From 49153d4e138c762d00db471febb9fd312c0ab122 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 1 Aug 2019 12:31:44 +0200 Subject: openvpn: T1548: initial rewrite with XML and Python --- interface-definitions/interfaces-openvpn.xml | 624 +++++++++++++++++++++++++++ 1 file changed, 624 insertions(+) create mode 100644 interface-definitions/interfaces-openvpn.xml (limited to 'interface-definitions/interfaces-openvpn.xml') diff --git a/interface-definitions/interfaces-openvpn.xml b/interface-definitions/interfaces-openvpn.xml new file mode 100644 index 000000000..f2eb1ebab --- /dev/null +++ b/interface-definitions/interfaces-openvpn.xml @@ -0,0 +1,624 @@ + + + + + + + OpenVPN tunnel interface name + 460 + + ^vtun[0-9]+$ + + OpenVPN tunnel interface must be named vtunN + + vtunN + OpenVPN interface name + + + + + + Authentication options + + + + + OpenVPN password used for authentication + + + + + OpenVPN username used for authentication + + + + + + + Interface to be added to a bridge group + + + + + Interface to a bridge-group + + + + + + + + Path cost for this port + + 0-2147483647 + Path cost for this port + + + + + + + + + Path priority for this port + + 0-255 + Path priority for this port + + + + + + + + + + + Description + + + + + OpenVPN interface device-type + + tun tap + + + tun + TUN device, required for OSI layer 3 + + + tap + TAP device, required for OSI layer 2 + + + (tun|tap) + + + + + + Disable interface + + + + + Data Encryption Algorithm + + des 3des bf128 bf256 aes128 aes192 aes256 + + + des + DES algorithm + + + 3des + DES algorithm with triple encryption + + + bf128 + Blowfish algorithm with 128-bit key + + + bf256 + Blowfish algorithm with 256-bit key + + + aes128 + AES algorithm with 128-bit key + + + aes192 + AES algorithm with 192-bit key + + + aes256 + AES algorithm with 256-bit key + + + (des|3des|bf128|bf256|aes128|aes192|aes256) + + + + + + Hashing Algorithm + + md5 sha1 sha256 sha384 sha512 + + + md5 + MD5 algorithm + + + sha1 + SHA-1 algorithm + + + sha256 + SHA-256 algorithm + + + sha384 + SHA-384 algorithm + + + sha512 + SHA-512 algorithm + + + (md5|sha1|sha256|sha384|sha512) + + + + + + Keepalive helper options + + + + + Maximum number of keepalive packet failures [default 6] + + 0-1000 + Maximum number of keepalive packet failures + + + + + + + + + Keepalive packet interval (seconds) [default 10] + + 0-600 + Keepalive packet interval (seconds) + + + + + + + + + + + Local IP address of tunnel + + + + + + + + Subnet-mask for local IP address of tunnel + + + + + + + + + + Local IP address to accept connections (all if not set) + + ipv4 + Local IPv4 address + + + + + + + + + Local port number to accept connections + + 1-65535 + Numeric IP port + + + + + + + + + OpenVPN mode of operation + + site-to-site client server + + + site-to-site + Site-to-site mode + + + client + Client in client-server mode + + + server + Server in client-server mode + + + (site-to-site|client|server) + + + + + + Additional OpenVPN options. You must + use the syntax of openvpn.conf in this text-field. Using this + without proper knowledge may result in a crashed OpenVPN server. + Check system log to look for errors. + + + + + + Do not close and reopen interface (TUN/TAP device) on client restarts + + + + + + OpenVPN communication protocol + + udp tcp-passive tcp-active + + + udp + Site-to-site mode + + + tcp-passive + TCP and accepts connections passively + + + tcp-active + TCP and initiates connections actively + + + (udp|tcp-passive|tcp-active) + + + + + + IP address of remote end of tunnel + + ipv4 + Remote end IPv4 address + + + + + + + + + Remote host to connect to (dynamic if not set) + + ipv4 + IP address of remote host + + + txt + Hostname of remote host + + + + + + + Remote port number to connect to + + 1-65535 + Numeric IP port + + + + + + + + + OpenVPN tunnel to be used as the default route + + + + + Tunnel endpoints are on the same subnet + + + + + + + Server-mode options + + + + + Two Factor Authentication providers + + + + + Authy Two Factor Authentication providers + + + + + Authy api key + + + + + Authy users (must be email address) + + [A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$ + + Invalid email address + + + + + Country calling codes + + [0-9]+$ + + Invalid Country Calling Code + + + + + Mobile phone number + + [0-9]+$ + + Invalid Phone Number + + + + + + + + + + + Client-specific settings + + name + Client common-name in the certificate + + + + + + Option to disable client connection + + + + + + IP address of the client + + ipv4 + Client IPv4 address + + + + + + + + + Route to be pushed to the client + + ipv4net + IPv4 network and prefix length + + + + + + + + + + Subnet belonging to the client + + ipv4net + IPv4 network and prefix length belonging to the client + + + + + + + + + + + + DNS suffix to be pushed to all clients + + txt + Domain Name Server suffix + + + + + + Number of maximum client connections + + 1-4096 + Number of concurrent clients + + + + + + + + + Domain Name Server (DNS) + + ipv4 + DNS server IPv4 address + + + + + + + + + + Route to be pushed to all clients + + ipv4net + IPv4 network and prefix length + + + + + + + + + + Reject connections from clients that are not explicitly configured + + + + + Server-mode subnet (from which client IPs are allocated) + + ipv4net + IPv4 address and prefix length + + + + + + + + + Topology for clients + + point-to-point subnet + + + point-to-point + Point-to-point topology + + + subnet + Subnet topology + + + (subnet|point-to-point) + + + + + + + + File containing the secret key shared with remote end of tunnel + + file + File in /config/auth directory + + + + + + + + + Transport Layer Security (TLS) options + + + + + File containing certificate for Certificate Authority (CA) + + + + + File containing certificate for this host + + + + + File containing certificate revocation list (CRL) for this host + + + + + File containing Diffie Hellman parameters (server only) + + + + + File containing this host's private key + + + + + File containing this host's private key + + active passive + + + active + Initiate TLS negotiation actively + + + passive + Waiting for TLS connections passively + + + (active|passive) + + + + + + + + Use fast LZO compression on this TUN/TAP interface + + + + + + + + -- cgit v1.2.3