From a1abb118c9eb413f3c78cfb2077f9c0d4b443c3a Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 3 Jul 2021 15:31:38 +0200 Subject: ipsec: T2816: rework IKE and ESP key assignment Commit 2d79a500 ("ipsec: T2816: add Jinja2 converter for ESP/IKE groups to string") added a Jinja2 helper function which can be used to transform VyOS CLI ESP and IKE key proposals into a strongSwan compatible string cipher. This commit changes the IPSec implementation to make use of this new Jinja2 filter fubction/Python helper. This is required base work for better automated tests (smoketests) but also for an IKEv2 road-warrior setup. --- interface-definitions/vpn_ipsec.xml.in | 46 +++++++++++++++++----------------- 1 file changed, 23 insertions(+), 23 deletions(-) (limited to 'interface-definitions') diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in index f51c2fc92..6aff7bef5 100644 --- a/interface-definitions/vpn_ipsec.xml.in +++ b/interface-definitions/vpn_ipsec.xml.in @@ -92,95 +92,95 @@ enable - Enable PFS. Use ike-groups dh-group (default) + Use Diffie-Hellman group 2 (modp1024) - default dh-group1 - Enable PFS. Use Diffie-Hellman group 1 (modp768) + Use Diffie-Hellman group 1 (modp768) dh-group2 - Enable PFS. Use Diffie-Hellman group 2 (modp1024) + Use Diffie-Hellman group 2 (modp1024) dh-group5 - Enable PFS. Use Diffie-Hellman group 5 (modp1536) + Use Diffie-Hellman group 5 (modp1536) dh-group14 - Enable PFS. Use Diffie-Hellman group 14 (modp2048) + Use Diffie-Hellman group 14 (modp2048) dh-group15 - Enable PFS. Use Diffie-Hellman group 15 (modp3072) + Use Diffie-Hellman group 15 (modp3072) dh-group16 - Enable PFS. Use Diffie-Hellman group 16 (modp4096) + Use Diffie-Hellman group 16 (modp4096) dh-group17 - Enable PFS. Use Diffie-Hellman group 17 (modp6144) + Use Diffie-Hellman group 17 (modp6144) dh-group18 - Enable PFS. Use Diffie-Hellman group 18 (modp8192) + Use Diffie-Hellman group 18 (modp8192) dh-group19 - Enable PFS. Use Diffie-Hellman group 19 (ecp256) + Use Diffie-Hellman group 19 (ecp256) dh-group20 - Enable PFS. Use Diffie-Hellman group 20 (ecp384) + Use Diffie-Hellman group 20 (ecp384) dh-group21 - Enable PFS. Use Diffie-Hellman group 21 (ecp521) + Use Diffie-Hellman group 21 (ecp521) dh-group22 - Enable PFS. Use Diffie-Hellman group 22 (modp1024s160) + Use Diffie-Hellman group 22 (modp1024s160) dh-group23 - Enable PFS. Use Diffie-Hellman group 23 (modp2048s224) + Use Diffie-Hellman group 23 (modp2048s224) dh-group24 - Enable PFS. Use Diffie-Hellman group 24 (modp2048s256) + Use Diffie-Hellman group 24 (modp2048s256) dh-group25 - Enable PFS. Use Diffie-Hellman group 25 (ecp192) + Use Diffie-Hellman group 25 (ecp192) dh-group26 - Enable PFS. Use Diffie-Hellman group 26 (ecp224) + Use Diffie-Hellman group 26 (ecp224) dh-group27 - Enable PFS. Use Diffie-Hellman group 27 (ecp224bp) + Use Diffie-Hellman group 27 (ecp224bp) dh-group28 - Enable PFS. Use Diffie-Hellman group 28 (ecp256bp) + Use Diffie-Hellman group 28 (ecp256bp) dh-group29 - Enable PFS. Use Diffie-Hellman group 29 (ecp384bp) + Use Diffie-Hellman group 29 (ecp384bp) dh-group30 - Enable PFS. Use Diffie-Hellman group 30 (ecp512bp) + Use Diffie-Hellman group 30 (ecp512bp) dh-group31 - Enable PFS. Use Diffie-Hellman group 31 (curve25519) + Use Diffie-Hellman group 31 (curve25519) dh-group32 - Enable PFS. Use Diffie-Hellman group 32 (curve448) + Use Diffie-Hellman group 32 (curve448) disable -- cgit v1.2.3