T6732: added same as vyos 1x

author: kumvijaya <kuvmijaya@gmail.com> 2024-09-26 11:31:07 +0530
committer: kumvijaya <kuvmijaya@gmail.com> 2024-09-26 11:31:07 +0530
commit: a950059053f7394acfb453cc0d8194aa3dc721fa (patch)
tree: eb0acf278f649b5d1417e18e34d728efcd16e745 /interface-definitions/include/ipsec
parent: f0815f3e9b212f424f5adb0c572a71119ad4a8a0 (diff)
download: vyos-workflow-test-temp-a950059053f7394acfb453cc0d8194aa3dc721fa.tar.gz
vyos-workflow-test-temp-a950059053f7394acfb453cc0d8194aa3dc721fa.zip
11 files changed, 196 insertions, 0 deletions
diff --git a/interface-definitions/include/ipsec/authentication-id.xml.i b/interface-definitions/include/ipsec/authentication-id.xml.i
new file mode 100644
index 0000000..4e0b848
--- /dev/null
+++ b/interface-definitions/include/ipsec/authentication-id.xml.i
@@ -0,0 +1,11 @@
+<!-- include start from ipsec/authentication-id.xml.i -->
+<leafNode name="local-id">
+  <properties>
+    <help>Local ID for peer authentication</help>
+    <valueHelp>
+      <format>txt</format>
+      <description>Local ID used for peer authentication</description>
+    </valueHelp>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/ipsec/authentication-pre-shared-secret.xml.i b/interface-definitions/include/ipsec/authentication-pre-shared-secret.xml.i
new file mode 100644
index 0000000..af26693
--- /dev/null
+++ b/interface-definitions/include/ipsec/authentication-pre-shared-secret.xml.i
@@ -0,0 +1,11 @@
+<!-- include start from ipsec/authentication-pre-shared-secret.xml.i -->
+<leafNode name="pre-shared-secret">
+  <properties>
+    <help>Pre-shared secret key</help>
+    <valueHelp>
+      <format>txt</format>
+      <description>Pre-shared secret key</description>
+    </valueHelp>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/ipsec/authentication-rsa.xml.i b/interface-definitions/include/ipsec/authentication-rsa.xml.i
new file mode 100644
index 0000000..0a364e8
--- /dev/null
+++ b/interface-definitions/include/ipsec/authentication-rsa.xml.i
@@ -0,0 +1,30 @@
+<!-- include start from ipsec/authentication-rsa.xml.i -->
+<node name="rsa">
+  <properties>
+    <help>RSA keys</help>
+  </properties>
+  <children>
+    <leafNode name="local-key">
+      <properties>
+        <help>Name of PKI key-pair with local private key</help>
+        <completionHelp>
+          <path>pki key-pair</path>
+        </completionHelp>
+      </properties>
+    </leafNode>
+    <leafNode name="passphrase">
+      <properties>
+        <help>Local private key passphrase</help>
+      </properties>
+    </leafNode>
+    <leafNode name="remote-key">
+      <properties>
+        <help>Name of PKI key-pair with remote public key</help>
+        <completionHelp>
+          <path>pki key-pair</path>
+        </completionHelp>
+      </properties>
+    </leafNode>
+  </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/include/ipsec/authentication-x509.xml.i b/interface-definitions/include/ipsec/authentication-x509.xml.i
new file mode 100644
index 0000000..1d04c94
--- /dev/null
+++ b/interface-definitions/include/ipsec/authentication-x509.xml.i
@@ -0,0 +1,11 @@
+<!-- include start from ipsec/authentication-x509.xml.i -->
+<node name="x509">
+  <properties>
+    <help>X.509 certificate</help>
+  </properties>
+  <children>
+    #include <include/pki/certificate-key.xml.i>
+    #include <include/pki/ca-certificate-multi.xml.i>
+  </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/include/ipsec/bind.xml.i b/interface-definitions/include/ipsec/bind.xml.i
new file mode 100644
index 0000000..edc46d4
--- /dev/null
+++ b/interface-definitions/include/ipsec/bind.xml.i
@@ -0,0 +1,10 @@
+<!-- include start from ipsec/bind.xml.i -->
+<leafNode name="bind">
+  <properties>
+    <help>VTI tunnel interface associated with this configuration</help>
+    <completionHelp>
+      <path>interfaces vti</path>
+    </completionHelp>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/ipsec/esp-group.xml.i b/interface-definitions/include/ipsec/esp-group.xml.i
new file mode 100644
index 0000000..5e5d819
--- /dev/null
+++ b/interface-definitions/include/ipsec/esp-group.xml.i
@@ -0,0 +1,10 @@
+<!-- include start from ipsec/esp-group.xml.i -->
+<leafNode name="esp-group">
+  <properties>
+    <help>Encapsulating Security Payloads (ESP) group name</help>
+    <completionHelp>
+      <path>vpn ipsec esp-group</path>
+    </completionHelp>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/ipsec/ike-group.xml.i b/interface-definitions/include/ipsec/ike-group.xml.i
new file mode 100644
index 0000000..f7649ed
--- /dev/null
+++ b/interface-definitions/include/ipsec/ike-group.xml.i
@@ -0,0 +1,10 @@
+<!-- include start from ipsec/ike-group.xml.i -->
+<leafNode name="ike-group">
+  <properties>
+    <help>Internet Key Exchange (IKE) group name</help>
+    <completionHelp>
