summaryrefslogtreecommitdiff
path: root/templates/vpn/ipsec/site-to-site/peer
diff options
context:
space:
mode:
Diffstat (limited to 'templates/vpn/ipsec/site-to-site/peer')
-rw-r--r--templates/vpn/ipsec/site-to-site/peer/node.tag/vti/bind/node.def16
-rw-r--r--templates/vpn/ipsec/site-to-site/peer/node.tag/vti/disable/node.def1
-rw-r--r--templates/vpn/ipsec/site-to-site/peer/node.tag/vti/mark/node.def15
3 files changed, 0 insertions, 32 deletions
diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/bind/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/bind/node.def
index c8b2222..01bb112 100644
--- a/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/bind/node.def
+++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/bind/node.def
@@ -1,19 +1,3 @@
type: txt
help: VTI tunnel interface associated with this configuration [REQUIRED]
allowed: cli-shell-api listActiveNodes interfaces vti
-
-update:
- old_vti=`cli-shell-api returnActiveValue vpn ipsec site-to-site peer $VAR(../../@) vti bind`
- if [ ! -z "$old_vti" ] ; then
- if [ -d /sys/class/net/$old_vti ] ; then
- sudo ip tunnel del $old_vti
- fi
- fi
-
-delete:
- old_vti=`cli-shell-api returnActiveValue vpn ipsec site-to-site peer $VAR(../../@) vti bind`
- if [ ! -z "$old_vti" ] ; then
- if [ -d /sys/class/net/$old_vti ] ; then
- sudo ip tunnel del $old_vti
- fi
- fi
diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/disable/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/disable/node.def
deleted file mode 100644
index b797d44..0000000
--- a/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/disable/node.def
+++ /dev/null
@@ -1 +0,0 @@
-help: Option to disable vpn tunnel
diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/mark/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/mark/node.def
index 807ae5a..1d29970 100644
--- a/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/mark/node.def
+++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/mark/node.def
@@ -1,17 +1,2 @@
type: u32
help: Mark associated with the secure tunnel interface [REQUIRED]
-
-update:
- old_mark=`cli-shell-api returnActiveValue vpn ipsec site-to-site peer $VAR(../../@) vti mark`
- if [ ! -z "$old_mark" ] ; then
- sudo iptables -t mangle -D PREROUTING -s $VAR(../../@) -p esp -j MARK --set-mark $old_mark
- sudo iptables -t mangle -D PREROUTING -s $VAR(../../@) -p udp --dport 4500 -j MARK --set-mark $old_mark
- fi
- sudo iptables -t mangle -A PREROUTING -s $VAR(../../@) -p esp -j MARK --set-mark $VAR(@)
- sudo iptables -t mangle -A PREROUTING -s $VAR(../../@) -p udp --dport 4500 -j MARK --set-mark $VAR(@)
-
-delete:
- sudo iptables -t mangle -D PREROUTING -s $VAR(../../@) -p esp -j MARK --set-mark $VAR(@)
- sudo iptables -t mangle -D PREROUTING -s $VAR(../../@) -p udp --dport 4500 -j MARK --set-mark $VAR(@)
- # need a exit 0 because if there is no iptables entry then we want to keep the commit going.
- exit 0