diff options
Diffstat (limited to 'templates/vpn/ipsec')
47 files changed, 145 insertions, 0 deletions
diff --git a/templates/vpn/ipsec/copy-tos/node.def b/templates/vpn/ipsec/copy-tos/node.def new file mode 100644 index 0000000..cf675c6 --- /dev/null +++ b/templates/vpn/ipsec/copy-tos/node.def @@ -0,0 +1,4 @@ +help: "copy TOS configuration" +type: txt +default: "disable" +syntax: $(@) in "enable", "disable"; "must be enable or disable" diff --git a/templates/vpn/ipsec/esp-group/node.def b/templates/vpn/ipsec/esp-group/node.def new file mode 100644 index 0000000..4aae745 --- /dev/null +++ b/templates/vpn/ipsec/esp-group/node.def @@ -0,0 +1,4 @@ +tag: +type: txt +help: "Encapsulating Security Payload configuration" +syntax: pattern $(@) "^[-_a-zA-Z0-9.]+$" ; "invalid ESP group name \"$(@)\"" diff --git a/templates/vpn/ipsec/esp-group/node.tag/compression/node.def b/templates/vpn/ipsec/esp-group/node.tag/compression/node.def new file mode 100644 index 0000000..81409ba --- /dev/null +++ b/templates/vpn/ipsec/esp-group/node.tag/compression/node.def @@ -0,0 +1,4 @@ +help: "ESP compression configuration" +type: txt +default: "disable" +syntax: $(@) in "enable", "disable"; "must be enable or disable" diff --git a/templates/vpn/ipsec/esp-group/node.tag/lifetime/node.def b/templates/vpn/ipsec/esp-group/node.tag/lifetime/node.def new file mode 100644 index 0000000..43bf9d3 --- /dev/null +++ b/templates/vpn/ipsec/esp-group/node.tag/lifetime/node.def @@ -0,0 +1,4 @@ +help: "ESP lifetime configuration" +type: u32 +default: 3600 +syntax: ($(@) >= 30 && $(@) <= 86400) ; "must be in the range 30 to 86400 seconds inclusive" diff --git a/templates/vpn/ipsec/esp-group/node.tag/mode/node.def b/templates/vpn/ipsec/esp-group/node.tag/mode/node.def new file mode 100644 index 0000000..e288d81 --- /dev/null +++ b/templates/vpn/ipsec/esp-group/node.tag/mode/node.def @@ -0,0 +1,4 @@ +help: "ESP mode configuration" +type: txt +default: "tunnel" +syntax: $(@) in "tunnel", "transport"; "must be tunnel or transport" diff --git a/templates/vpn/ipsec/esp-group/node.tag/node.tag/encryption/node.def b/templates/vpn/ipsec/esp-group/node.tag/node.tag/encryption/node.def new file mode 100644 index 0000000..66f7ebf --- /dev/null +++ b/templates/vpn/ipsec/esp-group/node.tag/node.tag/encryption/node.def @@ -0,0 +1,2 @@ +type: txt +default:"aes128" diff --git a/templates/vpn/ipsec/esp-group/node.tag/node.tag/hash/node.def b/templates/vpn/ipsec/esp-group/node.tag/node.tag/hash/node.def new file mode 100644 index 0000000..a4187e6 --- /dev/null +++ b/templates/vpn/ipsec/esp-group/node.tag/node.tag/hash/node.def @@ -0,0 +1,2 @@ +type: txt +default:"sha1" diff --git a/templates/vpn/ipsec/esp-group/node.tag/pfs/node.def b/templates/vpn/ipsec/esp-group/node.tag/pfs/node.def new file mode 100644 index 0000000..f180a61 --- /dev/null +++ b/templates/vpn/ipsec/esp-group/node.tag/pfs/node.def @@ -0,0 +1,4 @@ +help: "ESP PFS configuration" +type: txt +default: "enable" +syntax: $(@) in "enable", "disable"; "must be enable or disable" diff --git a/templates/vpn/ipsec/esp-group/node.tag/proposal/node.def b/templates/vpn/ipsec/esp-group/node.tag/proposal/node.def new file mode 100644 index 0000000..7fa4bdf --- /dev/null +++ b/templates/vpn/ipsec/esp-group/node.tag/proposal/node.def @@ -0,0 +1,4 @@ +tag: +type: u32 +help: "Configure a esp-group proposal" +syntax: ($(@) >= 1 && $(@) <= 65535) ; "must be in the range 1 to 65535 inclusive" diff --git a/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/encryption/node.def b/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/encryption/node.def new file mode 100644 index 0000000..f345008 --- /dev/null +++ b/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/encryption/node.def @@ -0,0 +1,4 @@ +help: "Set encryption" +type: txt +default: "aes128" +syntax: $(@) in "aes128", "aes256", "3des"; "must be aes128, or aes256, or 3des" diff --git a/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/hash/node.def b/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/hash/node.def new file mode 100644 index 0000000..7cdd3f4 --- /dev/null +++ b/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/hash/node.def @@ -0,0 +1,4 @@ +help: "Set hash algorithm" +type: txt +default: "sha1" +syntax: $(@) in "md5", "sha1"; "must be md5 or sha1" diff --git a/templates/vpn/ipsec/ike-group/node.def b/templates/vpn/ipsec/ike-group/node.def new file mode 100644 index 0000000..19dfb49 --- /dev/null +++ b/templates/vpn/ipsec/ike-group/node.def @@ -0,0 +1,4 @@ +tag: +type: txt +help: "Internet Key Exchange configuration" +syntax: pattern $(@) "^[-_a-zA-Z0-9.]