diff options
| author | Viacheslav Hletenko <v.gletenko@vyos.io> | 2025-04-12 08:45:16 +0000 |
|---|---|---|
| committer | Viacheslav <v.gletenko@vyos.io> | 2025-04-17 09:45:46 +0000 |
| commit | 41ba7fc5c7edbaca6ff149818aa5689b3ac3c097 (patch) | |
| tree | 7ef04ef4fa4632bdae0555f902734eddd1f08e37 /interface-definitions | |
| parent | d1e8dbd33ad84999ea4feea075d723068628ab1d (diff) | |
| download | vyos-1x-41ba7fc5c7edbaca6ff149818aa5689b3ac3c097.tar.gz vyos-1x-41ba7fc5c7edbaca6ff149818aa5689b3ac3c097.zip | |
T7343: IPsec add traffic-selector handling for VTI interfaces
Allow to set traffic-selector for VTI interfaces
We can set several local and remote IPv4 and IPv6 prefixes
```
set vpn ipsec site-to-site peer P1 vti traffic-selector local prefix 0.0.0.0/0
set vpn ipsec site-to-site peer P1 vti traffic-selector local prefix :/0
set vpn ipsec site-to-site peer P1 vti traffic-selector remote prefix 192.0.2.0/24
```
Diffstat (limited to 'interface-definitions')
| -rw-r--r-- | interface-definitions/vpn_ipsec.xml.in | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in index 0cf526fad..873a4f882 100644 --- a/interface-definitions/vpn_ipsec.xml.in +++ b/interface-definitions/vpn_ipsec.xml.in @@ -1244,6 +1244,63 @@ <children> #include <include/ipsec/bind.xml.i> #include <include/ipsec/esp-group.xml.i> + <node name="traffic-selector"> + <properties> + <help>Traffic-selectors parameters</help> + </properties> + <children> + <node name="local"> + <properties> + <help>Local parameters for interesting traffic</help> + </properties> + <children> + <leafNode name="prefix"> + <properties> + <help>Local IPv4 or IPv6 prefix</help> + <valueHelp> + <format>ipv4net</format> + <description>Local IPv4 prefix</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>Local IPv6 prefix</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + <validator name="ipv6-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </node> + <node name="remote"> + <properties> + <help>Remote parameters for interesting traffic</help> + </properties> + <children> + <leafNode name="prefix"> + <properties> + <help>Remote IPv4 or IPv6 prefix</help> + <valueHelp> + <format>ipv4net</format> + <description>Remote IPv4 prefix</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>Remote IPv6 prefix</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + <validator name="ipv6-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> </children> </node> </children> |