summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-07-03 15:52:26 +0200
committerChristian Poessinger <christian@poessinger.com>2021-07-04 11:57:15 +0200
commitb2bf1592189fb9298f2a68272418a132a73f37bf (patch)
tree20599766a0c4d23bc0defb1add6e28221669836a /interface-definitions
parentce3847239493d76bd0462e2a7b1f5cca41c57457 (diff)
downloadvyos-1x-b2bf1592189fb9298f2a68272418a132a73f37bf.tar.gz
vyos-1x-b2bf1592189fb9298f2a68272418a132a73f37bf.zip
ipsec: T1210: T1251: IKEv2 road-warrior support
set vpn ipsec esp-group ESP-RW compression 'disable' set vpn ipsec esp-group ESP-RW lifetime '3600' set vpn ipsec esp-group ESP-RW pfs 'disable' set vpn ipsec esp-group ESP-RW proposal 10 encryption 'aes256' set vpn ipsec esp-group ESP-RW proposal 10 hash 'sha256' set vpn ipsec esp-group ESP-RW proposal 20 encryption 'aes256' set vpn ipsec esp-group ESP-RW proposal 20 hash 'sha1' set vpn ipsec ike-group IKE-RW key-exchange 'ikev2' set vpn ipsec ike-group IKE-RW lifetime '10800' set vpn ipsec ike-group IKE-RW mobike 'enable' set vpn ipsec ike-group IKE-RW proposal 10 dh-group '2' set vpn ipsec ike-group IKE-RW proposal 10 encryption 'aes256' set vpn ipsec ike-group IKE-RW proposal 10 hash 'sha1' set vpn ipsec ike-group IKE-RW proposal 20 dh-group '2' set vpn ipsec ike-group IKE-RW proposal 20 encryption 'aes128' set vpn ipsec ike-group IKE-RW proposal 20 hash 'sha1' set vpn ipsec ipsec-interfaces interface 'dum0' set vpn ipsec remote-access rw authentication id 'vyos' set vpn ipsec remote-access rw authentication local-users username vyos password vyos set vpn ipsec remote-access rw authentication x509 ca-certificate 'peer_172-18-254-202' set vpn ipsec remote-access rw authentication x509 certificate 'peer_172-18-254-202' set vpn ipsec remote-access rw description 'asdf' set vpn ipsec remote-access rw esp-group 'ESP-RW' set vpn ipsec remote-access rw ike-group 'IKE-RW'
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/vpn_ipsec.xml.in53
1 files changed, 53 insertions, 0 deletions
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in
index ff60bb82f..ef3b05e29 100644
--- a/interface-definitions/vpn_ipsec.xml.in
+++ b/interface-definitions/vpn_ipsec.xml.in
@@ -705,6 +705,59 @@
#include <include/ipsec/ike-group.xml.i>
</children>
</tagNode>
+ <tagNode name="remote-access">
+ <properties>
+ <help>Remote access IKEv2 VPN </help>
+ </properties>
+ <children>
+ <node name="authentication">
+ <properties>
+ <help>Authentication for remote access</help>
+ </properties>
+ <children>
+ #include <include/ipsec/authentication-id.xml.i>
+ #include <include/ipsec/authentication-x509.xml.i>
+ <node name="local-users">
+ <properties>
+ <help>Local user authentication for PPPoE server</help>
+ </properties>
+ <children>
+ <tagNode name="username">
+ <properties>
+ <help>User name for authentication</help>
+ </properties>
+ <children>
+ #include <include/generic-disable-node.xml.i>
+ <leafNode name="password">
+ <properties>
+ <help>Password for authentication</help>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ </children>
+ </node>
+ #include <include/generic-description.xml.i>
+ #include <include/generic-disable-node.xml.i>
+ #include <include/ipsec/esp-group.xml.i>
+ #include <include/ipsec/ike-group.xml.i>
+ <leafNode name="timeout">
+ <properties>
+ <help>Timeout to close connection if no data is transmitted</help>
+ <valueHelp>
+ <format>u32:10-86400</format>
+ <description>Timeout in seconds (default 28800)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 10-86400"/>
+ </constraint>
+ </properties>
+ <defaultValue>28800</defaultValue>
+ </leafNode>
+ </children>
+ </tagNode>
<node name="site-to-site">
<properties>
<help>Site-to-site VPN</help>