summaryrefslogtreecommitdiff
path: root/interface-definitions/vpn-ipsec.xml.in
diff options
context:
space:
mode:
Diffstat (limited to 'interface-definitions/vpn-ipsec.xml.in')
-rw-r--r--interface-definitions/vpn-ipsec.xml.in93
1 files changed, 79 insertions, 14 deletions
diff --git a/interface-definitions/vpn-ipsec.xml.in b/interface-definitions/vpn-ipsec.xml.in
index 64966b540..64cfbda08 100644
--- a/interface-definitions/vpn-ipsec.xml.in
+++ b/interface-definitions/vpn-ipsec.xml.in
@@ -11,6 +11,40 @@
<priority>901</priority>
</properties>
<children>
+ <node name="authentication">
+ <properties>
+ <help>Authentication</help>
+ </properties>
+ <children>
+ <tagNode name="psk">
+ <properties>
+ <help>Pre-shared key name</help>
+ </properties>
+ <children>
+ #include <include/dhcp-interface-multi.xml.i>
+ <leafNode name="id">
+ <properties>
+ <help>ID for authentication</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>ID used for authentication</description>
+ </valueHelp>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="secret">
+ <properties>
+ <help>IKE pre-shared secret key</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>IKE pre-shared secret key</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ </children>
+ </node>
<leafNode name="disable-uniqreqids">
<properties>
<help>Disable requirement for unique IDs in the Security Database</help>
@@ -235,6 +269,7 @@
<regex>(none|hold|restart)</regex>
</constraint>
</properties>
+ <defaultValue>none</defaultValue>
</leafNode>
<node name="dead-peer-detection">
<properties>
@@ -263,6 +298,7 @@
<regex>(hold|clear|restart)</regex>
</constraint>
</properties>
+ <defaultValue>clear</defaultValue>
</leafNode>
<leafNode name="interval">
<properties>
@@ -321,11 +357,11 @@
<properties>
<help>IKE lifetime</help>
<valueHelp>
- <format>u32:30-86400</format>
+ <format>u32:0-86400</format>
<description>IKE lifetime in seconds</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 30-86400"/>
+ <validator name="numeric" argument="--range 0-86400"/>
</constraint>
</properties>
<defaultValue>28800</defaultValue>
@@ -465,22 +501,51 @@
</properties>
<defaultValue>2</defaultValue>
</leafNode>
+ <leafNode name="prf">
+ <properties>
+ <help>Pseudo-Random Functions</help>
+ <completionHelp>
+ <list>prfmd5 prfsha1 prfaesxcbc prfaescmac prfsha256 prfsha384 prfsha512</list>
+ </completionHelp>
+ <valueHelp>
+ <format>prfmd5</format>
+ <description>MD5 PRF</description>
+ </valueHelp>
+ <valueHelp>
+ <format>prfsha1</format>
+ <description>SHA1 PRF</description>
+ </valueHelp>
+ <valueHelp>
+ <format>prfaesxcbc</format>
+ <description>AES XCBC PRF</description>
+ </valueHelp>
+ <valueHelp>
+ <format>prfaescmac</format>
+ <description>AES CMAC PRF</description>
+ </valueHelp>
+ <valueHelp>
+ <format>prfsha256</format>
+ <description>SHA2_256 PRF</description>
+ </valueHelp>
+ <valueHelp>
+ <format>prfsha384</format>
+ <description>SHA2_384 PRF</description>
+ </valueHelp>
+ <valueHelp>
+ <format>prfsha512</format>
+ <description>SHA2_512 PRF</description>
+ </valueHelp>
+ <constraint>
+ <regex>(prfmd5|prfsha1|prfaesxcbc|prfaescmac|prfsha256|prfsha384|prfsha512)</regex>
+ </constraint>
+ </properties>
+ </leafNode>
#include <include/vpn-ipsec-encryption.xml.i>
#include <include/vpn-ipsec-hash.xml.i>
</children>
</tagNode>
</children>
</tagNode>
- <leafNode name="include-ipsec-conf">
- <properties>
- <help>Absolute path to specify a strongSwan config include file</help>
- </properties>
- </leafNode>
- <leafNode name="include-ipsec-secrets">
- <properties>
- <help>Absolute path to a strongSwan secrets include file</help>
- </properties>
- </leafNode>
#include <include/generic-interface-multi.xml.i>
<node name="log">
<properties>
@@ -884,7 +949,7 @@
#include <include/name-server-ipv4-ipv6.xml.i>
</children>
</tagNode>
- #include <include/radius-server-ipv4.xml.i>
+ #include <include/radius-auth-server-ipv4.xml.i>
<node name="radius">
<children>
#include <include/radius-nas-identifier.xml.i>
@@ -948,7 +1013,6 @@
</constraint>
</properties>
</leafNode>
- #include <include/ipsec/authentication-pre-shared-secret.xml.i>
<leafNode name="remote-id">
<properties>
<help>ID for remote authentication</help>
@@ -957,6 +1021,7 @@
<description>ID used for peer authentication</description>
</valueHelp>
</properties>
+ <defaultValue>%any</defaultValue>
</leafNode>
<leafNode name="use-x509-id">
<properties>
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-16 19:29:23 +0000