summaryrefslogtreecommitdiff
path: root/templates/vpn
diff options
context:
space:
mode:
Diffstat (limited to 'templates/vpn')
-rw-r--r--templates/vpn/ipsec/site-to-site/peer/node.tag/vti/bind/node.def16
-rw-r--r--templates/vpn/ipsec/site-to-site/peer/node.tag/vti/disable/node.def1
-rw-r--r--templates/vpn/ipsec/site-to-site/peer/node.tag/vti/mark/node.def15
-rw-r--r--templates/vpn/node.def4
4 files changed, 2 insertions, 34 deletions
diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/bind/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/bind/node.def
index c8b2222..01bb112 100644
--- a/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/bind/node.def
+++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/bind/node.def
@@ -1,19 +1,3 @@
type: txt
help: VTI tunnel interface associated with this configuration [REQUIRED]
allowed: cli-shell-api listActiveNodes interfaces vti
-
-update:
- old_vti=`cli-shell-api returnActiveValue vpn ipsec site-to-site peer $VAR(../../@) vti bind`
- if [ ! -z "$old_vti" ] ; then
- if [ -d /sys/class/net/$old_vti ] ; then
- sudo ip tunnel del $old_vti
- fi
- fi
-
-delete:
- old_vti=`cli-shell-api returnActiveValue vpn ipsec site-to-site peer $VAR(../../@) vti bind`
- if [ ! -z "$old_vti" ] ; then
- if [ -d /sys/class/net/$old_vti ] ; then
- sudo ip tunnel del $old_vti
- fi
- fi
diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/disable/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/disable/node.def
deleted file mode 100644
index b797d44..0000000
--- a/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/disable/node.def
+++ /dev/null
@@ -1 +0,0 @@
-help: Option to disable vpn tunnel
diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/mark/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/mark/node.def
index 807ae5a..1d29970 100644
--- a/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/mark/node.def
+++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/mark/node.def
@@ -1,17 +1,2 @@
type: u32
help: Mark associated with the secure tunnel interface [REQUIRED]
-
-update:
- old_mark=`cli-shell-api returnActiveValue vpn ipsec site-to-site peer $VAR(../../@) vti mark`
- if [ ! -z "$old_mark" ] ; then
- sudo iptables -t mangle -D PREROUTING -s $VAR(../../@) -p esp -j MARK --set-mark $old_mark
- sudo iptables -t mangle -D PREROUTING -s $VAR(../../@) -p udp --dport 4500 -j MARK --set-mark $old_mark
- fi
- sudo iptables -t mangle -A PREROUTING -s $VAR(../../@) -p esp -j MARK --set-mark $VAR(@)
- sudo iptables -t mangle -A PREROUTING -s $VAR(../../@) -p udp --dport 4500 -j MARK --set-mark $VAR(@)
-
-delete:
- sudo iptables -t mangle -D PREROUTING -s $VAR(../../@) -p esp -j MARK --set-mark $VAR(@)
- sudo iptables -t mangle -D PREROUTING -s $VAR(../../@) -p udp --dport 4500 -j MARK --set-mark $VAR(@)
- # need a exit 0 because if there is no iptables entry then we want to keep the commit going.
- exit 0
diff --git a/templates/vpn/node.def b/templates/vpn/node.def
index 8adc512..a504791 100644
--- a/templates/vpn/node.def
+++ b/templates/vpn/node.def
@@ -1,9 +1,9 @@
priority: 900
help: Virtual Private Network (VPN)
-end:sudo /opt/vyatta/sbin/vpn-config.pl \
+end:sudo /opt/vyatta/sbin/vyatta-vti-config.pl || exit 1
+ sudo /opt/vyatta/sbin/vpn-config.pl \
--config_file='/etc/ipsec.conf' \
--secrets_file='/etc/ipsec.secrets' \
--init_script='/etc/init.d/ipsec' || exit 1
sudo /opt/vyatta/sbin/vyatta-update-l2tp.pl || exit 1
sudo /opt/vyatta/sbin/vyatta-update-pptp.pl || exit 1
- sudo /opt/vyatta/sbin/vyatta-vti-config.pl || exit 1
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 01:44:36 +0000