diff options
Diffstat (limited to 'templates/vpn/ipsec/esp-group')
3 files changed, 78 insertions, 14 deletions
diff --git a/templates/vpn/ipsec/esp-group/node.tag/pfs/node.def b/templates/vpn/ipsec/esp-group/node.tag/pfs/node.def index 59a46ec..09f1a17 100644 --- a/templates/vpn/ipsec/esp-group/node.tag/pfs/node.def +++ b/templates/vpn/ipsec/esp-group/node.tag/pfs/node.def @@ -1,8 +1,9 @@ help: ESP Perfect Forward Secrecy type: txt default: "enable" -syntax:expression: $VAR(@) in "enable", "disable", "dh-group2", "dh-group5", "dh-group14", "dh-group15", "dh-group16", "dh-group17", "dh-group18", "dh-group19", "dh-group20", "dh-group21", "dh-group22", "dh-group23", "dh-group24", "dh-group25", "dh-group26"; "must be enable, disable, dh-group2, dh-group5, dh-group14, dh-group15, dh-group16, dh-group17, dh-group18, dh-group19, dh-group20, dh-group21, dh-group22, dh-group23, dh-group24, dh-group25 or dh-group26" +syntax:expression: $VAR(@) in "enable", "dh-group1", "dh-group2", "dh-group5", "dh-group14", "dh-group15", "dh-group16", "dh-group17", "dh-group18", "dh-group19", "dh-group20", "dh-group21", "dh-group22", "dh-group23", "dh-group24", "dh-group25", "dh-group26", "dh-group27", "dh-group28", "dh-group29", "dh-group30", "dh-group31", "dh-group32"; "Wrong PFS group settings" val_help: enable; Enable PFS. Use ike-group's dh-group (default) +val_help: dh-group1; Enable PFS. Use Diffie-Hellman group 1 (modp768) val_help: dh-group2; Enable PFS. Use Diffie-Hellman group 2 (modp1024) val_help: dh-group5; Enable PFS. Use Diffie-Hellman group 5 (modp1536) val_help: dh-group14; Enable PFS. Use Diffie-Hellman group 14 (modp2048) @@ -18,4 +19,10 @@ val_help: dh-group23; Enable PFS. Use Diffie-Hellman group 23 (modp2048s224) val_help: dh-group24; Enable PFS. Use Diffie-Hellman group 24 (modp2048s256) val_help: dh-group25; Enable PFS. Use Diffie-Hellman group 25 (ecp192) val_help: dh-group26; Enable PFS. Use Diffie-Hellman group 26 (ecp224) +val_help: dh-group27; Enable PFS. Use Diffie-Hellman group 27 (ecp224bp) +val_help: dh-group28; Enable PFS. Use Diffie-Hellman group 28 (ecp256bp) +val_help: dh-group29; Enable PFS. Use Diffie-Hellman group 29 (ecp384bp) +val_help: dh-group30; Enable PFS. Use Diffie-Hellman group 30 (ecp512bp) +val_help: dh-group31; Enable PFS. Use Diffie-Hellman group 31 (curve25519) +val_help: dh-group32; Enable PFS. Use Diffie-Hellman group 32 (curve448) val_help: disable; Disable PFS diff --git a/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/encryption/node.def b/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/encryption/node.def index ba66828..0e61761 100644 --- a/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/encryption/node.def +++ b/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/encryption/node.def @@ -1,10 +1,59 @@ help: Encryption algorithm type: txt default: "aes128" -syntax:expression: $VAR(@) in "aes128", "aes256", "aes128gcm128", "aes256gcm128", "3des", "chacha20poly1305"; "must be aes128, aes256, 3des, or chacha20poly1305" -val_help: aes128; AES-128 encryption (default) -val_help: aes256; AES-256 encryption -val_help: aes128gcm128; AES-128 encryption with Galois Counter Mode 128-bit -val_help: aes256gcm128; AES-256 encryption with Galois Counter Mode 128-bit -val_help: 3des; 3DES encryption -val_help: chacha20poly1305; ChaCha20-Poly1305 encryption +syntax:expression: $VAR(@) in "null", "aes128", "aes192", "aes256", "aes128ctr", "aes192ctr", "aes256ctr", "aes128ccm64", "aes192ccm64", "aes256ccm64", "aes128ccm96", "aes192ccm96", "aes256ccm96", "aes128ccm128", "aes192ccm128", "aes256ccm128", "aes128gcm64", "aes192gcm64", "aes256gcm64", "aes128gcm96", "aes192gcm96", "aes256gcm96", "aes128gcm128", "aes192gcm128", "aes256gcm128", "aes128gmac", "aes192gmac", "aes256gmac", "3des", "blowfish128", "blowfish192", "blowfish256", "camellia128", "camellia192", "camellia256", "camellia128ctr", "camellia192ctr", "camellia256ctr", "camellia128ccm64", "camellia192ccm64", "camellia256ccm64", "camellia128ccm96", "camellia192ccm96", "camellia256ccm96", "camellia128ccm128", "camellia192ccm128", "camellia256ccm128", "serpent128", "serpent192", "serpent256", "twofish128", "twofish192", "twofish256", "cast128", "chacha20poly1305"; "Wrong encryption