diff options
Diffstat (limited to 'interface-definitions')
11 files changed, 111 insertions, 114 deletions
diff --git a/interface-definitions/include/accel-ppp/vlan.xml.i b/interface-definitions/include/accel-ppp/vlan.xml.i new file mode 100644 index 000000000..7df711d4b --- /dev/null +++ b/interface-definitions/include/accel-ppp/vlan.xml.i @@ -0,0 +1,20 @@ +<!-- include start from accel-ppp/vlan.xml.i --> +<leafNode name="vlan"> + <properties> + <help>VLAN monitor for automatic creation of VLAN interfaces</help> + <valueHelp> + <format>u32:1-4094</format> + <description>VLAN for automatic creation </description> + </valueHelp> + <valueHelp> + <format>start-end</format> + <description>VLAN range for automatic creation (e.g. 1-4094)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4094"/> + </constraint> + <constraintErrorMessage>VLAN IDs need to be in range 1-4094</constraintErrorMessage> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/firewall/dscp.xml.i b/interface-definitions/include/firewall/dscp.xml.i index 642212d7e..796bab548 100644 --- a/interface-definitions/include/firewall/dscp.xml.i +++ b/interface-definitions/include/firewall/dscp.xml.i @@ -12,7 +12,6 @@ </valueHelp> <constraint> <validator name="numeric" argument="--range 0-63"/> - <validator name="range" argument="--min=0 --max=63"/> </constraint> <multi/> </properties> @@ -30,7 +29,6 @@ </valueHelp> <constraint> <validator name="numeric" argument="--range 0-63"/> - <validator name="range" argument="--min=0 --max=63"/> </constraint> <multi/> </properties> diff --git a/interface-definitions/include/firewall/packet-length.xml.i b/interface-definitions/include/firewall/packet-length.xml.i index 043f56d16..91f08314a 100644 --- a/interface-definitions/include/firewall/packet-length.xml.i +++ b/interface-definitions/include/firewall/packet-length.xml.i @@ -12,7 +12,6 @@ </valueHelp> <constraint> <validator name="numeric" argument="--range 1-65535"/> - <validator name="range" argument="--min=1 --max=65535"/> </constraint> <multi/> </properties> @@ -30,7 +29,6 @@ </valueHelp> <constraint> <validator name="numeric" argument="--range 1-65535"/> - <validator name="range" argument="--min=1 --max=65535"/> </constraint> <multi/> </properties> diff --git a/interface-definitions/include/firewall/tcp-flags.xml.i b/interface-definitions/include/firewall/tcp-flags.xml.i index 5a7b5a8d3..fc0da3135 100644 --- a/interface-definitions/include/firewall/tcp-flags.xml.i +++ b/interface-definitions/include/firewall/tcp-flags.xml.i @@ -127,7 +127,6 @@ </valueHelp> <constraint> <validator name="numeric" argument="--range 1-16384"/> - <validator name="range" argument="--min=1 --max=16384"/> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/ipsec/authentication-id.xml.i b/interface-definitions/include/ipsec/authentication-id.xml.i index 4967782ec..4e0b848c3 100644 --- a/interface-definitions/include/ipsec/authentication-id.xml.i +++ b/interface-definitions/include/ipsec/authentication-id.xml.i @@ -1,10 +1,10 @@ <!-- include start from ipsec/authentication-id.xml.i --> -<leafNode name="id"> +<leafNode name="local-id"> <properties> - <help>ID for peer authentication</help> + <help>Local ID for peer authentication</help> <valueHelp> <format>txt</format> - <description>ID used for peer authentication</description> + <description>Local ID used for peer authentication</description> </valueHelp> </properties> </leafNode> diff --git a/interface-definitions/include/ipsec/remote-address.xml.i b/interface-definitions/include/ipsec/remote-address.xml.i new file mode 100644 index 000000000..ba96290d0 --- /dev/null +++ b/interface-definitions/include/ipsec/remote-address.xml.i @@ -0,0 +1,30 @@ +<!