diff options
author | Christian Poessinger <christian@poessinger.com> | 2021-07-03 15:52:26 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2021-07-04 11:57:15 +0200 |
commit | b2bf1592189fb9298f2a68272418a132a73f37bf (patch) | |
tree | 20599766a0c4d23bc0defb1add6e28221669836a /interface-definitions | |
parent | ce3847239493d76bd0462e2a7b1f5cca41c57457 (diff) | |
download | vyos-1x-b2bf1592189fb9298f2a68272418a132a73f37bf.tar.gz vyos-1x-b2bf1592189fb9298f2a68272418a132a73f37bf.zip |
ipsec: T1210: T1251: IKEv2 road-warrior support
set vpn ipsec esp-group ESP-RW compression 'disable'
set vpn ipsec esp-group ESP-RW lifetime '3600'
set vpn ipsec esp-group ESP-RW pfs 'disable'
set vpn ipsec esp-group ESP-RW proposal 10 encryption 'aes256'
set vpn ipsec esp-group ESP-RW proposal 10 hash 'sha256'
set vpn ipsec esp-group ESP-RW proposal 20 encryption 'aes256'
set vpn ipsec esp-group ESP-RW proposal 20 hash 'sha1'
set vpn ipsec ike-group IKE-RW key-exchange 'ikev2'
set vpn ipsec ike-group IKE-RW lifetime '10800'
set vpn ipsec ike-group IKE-RW mobike 'enable'
set vpn ipsec ike-group IKE-RW proposal 10 dh-group '2'
set vpn ipsec ike-group IKE-RW proposal 10 encryption 'aes256'
set vpn ipsec ike-group IKE-RW proposal 10 hash 'sha1'
set vpn ipsec ike-group IKE-RW proposal 20 dh-group '2'
set vpn ipsec ike-group IKE-RW proposal 20 encryption 'aes128'
set vpn ipsec ike-group IKE-RW proposal 20 hash 'sha1'
set vpn ipsec ipsec-interfaces interface 'dum0'
set vpn ipsec remote-access rw authentication id 'vyos'
set vpn ipsec remote-access rw authentication local-users username vyos password vyos
set vpn ipsec remote-access rw authentication x509 ca-certificate 'peer_172-18-254-202'
set vpn ipsec remote-access rw authentication x509 certificate 'peer_172-18-254-202'
set vpn ipsec remote-access rw description 'asdf'
set vpn ipsec remote-access rw esp-group 'ESP-RW'
set vpn ipsec remote-access rw ike-group 'IKE-RW'
Diffstat (limited to 'interface-definitions')
-rw-r--r-- | interface-definitions/vpn_ipsec.xml.in | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in index ff60bb82f..ef3b05e29 100644 --- a/interface-definitions/vpn_ipsec.xml.in +++ b/interface-definitions/vpn_ipsec.xml.in @@ -705,6 +705,59 @@ #include <include/ipsec/ike-group.xml.i> </children> </tagNode> + <tagNode name="remote-access"> + <properties> + <help>Remote access IKEv2 VPN </help> + </properties> + <children> + <node name="authentication"> + <properties> + <help>Authentication for remote access</help> + </properties> + <children> + #include <include/ipsec/authentication-id.xml.i> + #include <include/ipsec/authentication-x509.xml.i> + <node name="local-users"> + <properties> + <help>Local user authentication for PPPoE server</help> + </properties> + <children> + <tagNode name="username"> + <properties> + <help>User name for authentication</help> + </properties> + <children> + #include <include/generic-disable-node.xml.i> + <leafNode name="password"> + <properties> + <help>Password for authentication</help> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> + #include <include/generic-description.xml.i> + #include <include/generic-disable-node.xml.i> + #include <include/ipsec/esp-group.xml.i> + #include <include/ipsec/ike-group.xml.i> + <leafNode name="timeout"> + <properties> + <help>Timeout to close connection if no data is transmitted</help> + <valueHelp> + <format>u32:10-86400</format> + <description>Timeout in seconds (default 28800)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 10-86400"/> + </constraint> + </properties> + <defaultValue>28800</defaultValue> + </leafNode> + </children> + </tagNode> <node name="site-to-site"> <properties> <help>Site-to-site VPN</help> |