From bd4588827b563022ce5fb98b1345b787b9194176 Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Wed, 10 Aug 2022 19:51:48 +0000 Subject: ipsec: T4118: Change vpn ipsec syntax for IKE ESP and peer Migration and Change boolean nodes "enable/disable" to disable-xxxx, enable-xxxx and just xxx for VPN IPsec configurations - IKE changes: - replace 'ipsec ike-group mobike disable' => 'ipsec ike-group disable-mobike' - replace 'ipsec ike-group ikev2-reauth yes|no' => 'ipsec ike-group ikev2-reauth' - ESP changes: - replace 'ipsec esp-group compression enable' => 'ipsec esp-group compression' - PEER changes: - replace: 'peer id xxx' => 'peer local-id xxx' - replace: 'peer force-encapsulation enable' => 'peer force-udp-encapsulation' - add option: 'peer remote-address x.x.x.x' Add 'peer remote-address ' via migration script --- .../include/ipsec/authentication-id.xml.i | 6 ++--- .../include/ipsec/remote-address.xml.i | 30 ++++++++++++++++++++++ 2 files changed, 33 insertions(+), 3 deletions(-) create mode 100644 interface-definitions/include/ipsec/remote-address.xml.i (limited to 'interface-definitions/include/ipsec') diff --git a/interface-definitions/include/ipsec/authentication-id.xml.i b/interface-definitions/include/ipsec/authentication-id.xml.i index 4967782ec..4e0b848c3 100644 --- a/interface-definitions/include/ipsec/authentication-id.xml.i +++ b/interface-definitions/include/ipsec/authentication-id.xml.i @@ -1,10 +1,10 @@ - + - ID for peer authentication + Local ID for peer authentication txt - ID used for peer authentication + Local ID used for peer authentication diff --git a/interface-definitions/include/ipsec/remote-address.xml.i b/interface-definitions/include/ipsec/remote-address.xml.i new file mode 100644 index 000000000..ba96290d0 --- /dev/null +++ b/interface-definitions/include/ipsec/remote-address.xml.i @@ -0,0 +1,30 @@ + + + + IPv4 or IPv6 address of the remote peer + + ipv4 + IPv4 address of the remote peer + + + ipv6 + IPv6 address of the remote peer + + + hostname + Fully qualified domain name of the remote peer + + + any + Allow any IP address of the remote peer + + + + + + (any) + + + + + -- cgit v1.2.3