summaryrefslogtreecommitdiff
path: root/op-mode-definitions/vpn-ipsec.xml.in
diff options
context:
space:
mode:
Diffstat (limited to 'op-mode-definitions/vpn-ipsec.xml.in')
-rw-r--r--op-mode-definitions/vpn-ipsec.xml.in170
1 files changed, 128 insertions, 42 deletions
diff --git a/op-mode-definitions/vpn-ipsec.xml.in b/op-mode-definitions/vpn-ipsec.xml.in
index f1af65fcb..b551af2be 100644
--- a/op-mode-definitions/vpn-ipsec.xml.in
+++ b/op-mode-definitions/vpn-ipsec.xml.in
@@ -7,57 +7,112 @@
<help>Reset Virtual Private Network (VPN) information</help>
</properties>
<children>
- <tagNode name="ipsec-peer">
+ <node name="ipsec">
<properties>
- <help>Reset all tunnels for given peer</help>
- <completionHelp>
- <path>vpn ipsec site-to-site peer</path>
- </completionHelp>
+ <help>Reset IPSec VPN sessions</help>
</properties>
<children>
- <tagNode name="tunnel">
+ <tagNode name="profile">
<properties>
- <help>Reset a specific tunnel for given peer</help>
+ <help>Reset a specific tunnel for given DMVPN profile</help>
+ <completionHelp>
+ <path>vpn ipsec profile</path>
+ </completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_peer --peer="$4" --tunnel="$6"</command>
+ <children>
+ <tagNode name="tunnel">
+ <properties>
+ <help>Reset a specific tunnel for given DMVPN profile</help>
+ <completionHelp>
+ <script>sudo ${vyos_completion_dir}/list_ipsec_profile_tunnels.py --profile ${COMP_WORDS[4]}</script>
+ </completionHelp>
+ </properties>
+ <children>
+ <tagNode name="remote-host">
+ <properties>
+ <help>Reset a specific tunnel for given DMVPN NBMA</help>
+ <completionHelp>
+ <list>&lt;x.x.x.x&gt; &lt;h:h:h:h:h:h:h:h&gt;</list>
+ </completionHelp>
+ </properties>
+ <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_profile_dst --profile="$5" --tunnel="$7" --nbma-dst="$9"</command>
+ </tagNode>
+ </children>
+ <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_profile_all --profile="$5" --tunnel="$7"</command>
+ </tagNode>
+ </children>
</tagNode>
- <node name="vti">
+ <node name="remote-access">
<properties>
- <help>Reset the VTI tunnel for given peer</help>
+ <help>Reset remote access IPSec VPN connections</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_peer --peer="$4" --tunnel="vti"</command>
+ <children>
+ <node name="all">
+ <properties>
+ <help>Reset all users current remote access IPSec VPN sessions</help>
+ </properties>
+ <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_ra</command>
+ </node>
+ <tagNode name="user">
+ <properties>
+ <help>Reset specified user current remote access IPsec VPN session(s)</help>
+ </properties>
+ <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_ra --user="$6"</command>
+ </tagNode>
+ </children>
</node>
- </children>
- <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_peer --peer="$4" --tunnel="all"</command>
- </tagNode>
- <tagNode name="ipsec-profile">
- <properties>
- <help>Reset all tunnels for given DMVPN profile</help>
- <completionHelp>
- <path>vpn ipsec profile</path>
- </completionHelp>
- </properties>
- <children>
- <tagNode name="tunnel">
+ <node name="site-to-site">
<properties>
- <help>Reset a specific tunnel for given DMVPN profile</help>
+ <help>Reset site-to-site IPSec VPN connections</help>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-profile" --name="$4" --tunnel="$6"</command>
- </tagNode>
+ <children>
+ <node name="all">
+ <properties>
+ <help>Reset all site-to-site IPSec VPN sessions</help>
+ </properties>
+ <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_all_peers</command>
+ </node>
+ <tagNode name="peer">
+ <properties>
+ <help>Reset all tunnels for given peer</help>
+ <completionHelp>
+ <path>vpn ipsec site-to-site peer</path>
+ </completionHelp>
+ </properties>
+ <children>
+ <tagNode name="tunnel">
+ <properties>
+ <help>Reset a specific tunnel for given peer</help>
+ <completionHelp>
+ <path>vpn ipsec site-to-site peer ${COMP_WORDS[5]} tunnel</path>
+ </completionHelp>
+ </properties>
+ <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_peer --peer="$6" --tunnel="$8"</command>
+ </tagNode>
+ <node name="vti">
+ <properties>
+ <help>Reset the VTI tunnel for given peer</help>
+ </properties>
+ <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_peer --peer="$6" --tunnel="vti"</command>
+ </node>
+ </children>
+ <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_peer --peer="$6"</command>
+ </tagNode>
+ </children>
+ </node>
</children>
- <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-profile" --name="$4" --tunnel="all"</command>
- </tagNode>
+ </node>
</children>
</node>
</children>
</node>
<node name="restart">
<children>
- <node name="vpn">
