T5735: Stunnel CLI and configuration

Add CLI commands Add config Add conf_mode Add systemd config Add stunnel smoketests Add log level config
author: khramshinr <khramshinr@gmail.com> 2024-05-29 19:46:20 +0600
committer: khramshinr <khramshinr@gmail.com> 2024-06-24 20:16:31 +0600
commit: f6131611e15a644312e3c4baf5b8f6387c2930e7 (patch)
tree: b7b710ca5c9f5f44838f4f4b5b25ed97f70fa1b6 /interface-definitions/include
parent: c90a55375f6b60ba0d0d545b33927a2aae4d6aad (diff)
download: vyos-1x-f6131611e15a644312e3c4baf5b8f6387c2930e7.tar.gz
vyos-1x-f6131611e15a644312e3c4baf5b8f6387c2930e7.zip
15 files changed, 212 insertions, 0 deletions
diff --git a/interface-definitions/include/stunnel/address.xml.i b/interface-definitions/include/stunnel/address.xml.i
new file mode 100644
index 000000000..d2901d595
--- /dev/null
+++ b/interface-definitions/include/stunnel/address.xml.i
@@ -0,0 +1,20 @@
+<!-- include start from stunnel/address.xml.i -->
+<leafNode name="address">
+  <properties>
+    <help>Hostname or IP address</help>
+    <valueHelp>
+      <format>ipv4</format>
+      <description>IPv4 address</description>
+    </valueHelp>
+    <valueHelp>
+      <format>hostname</format>
+      <description>hostname</description>
+    </valueHelp>
+    <constraint>
+      <validator name="ip-address"/>
+      <validator name="fqdn"/>
+    </constraint>
+    <constraintErrorMessage>Invalid FQDN or IP address</constraintErrorMessage>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/stunnel/connect.xml.i b/interface-definitions/include/stunnel/connect.xml.i
new file mode 100644
index 000000000..cd6246a00
--- /dev/null
+++ b/interface-definitions/include/stunnel/connect.xml.i
@@ -0,0 +1,11 @@
+<!-- include start from stunnel/connect.xml.i -->
+<node name="connect">
+  <properties>
+    <help>Connect to a remote address</help>
+  </properties>
+  <children>
+    #include <include/stunnel/address.xml.i>
+    #include <include/port-number.xml.i>
+  </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/include/stunnel/listen.xml.i b/interface-definitions/include/stunnel/listen.xml.i
new file mode 100644
index 000000000..13d0986ee
--- /dev/null
+++ b/interface-definitions/include/stunnel/listen.xml.i
@@ -0,0 +1,11 @@
+<!-- include start from stunnel/listen.xml.i -->
+<node name="listen">
+  <properties>
+    <help>Accept connections on specified address</help>
+  </properties>
+  <children>
+    #include <include/stunnel/address.xml.i>
+    #include <include/port-number.xml.i>
+  </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/include/stunnel/protocol-options.xml.i b/interface-definitions/include/stunnel/protocol-options.xml.i
new file mode 100644
index 000000000..2f0202875
--- /dev/null
+++ b/interface-definitions/include/stunnel/protocol-options.xml.i
@@ -0,0 +1,75 @@
+<!-- include start from stunel/protocol-options.xml.i -->
+<node name="options">
+  <properties>
+    <help>Advanced protocol options</help>
+  </properties>
+  <children>
+    <leafNode name="authentication">
+      <properties>
+        <help>Authentication type for the protocol negotiations</help>
+          <completionHelp>
+            <list>basic ntlm plain login</list>
+          </completionHelp>
+          <valueHelp>
+            <format>basic</format>
+            <description>The default 'connect' authentication type</description>
+          </valueHelp>
+          <valueHelp>
+            <format>ntlm</format>
+            <description>Supported authentication types for the 'connect' protocol</description>
+          </valueHelp>
+          <valueHelp>
+            <format>plain</format>
+            <description>The default 'smtp' authentication type</description>
+          </valueHelp>
+          <valueHelp>
+            <format>login</format>
+            <description>Supported authentication types for the 'smtp' protocol</description>
+          </valueHelp>
+          <constraint>
+            <regex>(basic|ntlm|plain|login)</regex>
+          </constraint>
+      </properties>
+    </leafNode>
