summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
authorSimon <965089+sarthurdev@users.noreply.github.com>2021-05-28 16:35:12 +0200
committerGitHub <noreply@github.com>2021-05-28 16:35:12 +0200
commiteabc5f1c2e5bfe548cb3d62f2f85f8d61be29b92 (patch)
tree2efe4cf2ad2e0cb9b9f355dffa22707b26f785ef /interface-definitions
parentb0e1c8a9c9ef470297bf3c9f5059ad7c720c46ff (diff)
downloadvyos-1x-eabc5f1c2e5bfe548cb3d62f2f85f8d61be29b92.tar.gz
vyos-1x-eabc5f1c2e5bfe548cb3d62f2f85f8d61be29b92.zip
ipsec: T2816: IPSec python rework, includes DMVPN and VTI support
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/include/ip-protocol.xml.i17
-rw-r--r--interface-definitions/ipsec-settings.xml.in1
-rw-r--r--interface-definitions/vpn_ipsec.xml.in61
-rw-r--r--interface-definitions/vpn_rsa-keys.xml.in46
4 files changed, 99 insertions, 26 deletions
diff --git a/interface-definitions/include/ip-protocol.xml.i b/interface-definitions/include/ip-protocol.xml.i
new file mode 100644
index 000000000..ce9345024
--- /dev/null
+++ b/interface-definitions/include/ip-protocol.xml.i
@@ -0,0 +1,17 @@
+<!-- include start from ip-protocol.xml.i -->
+<leafNode name="protocol">
+ <properties>
+ <help>Protocol</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>Protocol name</description>
+ </valueHelp>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_protocols.sh</script>
+ </completionHelp>
+ <constraint>
+ <validator name="ip-protocol"/>
+ </constraint>
+ </properties>
+</leafNode>
+<!-- include end from ip-protocol.xml.i -->
diff --git a/interface-definitions/ipsec-settings.xml.in b/interface-definitions/ipsec-settings.xml.in
index bc54baa27..0bcba9a84 100644
--- a/interface-definitions/ipsec-settings.xml.in
+++ b/interface-definitions/ipsec-settings.xml.in
@@ -7,6 +7,7 @@
<node name="options" owner="${vyos_conf_scripts_dir}/ipsec-settings.py">
<properties>
<help>Global IPsec settings</help>
+ <priority>902</priority>
</properties>
<children>
<leafNode name="disable-route-autoinstall">
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in
index 426d7e71c..5bf0ef9ba 100644
--- a/interface-definitions/vpn_ipsec.xml.in
+++ b/interface-definitions/vpn_ipsec.xml.in
@@ -1,10 +1,15 @@
<?xml version="1.0"?>
<interfaceDefinition>
<node name="vpn">
+ <properties>
+ <help>Virtual Private Network (VPN)</help>
+ <priority>900</priority>
+ </properties>
<children>
- <node name="nipsec" owner="${vyos_conf_scripts_dir}/vpn_ipsec.py">
+ <node name="ipsec" owner="${vyos_conf_scripts_dir}/vpn_ipsec.py">
<properties>
<help>VPN IP security (IPsec) parameters</help>
+ <priority>901</priority>
</properties>
<children>
<leafNode name="auto-update">
@@ -296,7 +301,7 @@
</completionHelp>
<valueHelp>
<format>yes</format>
- <description>Enable remote host re-autentication during an IKE rekey. Currently broken due to a strong swan bug</description>
+ <description>Enable remote host re-authentication during an IKE rekey. Currently broken due to a strongswan bug</description>
</valueHelp>
<valueHelp>
<format>no</format>
@@ -386,6 +391,7 @@
</properties>
<children>
<leafNode name="dh-group">
+ <defaultValue>2</defaultValue>
<properties>
<help>dh-grouphelp</help>
<completionHelp>
@@ -621,7 +627,7 @@
</node>
<node name="nat-networks">
<properties>
- <help>Network Address Translation (NAT) networks</help>
+ <help>Network Address Translation (NAT) networks (Obsolete)</help>
</properties>
<children>
<tagNode name="allowed-network">
@@ -655,7 +661,7 @@
</node>
<leafNode name="nat-traversal">
<properties>
- <help>Network Address Translation (NAT) traversal</help>
+ <help>Network Address Translation (NAT) traversal (Obsolete)</help>