-- include start from ipsec/remote-address.xml.i --> +<leafNode name="remote-address"> + <properties> + <help>IPv4 or IPv6 address of the remote peer</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address of the remote peer</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address of the remote peer</description> + </valueHelp> + <valueHelp> + <format>hostname</format> + <description>Fully qualified domain name of the remote peer</description> + </valueHelp> + <valueHelp> + <format>any</format> + <description>Allow any IP address of the remote peer</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + <validator name="fqdn"/> + <regex>(any)</regex> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/version/ipsec-version.xml.i b/interface-definitions/include/version/ipsec-version.xml.i index 59295cc91..1c978e8e6 100644 --- a/interface-definitions/include/version/ipsec-version.xml.i +++ b/interface-definitions/include/version/ipsec-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/ipsec-version.xml.i --> -<syntaxVersion component='ipsec' version='9'></syntaxVersion> +<syntaxVersion component='ipsec' version='10'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/include/version/pppoe-server-version.xml.i b/interface-definitions/include/version/pppoe-server-version.xml.i index ec81487f8..6bdd8d75c 100644 --- a/interface-definitions/include/version/pppoe-server-version.xml.i +++ b/interface-definitions/include/version/pppoe-server-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/pppoe-server-version.xml.i --> -<syntaxVersion component='pppoe-server' version='5'></syntaxVersion> +<syntaxVersion component='pppoe-server' version='6'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/service-pppoe-server.xml.in b/interface-definitions/service-pppoe-server.xml.in index 50f42849b..b31109296 100644 --- a/interface-definitions/service-pppoe-server.xml.in +++ b/interface-definitions/service-pppoe-server.xml.in @@ -68,33 +68,7 @@ </completionHelp> </properties> <children> - <leafNode name="vlan-id"> - <properties> - <help>VLAN monitor for the automatic creation of single vlan</help> - <valueHelp> - <format>u32:1-4094</format> - <description>VLAN monitor for the automatic creation of single vlan</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-4094"/> - </constraint> - <constraintErrorMessage>VLAN ID needs to be between 1 and 4094</constraintErrorMessage> - <multi/> - </properties> - </leafNode> - <leafNode name="vlan-range"> - <properties> - <help>VLAN monitor for the automatic creation of vlans range</help> - <valueHelp> - <format>start-end</format> - <description>VLAN monitor range for the automatic creation of vlans (e.g. 1-4094)</description> - </valueHelp> - <constraint> - <validator name="range" argument="--min=1 --max=4094"/> - </constraint> - <multi/> - </properties> - </leafNode> + #include <include/accel-ppp/vlan.xml.i> </children> </tagNode> #include <include/accel-ppp/gateway-address.xml.i> diff --git a/interface-definitions/vpn-ipsec.xml.in b/interface-definitions/vpn-ipsec.xml.in index d36fbb024..5887a349f 100644 --- a/interface-definitions/vpn-ipsec.xml.in +++ b/interface-definitions/vpn-ipsec.xml.in @@ -24,23 +24,9 @@ <children> <leafNode name="compression"> <properties> - <help>ESP compression</help> - <completionHelp> - <list>disable enable</list> - </completionHelp> - <valueHelp> - <format>disable</format> - <description>Disable ESP compression</description> - </valueHelp> - <valueHelp> - <format>enable</format> - <description>Enable ESP compression</description> - </valueHelp> - <constraint> - <regex>(disable|enable)</regex> - </constraint> + <help>Enable ESP compression</help> + <valueless/> </properties> - <defaultValue>disable</defaultValue> </leafNode> <leafNode name="lifetime"> <properties> @@ -309,20 +295,7 @@ <leafNode name="ikev2-reauth"> <properties> <help>Re-authentication of the remote peer during an IKE re-key (IKEv2 only)</help> - <completionHelp> - <list>yes no</list> - </completionHelp> - <valueHelp> - <format>yes</format> - <description>Enable remote host re-authentication during an IKE rekey (currently broken due to a strongswan bug)</description> - </valueHelp> - <valueHelp> - <format>no</format> - <description>Disable remote host re-authenticaton during an IKE rekey</description> - </valueHelp> - <constraint> - <regex>(yes|no)</regex> - </constraint> + <valueless/> </properties> </leafNode> <leafNode name="key-exchange"> @@ -357,25 +330,11 @@ </properties> <defaultValue>28800</defaultValue> </leafNode> - <leafNode name="mobike"> + <leafNode name="disable-mobike"> <properties> - <help>Enable MOBIKE Support (IKEv2 only)</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Enable MOBIKE</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Disable MOBIKE</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> + <help>Disable MOBIKE Support (IKEv2 only)</help> + <valueless/> </properties> - <defaultValue>enable</defaultValue> </leafNode> <leafNode name="mode"> <properties> @@ -929,23 +888,15 @@ <children> <tagNode name="peer"> <properties> - <help>VPN peer</help> - <valueHelp> - <format>ipv4</format> - <description>IPv4 address of the peer</description> - </valueHelp> - <valueHelp> - <format>ipv6</format> - <description>IPv6 address of the peer</description> - </valueHelp> + <help>Connection name of the peer</help> <valueHelp> <format>txt</format> - <description>Hostname of the peer</description> - </valueHelp> - <valueHelp> - <format><@text></format> - <description>ID of the peer</description> + <description>Connection name of the peer</description> </valueHelp> + <constraint> + <regex>[-_a-zA-Z0-9|@]+</regex> + </constraint> + <constraintErrorMessage>Peer connection name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage> </properties> <children> #include <include/generic-disable-node.xml.i> @@ -1031,23 +982,10 @@ </leafNode> #include <include/generic-description.xml.i> #include <include/dhcp-interface.xml.i> - <leafNode name="force-encapsulation"> + <leafNode name="force-udp-encapsulation"> <properties> - <help>Force UDP Encapsulation for ESP payloads</help> - <completionHelp> - <list>enable disable</list> - </completionHelp> - <valueHelp> - <format>enable</format> - <description>Force UDP encapsulation</description> - </valueHelp> - <valueHelp> - <format>disable</format> - <description>Do not force UDP encapsulation</description> - </valueHelp> - <constraint> - <regex>(enable|disable)</regex> - </constraint> + <help>Force UDP encapsulation</help> + <valueless/> </properties> </leafNode> #include <include/ipsec/ike-group.xml.i> @@ -1075,6 +1013,7 @@ </properties> </leafNode> #include <include/ipsec/local-address.xml.i> + #include <include/ipsec/remote-address.xml.i> <tagNode name="tunnel"> <properties> <help>Peer tunnel</help> diff --git a/interface-definitions/vpn-openconnect.xml.in b/interface-definitions/vpn-openconnect.xml.in index 6309863c5..bc7f78e79 100644 --- a/interface-definitions/vpn-openconnect.xml.in +++ b/interface-definitions/vpn-openconnect.xml.in @@ -50,6 +50,16 @@ </leafNode> </children> </node> + <leafNode name="group"> + <properties> + <help>Group that a client is allowed to select (from a list). Maps to RADIUS Class attribute.</help> + <valueHelp> + <format>txt</format> + <description>Group string. The group may be followed by a user-friendly name in brackets: group1[First Group]</description> + </valueHelp> + <multi/> + </properties> + </leafNode> #include <include/auth-local-users.xml.i> <node name="local-users"> <children> @@ -144,10 +154,19 @@ </properties> <defaultValue>2</defaultValue> </leafNode> + <leafNode name="groupconfig"> + <properties> + <help>If the groupconfig option is set, then config-per-user will be overriden, and all configuration will be read from radius.</help> + </properties> + </leafNode> </children> </node> </children> </node> + #include <include/listen-address-ipv4.xml.i> + <leafNode name="listen-address"> + <defaultValue>0.0.0.0</defaultValue> + </leafNode> <node name="listen-ports"> <properties> <help>Specify custom ports to use for client connections</help> @@ -278,6 +297,26 @@ <multi/> </properties> </leafNode> + <leafNode name="tunnel-all-dns"> + <properties> + <help>If the tunnel-all-dns option is set to yes, tunnel all DNS queries via the VPN. This is the default when a default route is set.</help> + <completionHelp> + <list>yes no</list> + </completionHelp> + <valueHelp> + <format>yes</format> + <description>Enable tunneling of all DNS traffic</description> + </valueHelp> + <valueHelp> + <format>no</format> + <description>Disable tunneling of all DNS traffic</description> + </valueHelp> + <constraint> + <regex>(yes|no)</regex> + </constraint> + </properties> + <defaultValue>no</defaultValue> + </leafNode> </children> </node> </children> |