+    <leafNode name="domain">
+      <properties>
+        <help>Domain for the 'connect' protocol.</help>
+        <valueHelp>
+          <format>domain</format>
+          <description>domain</description>
+        </valueHelp>
+        <constraint>
+          <validator name="fqdn"/>
+        </constraint>
+      </properties>
+    </leafNode>
+    <node name="host">
+      <properties>
+        <help>Destination address for the 'connect' protocol</help>
+      </properties>
+      <children>
+        #include <include/stunnel/address.xml.i>
+        #include <include/port-number.xml.i>
+      </children>
+    </node>
+    <leafNode name="password">
+      <properties>
+        <help>Password for the protocol negotiations</help>
+        <valueHelp>
+          <format>txt</format>
+          <description>Authentication password</description>
+        </valueHelp>
+      </properties>
+    </leafNode>
+    <leafNode name="username">
+      <properties>
+        <help>Username for the protocol negotiations</help>
+        <valueHelp>
+          <format>txt</format>
+          <description>Authentication username</description>
+        </valueHelp>
+      </properties>
+    </leafNode>
+  </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/include/stunnel/protocol-value-cifs.xml.i b/interface-definitions/include/stunnel/protocol-value-cifs.xml.i
new file mode 100644
index 000000000..5b9484750
--- /dev/null
+++ b/interface-definitions/include/stunnel/protocol-value-cifs.xml.i
@@ -0,0 +1,6 @@
+<!-- include start from stunnel/protocol-value-cifs.xml.i -->
+<valueHelp>
+  <format>cifs</format>
+  <description>Proprietary (undocummented) extension of CIFS protocol</description>
+</valueHelp>
+<!-- include end -->
diff --git a/interface-definitions/include/stunnel/protocol-value-connect.xml.i b/interface-definitions/include/stunnel/protocol-value-connect.xml.i
new file mode 100644
index 000000000..3c30e71ca
--- /dev/null
+++ b/interface-definitions/include/stunnel/protocol-value-connect.xml.i
@@ -0,0 +1,6 @@
+<!-- include start from stunnel/protocol-value-connect.xml.i -->
+<valueHelp>
+  <format>connect</format>
+  <description>Based on RFC 2817 - Upgrading to TLS Within HTTP/1.1, section 5.2 - Requesting a Tunnel with CONNECT</description>
+</valueHelp>
+<!-- include end -->
diff --git a/interface-definitions/include/stunnel/protocol-value-imap.xml.i b/interface-definitions/include/stunnel/protocol-value-imap.xml.i
new file mode 100644
index 000000000..033e5479b
--- /dev/null
+++ b/interface-definitions/include/stunnel/protocol-value-imap.xml.i
@@ -0,0 +1,6 @@
+<!-- include start from stunnel/protocol-value-imap.xml.i -->
+<valueHelp>
+  <format>imap</format>
+  <description>Based on RFC 2595 - Using TLS with IMAP, POP3 and ACAP</description>
+</valueHelp>
+<!-- include end -->
diff --git a/interface-definitions/include/stunnel/protocol-value-nntp.xml.i b/interface-definitions/include/stunnel/protocol-value-nntp.xml.i
new file mode 100644
index 000000000..60a6c02c6
--- /dev/null
+++ b/interface-definitions/include/stunnel/protocol-value-nntp.xml.i
@@ -0,0 +1,6 @@
+<!-- include start from stunnel/protocol-value-nntp.xml.i -->
+<valueHelp>
+  <format>nntp</format>
+  <description>Based on RFC 4642 - Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP)</description>
+</valueHelp>
+<!-- include end -->
diff --git a/interface-definitions/include/stunnel/protocol-value-pgsql.xml.i b/interface-definitions/include/stunnel/protocol-value-pgsql.xml.i
new file mode 100644
index 000000000..fd3a166ec
--- /dev/null
+++ b/interface-definitions/include/stunnel/protocol-value-pgsql.xml.i
@@ -0,0 +1,6 @@
+<!-- include start from stunnel/protocol-value-pgsql.xml.i -->
+<valueHelp>
+  <format>pgsql</format>
+  <description>Based on PostgreSQL frontend/backend protocol</description>
+</valueHelp>
+<!-- include end -->
diff --git a/interface-definitions/include/stunnel/protocol-value-pop3.xml.i b/interface-definitions/include/stunnel/protocol-value-pop3.xml.i
new file mode 100644
index 000000000..1c8af53e5