<completionHelp>
<list>disable enable</list>
</completionHelp>
@@ -695,19 +701,18 @@
<help>Authentication [REQUIRED]</help>
</properties>
<children>
- <node name="mode">
+ <leafNode name="mode">
<properties>
<help>Authentication mode</help>
+ <completionHelp>
+ <list>pre-shared-secret</list>
+ </completionHelp>
+ <valueHelp>
+ <format>pre-shared-secret</format>
+ <description>Use pre shared secret key</description>
+ </valueHelp>
</properties>
- <children>
- <leafNode name="pre-shared-secret">
- <properties>
- <help>Use pre-shared secret key</help>
- <valueless/>
- </properties>
- </leafNode>
- </children>
- </node>
+ </leafNode>
<leafNode name="pre-shared-secret">
<properties>
<help>Pre-shared secret key</help>
@@ -724,17 +729,21 @@
<help>DMVPN crypto configuration</help>
</properties>
<children>
- <leafNode name="bind_child">
+ <leafNode name="tunnel">
<properties>
- <help>bind_child_help</help>
- <valueless/>
+ <help>Tunnel interface associated with this configuration profile</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>Tunnel interface associated with this configuration profile</description>
+ </valueHelp>
+ <multi/>
</properties>
</leafNode>
</children>
</node>
<leafNode name="esp-group">
<properties>
- <help>Esp group name [REQUIRED]</help>
+ <help>ESP group name [REQUIRED]</help>
<completionHelp>
<path>vpn ipsec esp-group</path>
</completionHelp>
@@ -742,7 +751,7 @@
</leafNode>
<leafNode name="ike-group">
<properties>
- <help>Ike group name [REQUIRED]</help>
+ <help>IKE group name [REQUIRED]</help>
<completionHelp>
<path>vpn ipsec ike-group</path>
</completionHelp>
@@ -909,6 +918,9 @@
<leafNode name="default-esp-group">
<properties>
<help>Defult ESP group name</help>
+ <completionHelp>
+ <path>vpn ipsec esp-group</path>
+ </completionHelp>
</properties>
</leafNode>
<leafNode name="description">
@@ -920,7 +932,9 @@
<leafNode name="dhcp-interface">
<properties>
<help>DHCP interface to listen on</help>
- <valueless/>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_interfaces.py</script>
+ </completionHelp>
</properties>
</leafNode>
<leafNode name="force-encapsulation">
@@ -1091,12 +1105,7 @@
</leafNode>
</children>
</node>
- <leafNode name="protocol">
- <properties>
- <help>Protocol to encrypt</help>
- <valueless/>
- </properties>
- </leafNode>
+ #include <include/ip-protocol.xml.i>
<node name="remote">
<properties>
<help>Remote parameters for interesting traffic</help>
diff --git a/interface-definitions/vpn_rsa-keys.xml.in b/interface-definitions/vpn_rsa-keys.xml.in
new file mode 100644
index 000000000..f65ae4b5a
--- /dev/null
+++ b/interface-definitions/vpn_rsa-keys.xml.in
@@ -0,0 +1,46 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+ <node name="vpn">
+ <children>
+ <node name="rsa-keys" owner="${vyos_conf_scripts_dir}/vpn_rsa-keys.py">
+ <properties>
+ <help>RSA keys</help>
+ </properties>
+ <children>
+ <node name="local-key">
+ <properties>
+ <help>Local RSA key</help>
+ </properties>
+ <children>
+ <leafNode name="file">
+ <properties>
+ <help>Local RSA key file location</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>File in /config/auth or /config/ipsec.d/rsa-keys</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <tagNode name="rsa-key-name">
+ <properties>
+ <help>Name of remote RSA key</help>
+ </properties>
+ <children>
+ <leafNode name="rsa-key">
+ <properties>
+ <help>Remote RSA key</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>Remote RSA key</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </node>
+ </children>
+ </node>
+</interfaceDefinition>
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-23 18:36:25 +0000