From a950059053f7394acfb453cc0d8194aa3dc721fa Mon Sep 17 00:00:00 2001
From: kumvijaya <kuvmijaya@gmail.com>
Date: Thu, 26 Sep 2024 11:31:07 +0530
Subject: T6732: added same as vyos 1x

---
 .../include/ipsec/authentication-id.xml.i          | 11 ++++++++
 .../ipsec/authentication-pre-shared-secret.xml.i   | 11 ++++++++
 .../include/ipsec/authentication-rsa.xml.i         | 30 ++++++++++++++++++++++
 .../include/ipsec/authentication-x509.xml.i        | 11 ++++++++
 interface-definitions/include/ipsec/bind.xml.i     | 10 ++++++++
 .../include/ipsec/esp-group.xml.i                  | 10 ++++++++
 .../include/ipsec/ike-group.xml.i                  | 10 ++++++++
 .../include/ipsec/local-address.xml.i              | 27 +++++++++++++++++++
 .../include/ipsec/local-traffic-selector.xml.i     | 28 ++++++++++++++++++++
 .../include/ipsec/remote-address.xml.i             | 29 +++++++++++++++++++++
 .../include/ipsec/replay-window.xml.i              | 19 ++++++++++++++
 11 files changed, 196 insertions(+)
 create mode 100644 interface-definitions/include/ipsec/authentication-id.xml.i
 create mode 100644 interface-definitions/include/ipsec/authentication-pre-shared-secret.xml.i
 create mode 100644 interface-definitions/include/ipsec/authentication-rsa.xml.i
 create mode 100644 interface-definitions/include/ipsec/authentication-x509.xml.i
 create mode 100644 interface-definitions/include/ipsec/bind.xml.i
 create mode 100644 interface-definitions/include/ipsec/esp-group.xml.i
 create mode 100644 interface-definitions/include/ipsec/ike-group.xml.i
 create mode 100644 interface-definitions/include/ipsec/local-address.xml.i
 create mode 100644 interface-definitions/include/ipsec/local-traffic-selector.xml.i
 create mode 100644 interface-definitions/include/ipsec/remote-address.xml.i
 create mode 100644 interface-definitions/include/ipsec/replay-window.xml.i

(limited to 'interface-definitions/include/ipsec')