+      <path>vpn ipsec ike-group</path>
+    </completionHelp>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/ipsec/local-address.xml.i b/interface-definitions/include/ipsec/local-address.xml.i
new file mode 100644
index 0000000..71f5149
--- /dev/null
+++ b/interface-definitions/include/ipsec/local-address.xml.i
@@ -0,0 +1,27 @@
+<!-- include start from ipsec/local-address.xml.i -->
+<leafNode name="local-address">
+  <properties>
+    <help>IPv4 or IPv6 address of a local interface to use for VPN</help>
+    <completionHelp>
+      <list>any</list>
+      <script>${vyos_completion_dir}/list_local_ips.sh --both</script>
+    </completionHelp>
+    <valueHelp>
+      <format>ipv4</format>
+      <description>IPv4 address of a local interface for VPN</description>
+    </valueHelp>
+    <valueHelp>
+      <format>ipv6</format>
+      <description>IPv6 address of a local interface for VPN</description>
+    </valueHelp>
+    <valueHelp>
+      <format>any</format>
+      <description>Allow any IPv4 address present on the system to be used for VPN</description>
+    </valueHelp>
+    <constraint>
+      <validator name="ip-address"/>
+      <regex>(any)</regex>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/ipsec/local-traffic-selector.xml.i b/interface-definitions/include/ipsec/local-traffic-selector.xml.i
new file mode 100644
index 0000000..9ae67f5
--- /dev/null
+++ b/interface-definitions/include/ipsec/local-traffic-selector.xml.i
@@ -0,0 +1,28 @@
+<!-- include start from ipsec/local-traffic-selector.xml.i -->
+<node name="local">
+  <properties>
+    <help>Local parameters for interesting traffic</help>
+  </properties>
+  <children>
+    #include <include/port-number.xml.i>
+    <leafNode name="prefix">
+      <properties>
+        <help>Local IPv4 or IPv6 prefix</help>
+        <valueHelp>
+          <format>ipv4net</format>
+          <description>Local IPv4 prefix</description>
+        </valueHelp>
+        <valueHelp>
+          <format>ipv6net</format>
+          <description>Local IPv6 prefix</description>
+        </valueHelp>
+        <constraint>
+          <validator name="ipv4-prefix"/>
+          <validator name="ipv6-prefix"/>
+        </constraint>
+        <multi/>
+      </properties>
+    </leafNode>
+  </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/include/ipsec/remote-address.xml.i b/interface-definitions/include/ipsec/remote-address.xml.i
new file mode 100644
index 0000000..91decba
--- /dev/null
+++ b/interface-definitions/include/ipsec/remote-address.xml.i
@@ -0,0 +1,29 @@
+<!-- include start from ipsec/remote-address.xml.i -->
+<leafNode name="remote-address">
+  <properties>
+    <help>IPv4 or IPv6 address of the remote peer</help>
+    <valueHelp>
+      <format>ipv4</format>
+      <description>IPv4 address of the remote peer</description>
+    </valueHelp>
+    <valueHelp>
+      <format>ipv6</format>
+      <description>IPv6 address of the remote peer</description>
+    </valueHelp>
+    <valueHelp>
+      <format>hostname</format>
+      <description>Fully qualified domain name of the remote peer</description>
+    </valueHelp>
+    <valueHelp>
+      <format>any</format>
+      <description>Allow any IP address of the remote peer</description>
+    </valueHelp>
+    <constraint>
+      <validator name="ip-address"/>
+      <validator name="fqdn"/>
+      <regex>(any)</regex>
+    </constraint>
+    <multi/>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/ipsec/replay-window.xml.i b/interface-definitions/include/ipsec/replay-window.xml.i
new file mode 100644
index 0000000..f35ed55
--- /dev/null
+++ b/interface-definitions/include/ipsec/replay-window.xml.i
@@ -0,0 +1,19 @@
+<!-- include start from ipsec/replay-window.xml.i -->
+<leafNode name="replay-window">
+    <properties>
+      <help>IPsec replay window to configure for this CHILD_SA</help>
+      <valueHelp>
+        <format>u32:0</format>
+        <description>Disable IPsec replay protection</description>
+      </valueHelp>
+      <valueHelp>
+        <format>u32:1-2040</format>
+        <description>Replay window size in packets</description>
+      </valueHelp>
+      <constraint>
+        <validator name="numeric" argument="--range 0-2040"/>
+      </constraint>
+    </properties>
+    <defaultValue>32</defaultValue>
+  </leafNode>
+  <!-- include end -->
author	kumvijaya <kuvmijaya@gmail.com>	2024-09-26 11:31:07 +0530
committer	kumvijaya <kuvmijaya@gmail.com>	2024-09-26 11:31:07 +0530
commit	a950059053f7394acfb453cc0d8194aa3dc721fa (patch)
tree	eb0acf278f649b5d1417e18e34d728efcd16e745 /interface-definitions/include/ipsec
parent	f0815f3e9b212f424f5adb0c572a71119ad4a8a0 (diff)
download	vyos-workflow-test-temp-a950059053f7394acfb453cc0d8194aa3dc721fa.tar.gz vyos-workflow-test-temp-a950059053f7394acfb453cc0d8194aa3dc721fa.zip