+ <node name="ipsec">
<properties>
<help>Restart the IPsec VPN process</help>
</properties>
- <command>if pgrep charon >/dev/null ; then sudo ipsec restart ; sleep 3 ; sudo swanctl -q ; else echo "IPsec process not running" ; fi</command>
+ <command>if systemctl is-active --quiet strongswan; then sudo systemctl restart strongswan ; echo "IPsec process restarted"; else echo "IPsec process not running" ; fi</command>
</node>
</children>
</node>
@@ -122,13 +177,13 @@
<properties>
<help>Show all the pre-shared key secrets</help>
</properties>
- <command>sudo cat /etc/ipsec.secrets | sed 's/#.*//'</command>
+ <command>${vyos_op_scripts_dir}/ipsec.py show_psk</command>
</node>
<node name="status">
<properties>
<help>Show summary of IKE process information</help>
</properties>
- <command>if pgrep charon >/dev/null ; then echo "Running: $(pgrep charon)" ; else echo "Process is not running" ; fi</command>
+ <command>if systemctl is-active --quiet strongswan ; then systemctl status strongswan ; else echo "Process is not running" ; fi</command>
</node>
</children>
</node>
@@ -137,18 +192,49 @@
<help>Show Internet Protocol Security (IPsec) information</help>
</properties>
<children>
+ <node name="connections">
+ <properties>
+ <help>Show VPN connections</help>
+ </properties>
+ <command>sudo ${vyos_op_scripts_dir}/ipsec.py show_connections</command>
+ </node>
<node name="policy">
<properties>
<help>Show the in-kernel crypto policies</help>
</properties>
<command>sudo ip xfrm policy list</command>
</node>
- <leafNode name="remote-access">
- <properties>
- <help>Show active VPN server sessions</help>
- </properties>
- <command>${vyos_op_scripts_dir}/show_vpn_ra.py</command>
- </leafNode>
+ <node name="remote-access">
+ <properties>
+ <help>Show active VPN server sessions</help>
+ </properties>
+ <children>
+ <node name="detail">
+ <properties>
+ <help>Show detail active IKEv2 RA sessions</help>
+ </properties>
+ <command>if systemctl is-active --quiet strongswan ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_ra_detail; else echo "IPsec process not running" ; fi</command>
+ </node>
+ <tagNode name="connection-id">
+ <properties>
+ <help>Show detail active IKEv2 RA sessions by connection-id</help>
+ </properties>
+ <command>if systemctl is-active --quiet strongswan ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_ra_detail --conn-id="$6"; else echo "IPsec process not running" ; fi</command>
+ </tagNode>
+ <node name="summary">
+ <properties>
+ <help>Show active IKEv2 RA sessions summary</help>
+ </properties>
+ <command>if systemctl is-active --quiet strongswan ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_ra_summary; else echo "IPsec process not running" ; fi</command>
+ </node>
+ <tagNode name="username">
+ <properties>
+ <help>Show detail active IKEv2 RA sessions by username</help>
+ </properties>
+ <command>if systemctl is-active --quiet strongswan ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_ra_detail --username="$6"; else echo "IPsec process not running" ; fi</command>
+ </tagNode>
+ </children>
+ </node>
<node name="sa">
<properties>
<help>Show all active IPsec Security Associations (SA)</help>
@@ -180,14 +266,14 @@
<command></command>
</tagNode>
-->
- <node name="verbose">
+ <node name="detail">
<properties>
<help>Show Verbose Detail on all active IPsec Security Associations (SA)</help>
</properties>
- <command>if pgrep charon >/dev/null ; then sudo /usr/sbin/ipsec statusall ; else echo "IPsec process not running" ; fi</command>
+ <command>if systemctl is-active --quiet strongswan ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_sa_detail ; else echo "IPsec process not running" ; fi</command>
</node>
</children>
- <command>if pgrep charon >/dev/null ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_sa ; else echo "IPsec process not running" ; fi</command>
+ <command>if systemctl is-active --quiet strongswan ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_sa ; else echo "IPsec process not running" ; fi</command>
</node>
<node name="state">
<properties>
@@ -199,7 +285,7 @@
<properties>
<help>Show status of IPsec process</help>
</properties>
- <command>if pgrep charon >/dev/null ; then echo -e "IPsec Process Running: $(pgrep charon)\n$(sudo /usr/sbin/ipsec status)" ; else echo "IPsec process not running" ; fi</command>
+ <command>if systemctl is-active --quiet strongswan >/dev/null ; then echo -e "IPsec Process Running: $(pgrep charon)\n$(sudo /usr/sbin/ipsec status)" ; else echo "IPsec process not running" ; fi</command>
</node>
</children>
</node>
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-06 09:32:01 +0000