diff --git a/interface-definitions/include/ipsec/authentication-id.xml.i b/interface-definitions/include/ipsec/authentication-id.xml.i
new file mode 100644
index 0000000..4e0b848
--- /dev/null
+++ b/interface-definitions/include/ipsec/authentication-id.xml.i
@@ -0,0 +1,11 @@
+<!-- include start from ipsec/authentication-id.xml.i -->
+<leafNode name="local-id">
+  <properties>
+    <help>Local ID for peer authentication</help>
+    <valueHelp>
+      <format>txt</format>
+      <description>Local ID used for peer authentication</description>
+    </valueHelp>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/ipsec/authentication-pre-shared-secret.xml.i b/interface-definitions/include/ipsec/authentication-pre-shared-secret.xml.i
new file mode 100644
index 0000000..af26693
--- /dev/null
+++ b/interface-definitions/include/ipsec/authentication-pre-shared-secret.xml.i
@@ -0,0 +1,11 @@
+<!-- include start from ipsec/authentication-pre-shared-secret.xml.i -->
+<leafNode name="pre-shared-secret">
+  <properties>
+    <help>Pre-shared secret key</help>
+    <valueHelp>
+      <format>txt</format>
+      <description>Pre-shared secret key</description>
+    </valueHelp>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/ipsec/authentication-rsa.xml.i b/interface-definitions/include/ipsec/authentication-rsa.xml.i
new file mode 100644
index 0000000..0a364e8
--- /dev/null
+++ b/interface-definitions/include/ipsec/authentication-rsa.xml.i
@@ -0,0 +1,30 @@
+<!-- include start from ipsec/authentication-rsa.xml.i -->
+<node name="rsa">
+  <properties>
+    <help>RSA keys</help>
+  </properties>
+  <children>
+    <leafNode name="local-key">
+      <properties>
+        <help>Name of PKI key-pair with local private key</help>
+        <completionHelp>
+          <path>pki key-pair</path>
+        </completionHelp>
+      </properties>
+    </leafNode>
+    <leafNode name="passphrase">
+      <properties>
+        <help>Local private key passphrase</help>
+      </properties>
+    </leafNode>
+    <leafNode name="remote-key">
+      <properties>
+        <help>Name of PKI key-pair with remote public key</help>
+        <completionHelp>
+          <path>pki key-pair</path>
+        </completionHelp>
+      </properties>
+    </leafNode>
+  </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/include/ipsec/authentication-x509.xml.i b/interface-definitions/include/ipsec/authentication-x509.xml.i
new file mode 100644
index 0000000..1d04c94
--- /dev/null
+++ b/interface-definitions/include/ipsec/authentication-x509.xml.i
@@ -0,0 +1,11 @@
+<!-- include start from ipsec/authentication-x509.xml.i -->
+<node name="x509">
+  <properties>
+    <help>X.509 certificate</help>
+  </properties>
+  <children>
+    #include <include/pki/certificate-key.xml.i>
+    #include <include/pki/ca-certificate-multi.xml.i>
+  </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/include/ipsec/bind.xml.i b/interface-definitions/include/ipsec/bind.xml.i
new file mode 100644
index 0000000..edc46d4
--- /dev/null
+++ b/interface-definitions/include/ipsec/bind.xml.i
@@ -0,0 +1,10 @@
+<!-- include start from ipsec/bind.xml.i -->
+<leafNode name="bind">
+  <properties>
+    <help>VTI tunnel interface associated with this configuration</help>
+    <completionHelp>
+      <path>interfaces vti</path>
+    </completionHelp>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/ipsec/esp-group.xml.i b/interface-definitions/include/ipsec/esp-group.xml.i
new file mode 100644
index 0000000..5e5d819
--- /dev/null
+++ b/interface-definitions/include/ipsec/esp-group.xml.i
@@ -0,0 +1,10 @@
+<!-- include start from ipsec/esp-group.xml.i -->
+<leafNode name="esp-group">
+  <properties>
+    <help>Encapsulating Security Payloads (ESP) group name</help>
+    <completionHelp>
+      <path>vpn ipsec esp-group</path>
+    </completionHelp>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/ipsec/ike-group.xml.i b/interface-definitions/include/ipsec/ike-group.xml.i
new file mode 100644
index 0000000..f7649ed
--- /dev/null
+++ b/interface-definitions/include/ipsec/ike-group.xml.i
@@ -0,0 +1,10 @@
+<!-- include start from ipsec/ike-group.xml.i -->
+<leafNode name="ike-group">
+  <properties>
+    <help>Internet Key Exchange (IKE) group name</help>
+    <completionHelp>
+      <path>vpn ipsec ike-group</path>
+    </completionHelp>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/ipsec/local-address.xml.i b/interface-definitions/include/ipsec/local-address.xml.i
new file mode 100644
index 0000000..71f5149
--- /dev/null
+++ b/interface-definitions/include/ipsec/local-address.xml.i
@@ -0,0 +1,27 @@
+<!-- include start from ipsec/local-address.xml.i -->
+<leafNode name="local-address">
+  <properties>
+    <help>IPv4 or IPv6 address of a local interface to use for VPN</help>
+    <completionHelp>
+      <list>any</list>
+      <script>${vyos_completion_dir}/list_local_ips.sh --both</script>
+    </completionHelp>
+    <valueHelp>
+      <format>ipv4</format>
+      <description>IPv4 address of a local interface for VPN</description>
+    </valueHelp>
+    <valueHelp>
+      <format>ipv6</format>
+      <description>IPv6 address of a local interface for VPN</description>
+    </valueHelp>
+    <valueHelp>
+      <format>any</format>
+      <description>Allow any IPv4 address present on the system to be used for VPN</description>
+    </valueHelp>
+    <constraint>
+      <validator name="ip-address"/>
+      <regex>(any)</regex>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/ipsec/local-traffic-selector.xml.i b/interface-definitions/include/ipsec/local-traffic-selector.xml.i
new file mode 100644
index 0000000..9ae67f5
--- /dev/null
+++ b/interface-definitions/include/ipsec/local-traffic-selector.xml.i
@@ -0,0 +1,28 @@
+<!-- include start from ipsec/local-traffic-selector.xml.i -->
+<node name="local">
+  <properties>
+    <help>Local parameters for interesting traffic</help>
+  </properties>
+  <children>
+    #include <include/port-number.xml.i>
+    <leafNode name="prefix">
+      <properties>
+        <help>Local IPv4 or IPv6 prefix</help>
+        <valueHelp>
+          <format>ipv4net</format>
+          <description>Local IPv4 prefix</description>
+        </valueHelp>
+        <valueHelp>
+          <format>ipv6net</format>
+          <description>Local IPv6 prefix</description>
+        </valueHelp>
+        <constraint>
+          <validator name="ipv4-prefix"/>
+          <validator name="ipv6-prefix"/>
+        </constraint>
+        <multi/>
+      </properties>
+    </leafNode>
+  </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/include/ipsec/remote-address.xml.i b/interface-definitions/include/ipsec/remote-address.xml.i
new file mode 100644
index 0000000..91decba
--- /dev/null
+++ b/interface-definitions/include/ipsec/remote-address.xml.i
@@ -0,0 +1,29 @@
+<!-- include start from ipsec/remote-address.xml.i -->
+<leafNode name="remote-address">
+  <properties>
+    <help>IPv4 or IPv6 address of the remote peer</help>
+    <valueHelp>
+      <format>ipv4</format>
+      <description>IPv4 address of the remote peer</description>
+    </valueHelp>
+    <valueHelp>
+      <format>ipv6</format>
+      <description>IPv6 address of the remote peer</description>
+    </valueHelp>
+    <valueHelp>
+      <format>hostname</format>
+      <description>Fully qualified domain name of the remote peer</description>
+    </valueHelp>
+    <valueHelp>
+      <format>any</format>
+      <description>Allow any IP address of the remote peer</description>
+    </valueHelp>
+    <constraint>
+      <validator name="ip-address"/>
+      <validator name="fqdn"/>
+      <regex>(any)</regex>
+    </constraint>
+    <multi/>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/ipsec/replay-window.xml.i b/interface-definitions/include/ipsec/replay-window.xml.i
new file mode 100644
index 0000000..f35ed55
--- /dev/null
+++ b/interface-definitions/include/ipsec/replay-window.xml.i
@@ -0,0 +1,19 @@
+<!-- include start from ipsec/replay-window.xml.i -->
+<leafNode name="replay-window">
+    <properties>
+      <help>IPsec replay window to configure for this CHILD_SA</help>
+      <valueHelp>
+        <format>u32:0</format>
+        <description>Disable IPsec replay protection</description>
+      </valueHelp>
+      <valueHelp>
+        <format>u32:1-2040</format>
+        <description>Replay window size in packets</description>
+      </valueHelp>
+      <constraint>
+        <validator name="numeric" argument="--range 0-2040"/>
+      </constraint>
+    </properties>
+    <defaultValue>32</defaultValue>
+  </leafNode>
+  <!-- include end -->
-- 
cgit v1.2.3