotocol)){ + if (!defined($protocol)){ $lprotoport .= "0/$lport"; - } elsif (is_tcp_udp($lprotocol)){ + } elsif (is_tcp_udp($protocol)){ $lprotoport .= "/$lport"; } else { vpn_die(["vpn","ipsec","site-to-site","peer",$peer, "tunnel", $tunnel, "local", "port"], - "$vpn_cfg_err local port can only be defined when local protocol is tcp, udp, or undefined.\n"); + "$vpn_cfg_err local port can only be defined when protocol is tcp, udp, or undefined.\n"); } } if (not ($lprotoport eq '')){ $genout .= "\tleftprotoport=$lprotoport\n"; } - my $rprotocol = $vcVPN->returnValue( - "ipsec site-to-site peer $peer tunnel $tunnel remote protocol"); my $rprotoport = ''; - if (defined($rprotocol)){ - $rprotoport .= $rprotocol; + if (defined($protocol)){ + $rprotoport .= $protocol; } my $rport = $vcVPN->returnValue( "ipsec site-to-site peer $peer tunnel $tunnel remote port"); if (defined($rport)){ - if (!defined($rprotocol)){ + if (!defined($protocol)){ $rprotoport .= "0/$rport"; - } elsif (is_tcp_udp($rprotocol)){ + } elsif (is_tcp_udp($protocol)){ $rprotoport .= "/$rport"; } else { vpn_die(["vpn","ipsec","site-to-site","peer",$peer, "tunnel", $tunnel, "remote", "port"], - "$vpn_cfg_err remote port can only be defined when remote protocol is tcp, udp, or undefined.\n"); + "$vpn_cfg_err remote port can only be defined when protocol is tcp, udp, or undefined.\n"); } } if (not ($rprotoport eq '')){ diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/local/protocol/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/protocol/node.def index 040a391..f684ec9 100644 --- a/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/local/protocol/node.def +++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/protocol/node.def @@ -9,3 +9,9 @@ syntax:expression: exec "if [ -n \"`/opt/vyatta/sbin/vyatta-validate-type.pl pro echo invalid protocol \"$VAR(@)\" ; \ exit 1 ; \ fi ; " +# Provide some help for command completion. +allowed: + protos=`cat /etc/protocols | sed -e '/^#.*/d' | awk '{ print $1 }' | grep -v 'v6'` + protos="all $protos tcp_udp" + echo -n $protos + diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/remote/protocol/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/remote/protocol/node.def deleted file mode 100644 index 040a391..0000000 --- a/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/remote/protocol/node.def +++ /dev/null @@ -1,11 +0,0 @@ -type: txt - -help: Protocol to Encrypt - -val_help: txt ; IP protocol name from /etc/protocols (e.g. "gre" or "tcp") -val_help: u32:0-255 ; IP protocol number - -syntax:expression: exec "if [ -n \"`/opt/vyatta/sbin/vyatta-validate-type.pl protocol '$VAR(@)'`\" ]; then \ - echo invalid protocol \"$VAR(@)\" ; \ - exit 1 ; \ - fi ; " |