+$" ; "invalid IKE group name \"$(@)\"" diff --git a/templates/vpn/ipsec/ike-group/node.tag/aggressive-mode/node.def b/templates/vpn/ipsec/ike-group/node.tag/aggressive-mode/node.def new file mode 100644 index 0000000..b462e61 --- /dev/null +++ b/templates/vpn/ipsec/ike-group/node.tag/aggressive-mode/node.def @@ -0,0 +1,4 @@ +help: "IKE aggressive-mode configuration" +type: txt +default: "disable" +syntax: $(@) in "enable", "disable"; "enable or disable" diff --git a/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/action/node.def b/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/action/node.def new file mode 100644 index 0000000..fbc1aef --- /dev/null +++ b/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/action/node.def @@ -0,0 +1,4 @@ +help: "Set keep-alive failure action" +type: txt +default: "hold" +syntax: $(@) in "hold", "clear", "restart"; "must be hold, or clear, or restart" diff --git a/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/interval/node.def b/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/interval/node.def new file mode 100644 index 0000000..241edf0 --- /dev/null +++ b/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/interval/node.def @@ -0,0 +1,4 @@ +help: "Set keep-alive interval" +type: u32 +default: 30 +syntax: ($(@) >= 15 && $(@) <= 86400) ; "must be in the range 15 to 86400 seconds inclusive" diff --git a/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/node.def b/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/node.def new file mode 100644 index 0000000..a326d23 --- /dev/null +++ b/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/node.def @@ -0,0 +1 @@ +help: "Configure DPD" diff --git a/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/timeout/node.def b/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/timeout/node.def new file mode 100644 index 0000000..8b46cbb --- /dev/null +++ b/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/timeout/node.def @@ -0,0 +1,4 @@ +help: "Set keep-alive timeout" +type: u32 +default: 120 +syntax: ($(@) >= 30 && $(@) <= 86400) ; "must be in the range 30 to 86400 seconds inclusive" diff --git a/templates/vpn/ipsec/ike-group/node.tag/lifetime/node.def b/templates/vpn/ipsec/ike-group/node.tag/lifetime/node.def new file mode 100644 index 0000000..2a1500a --- /dev/null +++ b/templates/vpn/ipsec/ike-group/node.tag/lifetime/node.def @@ -0,0 +1,4 @@ +help: "IKE lifetime configuration" +type: u32 +default: 28800 +syntax: ($(@) >= 30 && $(@) <= 86400) ; "must be in the range 30 to 86400 seconds inclusive" diff --git a/templates/vpn/ipsec/ike-group/node.tag/proposal/node.def b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.def new file mode 100644 index 0000000..b61a016 --- /dev/null +++ b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.def @@ -0,0 +1,4 @@ +tag: +help: "Configure a ike-group proposal" +type: u32 +syntax: ($(@) >= 1 && $(@) <= 65535) ; "must be in the range 1 to 65535 inclusive" diff --git a/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/dh-group/node.def b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/dh-group/node.def new file mode 100644 index 0000000..58c800b --- /dev/null +++ b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/dh-group/node.def @@ -0,0 +1,3 @@ +help: "Set Diffie-Hellman key exchange" +type: u32 +syntax: ($(@) == 2 || $(@) == 5); "must be 2 or 5" diff --git a/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/encryption/node.def b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/encryption/node.def new file mode 100644 index 0000000..f345008 --- /dev/null +++ b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/encryption/node.def @@ -0,0 +1,4 @@ +help: "Set encryption" +type: txt +default: "aes128" +syntax: $(@) in "aes128", "aes256", "3des"; "must be aes128, or aes256, or 3des" diff --git a/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/hash/node.def b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/hash/node.def new file mode 100644 index 0000000..7cdd3f4 --- /dev/null +++ b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/hash/node.def @@ -0,0 +1,4 @@ +help: "Set hash algorithm" +type: txt +default: "sha1" +syntax: $(@) in "md5", "sha1"; "must be md5 or sha1" diff --git a/templates/vpn/ipsec/ipsec-interfaces/interface/node.def b/templates/vpn/ipsec/ipsec-interfaces/interface/node.def new file mode 100644 index 0000000..c1c8d56 --- /dev/null +++ b/templates/vpn/ipsec/ipsec-interfaces/interface/node.def @@ -0,0 +1,3 @@ +multi: +type: txt +help: "ipsec interfaces" diff --git a/templates/vpn/ipsec/ipsec-interfaces/node.def b/templates/vpn/ipsec/ipsec-interfaces/node.def new file mode 100644 index 0000000..2fc83b8 --- /dev/null +++ b/templates/vpn/ipsec/ipsec-interfaces/node.def @@ -0,0 +1 @@ +help: "VPN interface configuration" diff --git a/templates/vpn/ipsec/logging/facility/node.def b/templates/vpn/ipsec/logging/facility/node.def new file mode 100644 index 0000000..7b12da1 --- /dev/null +++ b/templates/vpn/ipsec/logging/facility/node.def @@ -0,0 +1,6 @@ +type:txt +syntax: $(@)in "daemon", "local0", "local1", "local2", "local3",\ + "local4", "local5", "local6", "local7" ;"Value \"$(@)\" not in the list: daemon, local0, local1, local2, local3,\ + local4, local5, local6, local7" +help:"IKE lifetime configuration" + diff --git a/templates/vpn/ipsec/logging/level/node.def b/templates/vpn/ipsec/logging/level/node.def new file mode 100644 index 0000000..287d9cc --- /dev/null +++ b/templates/vpn/ipsec/logging/level/node.def @@ -0,0 +1,3 @@ +help: "Set log level" +type:txt +syntax: $(@) in "alert", "crit", "debug", "emerg", "err", "info", "notice", "warning"; "must be one of the following: crit, debug, emerg, err, info, notice, warning" diff --git a/templates/vpn/ipsec/logging/log-modes/node.def b/templates/vpn/ipsec/logging/log-modes/node.def new file mode 100644 index 0000000..4b89387 --- /dev/null +++ b/templates/vpn/ipsec/logging/log-modes/node.def @@ -0,0 +1,4 @@ +multi: +help: "Set log mode" +type:txt +syntax: $(@) in "raw", "crypt", "parsing", "emitting", "control", "all", "private"; "must be one of the following: raw, crypt, parsing, emitting, control, all, private" diff --git a/templates/vpn/ipsec/logging/node.def b/templates/vpn/ipsec/logging/node.def new file mode 100644 index 0000000..1ca0fd3 --- /dev/null +++ b/templates/vpn/ipsec/logging/node.def @@ -0,0 +1 @@ +activate: "echo activating logging" diff --git a/templates/vpn/ipsec/nat-networks/allowed-network/node.def b/templates/vpn/ipsec/nat-networks/allowed-network/node.def new file mode 100644 index 0000000..3bc97e6 --- /dev/null +++ b/templates/vpn/ipsec/nat-networks/allowed-network/node.def @@ -0,0 +1,3 @@ +tag: +type: ipv4net +help: "NAT networks configuration" diff --git a/templates/vpn/ipsec/nat-networks/allowed-network/node.tag/exclude/node.def b/templates/vpn/ipsec/nat-networks/allowed-network/node.tag/exclude/node.def new file mode 100644 index 0000000..a20d924 --- /dev/null +++ b/templates/vpn/ipsec/nat-networks/allowed-network/node.tag/exclude/node.def @@ -0,0 +1,3 @@ +multi: +type: ipv4net +help: "NAT networks configuration" diff --git a/templates/vpn/ipsec/nat-networks/node.def b/templates/vpn/ipsec/nat-networks/node.def new file mode 100644 index 0000000..1d16a9c --- /dev/null +++ b/templates/vpn/ipsec/nat-networks/node.def @@ -0,0 +1 @@ +help: "NAT networks configuration" diff --git a/templates/vpn/ipsec/nat-traversal/node.def b/templates/vpn/ipsec/nat-traversal/node.def new file mode 100644 index 0000000..ec08aa6 --- /dev/null +++ b/templates/vpn/ipsec/nat-traversal/node.def @@ -0,0 +1,3 @@ +help: "NAT traversal configuration" +type: txt +syntax: $(@) in "enable", "disable"; "must be enable or disable" diff --git a/templates/vpn/ipsec/node.def b/templates/vpn/ipsec/node.def new file mode 100644 index 0000000..5e1bd73 --- /dev/null +++ b/templates/vpn/ipsec/node.def @@ -0,0 +1 @@ +help: "VPN IP security configuration" diff --git a/templates/vpn/ipsec/site-to-site/node.def b/templates/vpn/ipsec/site-to-site/node.def new file mode 100644 index 0000000..a36d2ae --- /dev/null +++ b/templates/vpn/ipsec/site-to-site/node.def @@ -0,0 +1 @@ +help: "Configure site to site VPN" diff --git a/templates/vpn/ipsec/site-to-site/peer/node.def b/templates/vpn/ipsec/site-to-site/peer/node.def new file mode 100644 index 0000000..ae179bd --- /dev/null +++ b/templates/vpn/ipsec/site-to-site/peer/node.def @@ -0,0 +1,3 @@ +tag: +type: ipv4 +help: "Configure VPN peers" diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/mode/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/mode/node.def new file mode 100644 index 0000000..5412926 --- /dev/null +++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/mode/node.def @@ -0,0 +1,4 @@ +help: "Configure authentication mode" +type: txt +default: "pre-shared-secret" +syntax: $(@) in "pre-shared-secret", "rsa"; "must be pre-shared-secret or rsa" diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/node.def new file mode 100644 index 0000000..78540d6 --- /dev/null +++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/node.def @@ -0,0 +1 @@ +help: "Configure peer authentication" diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/pre-shared-secret/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/pre-shared-secret/node.def new file mode 100644 index 0000000..db096e4 --- /dev/null +++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/pre-shared-secret/node.def @@ -0,0 +1,3 @@ +help: "Set pre-shared secret key" +type: txt +syntax: pattern $(@) "^[-_a-zA-Z0-9.]+$" ; "invalid pre-shared secret key \"$(@)\"" diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/rsa-key-name/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/rsa-key-name/node.def new file mode 100644 index 0000000..c048fe8 --- /dev/null +++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/rsa-key-name/node.def @@ -0,0 +1,3 @@ +help: "Set RSA key name" +type: txt +syntax: pattern $(@) "^[-_a-zA-Z0-9.]+$" ; "invalid RSA key name \"$(@)\"" diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/ike-group/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/ike-group/node.def new file mode 100644 index 0000000..d70c5ca --- /dev/null +++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/ike-group/node.def @@ -0,0 +1,2 @@ +help: "Set IKE group name" +type: txt diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/local-ip/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/local-ip/node.def new file mode 100644 index 0000000..967cf73 --- /dev/null +++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/local-ip/node.def @@ -0,0 +1,2 @@ +help: "Set local interface address" +type: ipv4 diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.def new file mode 100644 index 0000000..943122f --- /dev/null +++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.def @@ -0,0 +1,3 @@ +tag: +type: u32 +help: "Configure peer tunnel" diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/allow-nat-networks/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/allow-nat-networks/node.def new file mode 100644 index 0000000..b8e6454 --- /dev/null +++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/allow-nat-networks/node.def @@ -0,0 +1,4 @@ +help: "Set NAT networks" +type: txt +default: "disable" +syntax: $(@) in "enable", "disable"; "must be enable or disable" diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/allow-public-networks/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/allow-public-networks/node.def new file mode 100644 index 0000000..7c18e68 --- /dev/null +++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/allow-public-networks/node.def @@ -0,0 +1,4 @@ +help: "Set public networks" +type: txt +default: "disable" +syntax: $(@) in "enable", "disable"; "must be enable or disable" diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/esp-group/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/esp-group/node.def new file mode 100644 index 0000000..478139e --- /dev/null +++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/esp-group/node.def @@ -0,0 +1,2 @@ +help: "Set ESP group name" +type: txt diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/local-subnet/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/local-subnet/node.def new file mode 100644 index 0000000..3e9d176 --- /dev/null +++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/local-subnet/node.def @@ -0,0 +1,2 @@ +help: "Set local subnet" +type: ipv4net diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/remote-subnet/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/remote-subnet/node.def new file mode 100644 index 0000000..b3653e7 --- /dev/null +++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/remote-subnet/node.def @@ -0,0 +1,2 @@ +help: "Set remote subnet" +type: ipv4net |