--- /dev/null
+++ b/interface-definitions/include/stunnel/protocol-value-pop3.xml.i
@@ -0,0 +1,6 @@
+<!-- include start from stunnel/protocol-value-pop3.xml.i -->
+<valueHelp>
+  <format>pop3</format>
+  <description>Based on RFC 2449 - POP3 Extension Mechanism</description>
+</valueHelp>
+<!-- include end -->
diff --git a/interface-definitions/include/stunnel/protocol-value-proxy.xml.i b/interface-definitions/include/stunnel/protocol-value-proxy.xml.i
new file mode 100644
index 000000000..a4c20d1b0
--- /dev/null
+++ b/interface-definitions/include/stunnel/protocol-value-proxy.xml.i
@@ -0,0 +1,6 @@
+<!-- include start from stunnel/protocol-value-proxy.xml.i -->
+<valueHelp>
+  <format>proxy</format>
+  <description>Passing of the original client IP address with HAProxy PROXY protocol version 1</description>
+</valueHelp>
+<!-- include end -->
diff --git a/interface-definitions/include/stunnel/protocol-value-smtp.xml.i b/interface-definitions/include/stunnel/protocol-value-smtp.xml.i
new file mode 100644
index 000000000..66ca20426
--- /dev/null
+++ b/interface-definitions/include/stunnel/protocol-value-smtp.xml.i
@@ -0,0 +1,6 @@
+<!-- include start from stunnel/protocol-value-smtp.xml.i -->
+<valueHelp>
+  <format>smtp</format>
+  <description>Based on RFC 2487 - SMTP Service Extension for Secure SMTP over TLS</description>
+</valueHelp>
+<!-- include end -->
diff --git a/interface-definitions/include/stunnel/protocol-value-socks.xml.i b/interface-definitions/include/stunnel/protocol-value-socks.xml.i
new file mode 100644
index 000000000..e110be5db
--- /dev/null
+++ b/interface-definitions/include/stunnel/protocol-value-socks.xml.i
@@ -0,0 +1,6 @@
+<!-- include start from stunnel/protocol-value-socks.xml.i -->
+<valueHelp>
+  <format>socks</format>
+  <description>SOCKS versions 4, 4a, and 5 are supported</description>
+</valueHelp>
+<!-- include end -->
diff --git a/interface-definitions/include/stunnel/psk.xml.i b/interface-definitions/include/stunnel/psk.xml.i
new file mode 100644
index 000000000..db11a93d3
--- /dev/null
+++ b/interface-definitions/include/stunnel/psk.xml.i
@@ -0,0 +1,30 @@
+<!-- include start from stunnel/psk.xml.i -->
+<tagNode name="psk">
+  <properties>
+    <help>Pre-shared key name</help>
+  </properties>
+  <children>
+    <leafNode name="id">
+      <properties>
+        <help>ID for authentication</help>
+        <valueHelp>
+          <format>txt</format>
+          <description>ID used for authentication</description>
+        </valueHelp>
+      </properties>
+    </leafNode>
+    <leafNode name="secret">
+      <properties>
+        <help>pre-shared secret key</help>
+        <valueHelp>
+          <format>txt</format>
+          <description>pre-shared secret key are required to be at least 16 bytes long, which implies at least 32 characters for hexadecimal key</description>
+        </valueHelp>
+        <constraint>
+          <validator name="psk-secret"/>
+        </constraint>
+      </properties>
+    </leafNode>
+  </children>
+</tagNode>
+<!-- include end -->
diff --git a/interface-definitions/include/stunnel/ssl.xml.i b/interface-definitions/include/stunnel/ssl.xml.i
new file mode 100644
index 000000000..8aba299e9
--- /dev/null
+++ b/interface-definitions/include/stunnel/ssl.xml.i
@@ -0,0 +1,11 @@
+<!-- include start from stunnel/ssl.xml.i -->
+<node name="ssl">
+  <properties>
+    <help>SSL Certificate, SSL Key and CA</help>
+  </properties>
+  <children>
+    #include <include/pki/ca-certificate-multi.xml.i>
+    #include <include/pki/certificate.xml.i>
+  </children>
+</node>
+<!-- include end -->
author	khramshinr <khramshinr@gmail.com>	2024-05-29 19:46:20 +0600
committer	khramshinr <khramshinr@gmail.com>	2024-06-24 20:16:31 +0600
commit	f6131611e15a644312e3c4baf5b8f6387c2930e7 (patch)
tree	b7b710ca5c9f5f44838f4f4b5b25ed97f70fa1b6 /interface-definitions/include
parent	c90a55375f6b60ba0d0d545b33927a2aae4d6aad (diff)
download	vyos-1x-f6131611e15a644312e3c4baf5b8f6387c2930e7.tar.gz vyos-1x-f6131611e15a644312e3c4baf5b8f6387c2930e7.zip