algorithm" +val_help: null; Null encryption +val_help: aes128; 128 bit AES-CBC (default) +val_help: aes192; 192 bit AES-CBC +val_help: aes256; 256 bit AES-CBC +val_help: aes128ctr; 128 bit AES-COUNTER +val_help: aes192ctr; 192 bit AES-COUNTER +val_help: aes256ctr; 256 bit AES-COUNTER +val_help: aes128ccm64; 128 bit AES-CCM with 64 bit ICV +val_help: aes192ccm64; 192 bit AES-CCM with 64 bit ICV +val_help: aes256ccm64; 256 bit AES-CCM with 64 bit ICV +val_help: aes128ccm96; 128 bit AES-CCM with 96 bit ICV +val_help: aes192ccm96; 192 bit AES-CCM with 96 bit ICV +val_help: aes256ccm96; 256 bit AES-CCM with 96 bit ICV +val_help: aes128ccm128; 128 bit AES-CCM with 128 bit ICV +val_help: aes192ccm128; 192 bit AES-CCM with 128 bit ICV +val_help: aes256ccm128; 256 bit AES-CCM with 128 bit ICV +val_help: aes128gcm64; 128 bit AES-GCM with 64 bit ICV +val_help: aes192gcm64; 192 bit AES-GCM with 64 bit ICV +val_help: aes256gcm64; 256 bit AES-GCM with 64 bit ICV +val_help: aes128gcm96; 128 bit AES-GCM with 96 bit ICV +val_help: aes192gcm96; 192 bit AES-GCM with 96 bit ICV +val_help: aes256gcm96; 256 bit AES-GCM with 96 bit ICV +val_help: aes128gcm128; 128 bit AES-GCM with 128 bit ICV +val_help: aes192gcm128; 192 bit AES-GCM with 128 bit ICV +val_help: aes256gcm128; 256 bit AES-GCM with 128 bit ICV +val_help: aes128gmac; Null encryption with 128 bit AES-GMAC +val_help: aes192gmac; Null encryption with 192 bit AES-GMAC +val_help: aes256gmac; Null encryption with 256 bit AES-GMAC +val_help: 3des; 168 bit 3DES-EDE-CBC +val_help: blowfish128; 128 bit Blowfish-CBC +val_help: blowfish192; 192 bit Blowfish-CBC +val_help: blowfish256; 256 bit Blowfish-CBC +val_help: camellia128; 128 bit Camellia-CBC +val_help: camellia192; 192 bit Camellia-CBC +val_help: camellia256; 256 bit Camellia-CBC +val_help: camellia128ctr; 128 bit Camellia-COUNTER +val_help: camellia192ctr; 192 bit Camellia-COUNTER +val_help: camellia256ctr; 256 bit Camellia-COUNTER +val_help: camellia128ccm64; 128 bit Camellia-CCM with 64 bit ICV +val_help: camellia192ccm64; 192 bit Camellia-CCM with 64 bit ICV +val_help: camellia256ccm64; 256 bit Camellia-CCM with 64 bit ICV +val_help: camellia128ccm96; 128 bit Camellia-CCM with 96 bit ICV +val_help: camellia192ccm96; 192 bit Camellia-CCM with 96 bit ICV +val_help: camellia256ccm96; 256 bit Camellia-CCM with 96 bit ICV +val_help: camellia128ccm128; 128 bit Camellia-CCM with 128 bit ICV +val_help: camellia192ccm128; 192 bit Camellia-CCM with 128 bit ICV +val_help: camellia256ccm128; 256 bit Camellia-CCM with 128 bit ICV +val_help: serpent128; 128 bit Serpent-CBC +val_help: serpent192; 192 bit Serpent-CBC +val_help: serpent256; 256 bit Serpent-CBC +val_help: twofish128; 128 bit Twofish-CBC +val_help: twofish192; 192 bit Twofish-CBC +val_help: twofish256; 256 bit Twofish-CBC +val_help: cast128; 128 bit CAST-CBC +val_help: chacha20poly1305; 256 bit ChaCha20/Poly1305 with 128 bit ICV diff --git a/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/hash/node.def b/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/hash/node.def index 7d5651c..704e4e7 100644 --- a/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/hash/node.def +++ b/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/hash/node.def @@ -1,9 +1,17 @@ help: Hash algorithm type: txt default: "sha1" -syntax:expression: $VAR(@) in "md5", "sha1", "sha256", "sha384", "sha512"; "must be md5, sha1, sha256, sha384 or sha512" -val_help: md5; MD5 hash -val_help: sha1; SHA1 hash (default) -val_help: sha256; SHA2-256 hash -val_help: sha384; SHA2-384 hash -val_help: sha512; SHA2-512 hash +syntax:expression: $VAR(@) in "md5", "md5_128", "sha1", "sha1_160", "sha256", "sha256_96", "sha384", "sha512", "aesxcbc", "aescmac", "aes128gmac", "aes192gmac", "aes256gmac"; "Wrong hash algorithm" +val_help: md5; MD5 HMAC +val_help: md5_128; MD5_128 HMAC +val_help: sha1; SHA1 HMAC (default) +val_help: sha1_160; SHA1_160 HMAC +val_help: sha256; SHA2_256_128 HMAC +val_help: sha256_96; SHA2_256_96 HMAC +val_help: sha384; SHA2_384_192 HMAC +val_help: sha512; SHA2_512_256 HMAC +val_help: aesxcbc; AES XCBC +val_help: aescmac; AES CMAC +val_help: aes128gmac; 128-bit AES-GMAC +val_help: aes192gmac; 192-bit AES-GMAC +val_help: aes256gmac; 256-bit AES-GMAC |