summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-07-06 12:21:46 +0200
committerGitHub <noreply@github.com>2021-07-06 12:21:46 +0200
commit511253635a9b67396788d24bacafd237594e0e12 (patch)
tree32a97fa2f6bf334f22d6a7e255f438af2777e3a8 /interface-definitions
parent50b8d38abdb1525243a78896eff784744cfd5c44 (diff)
parenta5cd877a0a4a43644a6d91e6b95fe938b9b2726b (diff)
downloadvyos-1x-511253635a9b67396788d24bacafd237594e0e12.tar.gz
vyos-1x-511253635a9b67396788d24bacafd237594e0e12.zip
Merge pull request #911 from sarthurdev/pki_san
pki: ipsec: T3642: T1210: T2816: Add SANs to generated certificates, more IPSec remote-access features and fixes
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/ipsec-settings.xml.in25
-rw-r--r--interface-definitions/vpn_ipsec.xml.in82
2 files changed, 82 insertions, 25 deletions
diff --git a/interface-definitions/ipsec-settings.xml.in b/interface-definitions/ipsec-settings.xml.in
deleted file mode 100644
index 0bcba9a84..000000000
--- a/interface-definitions/ipsec-settings.xml.in
+++ /dev/null
@@ -1,25 +0,0 @@
-<?xml version="1.0"?>
-<interfaceDefinition>
- <node name="vpn">
- <children>
- <node name="ipsec">
- <children>
- <node name="options" owner="${vyos_conf_scripts_dir}/ipsec-settings.py">
- <properties>
- <help>Global IPsec settings</help>
- <priority>902</priority>
- </properties>
- <children>
- <leafNode name="disable-route-autoinstall">
- <properties>
- <valueless/>
- <help>Do not automatically install routes to remote networks</help>
- </properties>
- </leafNode>
- </children>
- </node>
- </children>
- </node>
- </children>
- </node>
-</interfaceDefinition>
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in
index f6b18d1d5..4425ab02a 100644
--- a/interface-definitions/vpn_ipsec.xml.in
+++ b/interface-definitions/vpn_ipsec.xml.in
@@ -648,6 +648,37 @@
<valueless/>
</properties>
</leafNode>
+ <node name="remote-access">
+ <properties>
+ <help>remote-access global options</help>
+ </properties>
+ <children>
+ <node name="dhcp-pool">
+ <properties>
+ <help>DHCP pool options for remote-access</help>
+ </properties>
+ <children>
+ <leafNode name="interface">
+ <properties>
+ <help>Interface with DHCP server to use</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_interfaces.py</script>
+ </completionHelp>
+ </properties>
+ </leafNode>
+ <leafNode name="server">
+ <properties>
+ <help>DHCP server address</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 address of the DHCP server</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </node>
</children>
</node>
<tagNode name="profile">
@@ -720,6 +751,26 @@
<children>
#include <include/ipsec/authentication-id.xml.i>
#include <include/ipsec/authentication-x509.xml.i>
+ <leafNode name="client-mode">
+ <properties>
+ <help>Client authentication mode</help>
+ <completionHelp>
+ <list>eap-tls eap-mschapv2</list>
+ </completionHelp>
+ <valueHelp>
+ <format>eap-tls</format>
+ <description>EAP-TLS</description>
+ </valueHelp>
+ <valueHelp>
+ <format>eap-mschapv2</format>
+ <description>EAP-MSCHAPv2</description>
+ </valueHelp>
+ <constraint>
+ <regex>^(eap-tls|eap-mschapv2)$</regex>
+ </constraint>
+ </properties>
+ <defaultValue>eap-mschapv2</defaultValue>
+ </leafNode>
<node name="local-users">
<properties>
<help>Local user authentication for PPPoE server</help>
@@ -740,6 +791,31 @@
</tagNode>
</children>
</node>
+ <leafNode name="server-mode">
+ <properties>
+ <help>Server authentication mode</help>
+ <completionHelp>
+ <list>pre-shared-secret x509</list>
+ </completionHelp>
+ <valueHelp>
+ <format>pre-shared-secret</format>
+ <description>pre-shared-secret_description</description>
+ </valueHelp>
+ <valueHelp>
+ <format>x509</format>
+ <description>x509_description</description>
+ </valueHelp>
+ <constraint>
+ <regex>^(pre-shared-secret|x509)$</regex>
+ </constraint>
+ </properties>
+ <defaultValue>x509</defaultValue>
+ </leafNode>
+ <leafNode name="pre-shared-secret">
+ <properties>
+ <help>Pre-shared-secret used for server authentication</help>
+ </properties>
+ </leafNode>
</children>
</node>
#include <include/generic-description.xml.i>
@@ -753,6 +829,12 @@
<help>IP address pool for remote-access users</help>
</properties>
<children>
+ <leafNode name="dhcp-enable">
+ <properties>
+ <help>Enable DHCP pool for clients on this connection</help>
+ <valueless/>
+ </properties>
+ </leafNode>
<leafNode name="exclude">
<properties>
<help>Local IPv4 or IPv6 pool prefix exclusions</help>