summaryrefslogtreecommitdiff
path: root/interface-definitions/include/ipsec
diff options
context:
space:
mode:
authorViacheslav Hletenko <v.gletenko@vyos.io>2022-08-10 19:51:48 +0000
committerViacheslav Hletenko <v.gletenko@vyos.io>2022-09-16 11:53:41 +0000
commitbd4588827b563022ce5fb98b1345b787b9194176 (patch)
treefc63296fcb1a76dcfb9e964dac886dfd7e743d3f /interface-definitions/include/ipsec
parent7ae34b68649ef526c18e662d444465bf18a23939 (diff)
downloadvyos-1x-bd4588827b563022ce5fb98b1345b787b9194176.tar.gz
vyos-1x-bd4588827b563022ce5fb98b1345b787b9194176.zip
ipsec: T4118: Change vpn ipsec syntax for IKE ESP and peer
Migration and Change boolean nodes "enable/disable" to disable-xxxx, enable-xxxx and just xxx for VPN IPsec configurations - IKE changes: - replace 'ipsec ike-group <tag> mobike disable' => 'ipsec ike-group <tag> disable-mobike' - replace 'ipsec ike-group <tag> ikev2-reauth yes|no' => 'ipsec ike-group <tag> ikev2-reauth' - ESP changes: - replace 'ipsec esp-group <tag> compression enable' => 'ipsec esp-group <tag> compression' - PEER changes: - replace: 'peer <tag> id xxx' => 'peer <tag> local-id xxx' - replace: 'peer <tag> force-encapsulation enable' => 'peer <tag> force-udp-encapsulation' - add option: 'peer <tag> remote-address x.x.x.x' Add 'peer <name> remote-address <name>' via migration script
Diffstat (limited to 'interface-definitions/include/ipsec')
-rw-r--r--interface-definitions/include/ipsec/authentication-id.xml.i6
-rw-r--r--interface-definitions/include/ipsec/remote-address.xml.i30
2 files changed, 33 insertions, 3 deletions
diff --git a/interface-definitions/include/ipsec/authentication-id.xml.i b/interface-definitions/include/ipsec/authentication-id.xml.i
index 4967782ec..4e0b848c3 100644
--- a/interface-definitions/include/ipsec/authentication-id.xml.i
+++ b/interface-definitions/include/ipsec/authentication-id.xml.i
@@ -1,10 +1,10 @@
<!-- include start from ipsec/authentication-id.xml.i -->
-<leafNode name="id">
+<leafNode name="local-id">
<properties>
- <help>ID for peer authentication</help>
+ <help>Local ID for peer authentication</help>
<valueHelp>
<format>txt</format>
- <description>ID used for peer authentication</description>
+ <description>Local ID used for peer authentication</description>
</valueHelp>
</properties>
</leafNode>
diff --git a/interface-definitions/include/ipsec/remote-address.xml.i b/interface-definitions/include/ipsec/remote-address.xml.i
new file mode 100644
index 000000000..ba96290d0
--- /dev/null
+++ b/interface-definitions/include/ipsec/remote-address.xml.i
@@ -0,0 +1,30 @@
+<!-- include start from ipsec/remote-address.xml.i -->
+<leafNode name="remote-address">
+ <properties>
+ <help>IPv4 or IPv6 address of the remote peer</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 address of the remote peer</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 address of the remote peer</description>
+ </valueHelp>
+ <valueHelp>
+ <format>hostname</format>
+ <description>Fully qualified domain name of the remote peer</description>
+ </valueHelp>
+ <valueHelp>
+ <format>any</format>
+ <description>Allow any IP address of the remote peer</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ <validator name="ipv6-address"/>
+ <validator name="fqdn"/>
+ <regex>(any)</regex>
+ </constraint>
+ <multi/>
+ </properties>
+</leafNode>
+<!-- include end -->