Merge pull request #911 from sarthurdev/pki_san

pki: ipsec: T3642: T1210: T2816: Add SANs to generated certificates, more IPSec remote-access features and fixes
author: Christian Poessinger <christian@poessinger.com> 2021-07-06 12:21:46 +0200
committer: GitHub <noreply@github.com> 2021-07-06 12:21:46 +0200
commit: 511253635a9b67396788d24bacafd237594e0e12 (patch)
tree: 32a97fa2f6bf334f22d6a7e255f438af2777e3a8 /interface-definitions
parent: 50b8d38abdb1525243a78896eff784744cfd5c44 (diff)
parent: a5cd877a0a4a43644a6d91e6b95fe938b9b2726b (diff)
download: vyos-1x-511253635a9b67396788d24bacafd237594e0e12.tar.gz
vyos-1x-511253635a9b67396788d24bacafd237594e0e12.zip
2 files changed, 82 insertions, 25 deletions
diff --git a/interface-definitions/ipsec-settings.xml.in b/interface-definitions/ipsec-settings.xml.in
deleted file mode 100644
index 0bcba9a84..000000000
--- a/interface-definitions/ipsec-settings.xml.in
+++ /dev/null
@@ -1,25 +0,0 @@
-<?xml version="1.0"?>
-<interfaceDefinition>
-  <node name="vpn">
-    <children>
-      <node name="ipsec">
-        <children>
-          <node name="options" owner="${vyos_conf_scripts_dir}/ipsec-settings.py">
-            <properties>
-              <help>Global IPsec settings</help>
-              <priority>902</priority>
-            </properties>
-            <children>
-              <leafNode name="disable-route-autoinstall">
-                <properties>
-                  <valueless/>
-                  <help>Do not automatically install routes to remote networks</help>
-                </properties>
-              </leafNode>
-            </children>
-          </node>
-        </children>
-      </node>
-    </children>
-  </node>
-</interfaceDefinition>
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in
index f6b18d1d5..4425ab02a 100644
--- a/interface-definitions/vpn_ipsec.xml.in
+++ b/interface-definitions/vpn_ipsec.xml.in
@@ -648,6 +648,37 @@
                   <valueless/>
                 </properties>
               </leafNode>
+              <node name="remote-access">
+                <properties>
+                  <help>remote-access global options</help>
+                </properties>
+                <children>
+                  <node name="dhcp-pool">
+                    <properties>
+                      <help>DHCP pool options for remote-access</help>
+                    </properties>
+                    <children>
+                      <leafNode name="interface">
+                        <properties>
+                          <help>Interface with DHCP server to use</help>
+                          <completionHelp>
+                            <script>${vyos_completion_dir}/list_interfaces.py</script>
+                          </completionHelp>
+                        </properties>
+                      </leafNode>
+                      <leafNode name="server">
+                        <properties>
+                          <help>DHCP server address</help>
+                          <valueHelp>
+                            <format>ipv4</format>
+                            <description>IPv4 address of the DHCP server</description>
+                          </valueHelp>
+                        </properties>
+                      </leafNode>
+                    </children>
+                  </node>
+                </children>
+              </node>
             </children>
           </node>
           <tagNode name="profile">
@@ -720,6 +751,26 @@
                 <children>
                   #include <include/ipsec/authentication-id.xml.i>
                   #include <include/ipsec/authentication-x509.xml.i>
+                  <leafNode name="client-mode">
+                    <properties>
+                      <help>Client authentication mode</help>
+                      <completionHelp>
+                        <list>eap-tls eap-mschapv2</list>
+                      </completionHelp>
+                      <valueHelp>
+                        <format>eap-tls</format>
+                        <description>EAP-TLS</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>eap-mschapv2</format>
+                        <description>EAP-MSCHAPv2</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>^(eap-tls|eap-mschapv2)$</regex>
+                      </constraint>
+                    </properties>
+                    <defaultValue>eap-mschapv2</defaultValue>
+                  </leafNode>
                   <node name="local-users">
                     <properties>
                       <help>Local user authentication for PPPoE server</help>
@@ -740,6 +791,31 @@
                       </tagNode>
                     </children>
                   </node>
+                  <leafNode name="server-mode">
+                    <properties>
+                      <help>Server authentication mode</help>
+                      <completionHelp>
+                        <list>pre-shared-secret x509</list>
+                      </completionHelp>
+                      <valueHelp>
+                        <format>pre-shared-secret</format>
+                        <description>pre-shared-secret_description</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>x509</format>
+                        <description>x509_description</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>^(pre-shared-secret|x509)$</regex>
+                      </constraint>
+                    </properties>
+                    <defaultValue>x509</defaultValue>
+                  </leafNode>
+                  <leafNode name="pre-shared-secret">
+                    <properties>
+                      <help>Pre-shared-secret used for server authentication</help>
+                    </properties>
+                  </leafNode>
                 </children>
               </node>
               #include <include/generic-description.xml.i>
@@ -753,6 +829,12 @@
                   <help>IP address pool for remote-access users</help>
                 </properties>
                 <children>
+                  <leafNode name="dhcp-enable">
+                    <properties>
+                      <help>Enable DHCP pool for clients on this connection</help>
+                      <valueless/>
+                    </properties>
+                  </leafNode>
                   <leafNode name="exclude">
                     <properties>
                       <help>Local IPv4 or IPv6 pool prefix exclusions</help>
author	Christian Poessinger <christian@poessinger.com>	2021-07-06 12:21:46 +0200
committer	GitHub <noreply@github.com>	2021-07-06 12:21:46 +0200
commit	511253635a9b67396788d24bacafd237594e0e12 (patch)
tree	32a97fa2f6bf334f22d6a7e255f438af2777e3a8 /interface-definitions
parent	50b8d38abdb1525243a78896eff784744cfd5c44 (diff)
parent	a5cd877a0a4a43644a6d91e6b95fe938b9b2726b (diff)
download	vyos-1x-511253635a9b67396788d24bacafd237594e0e12.tar.gz vyos-1x-511253635a9b67396788d24bacafd237594e0e12.zip