From: Jonatan Schlag Date: Mon, 7 Aug 2017 15:49:18 +0000 (+0000) Subject: ipsec: add type X-Git-Tag: 009~11 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=89d71d08eda141a25fbac9f44e7600729744bf9b;p=network.git ipsec: add type We now specific at creation time if a connection is net-to-net or host-to-net. Signed-off-by: Michael Tremer --- diff --git a/src/functions/functions.ipsec b/src/functions/functions.ipsec index fee6fc11..846ae7ea 100644 --- a/src/functions/functions.ipsec +++ b/src/functions/functions.ipsec @@ -36,6 +36,7 @@ IPSEC_CONNECTION_CONFIG_SETTINGS="\ REMOTE_PREFIX \ SECURITY_POLICY \ START_ACTION \ + TYPE \ ENABLED" IPSEC_POOL_CONFIG_SETTINGS="\ @@ -53,6 +54,7 @@ IPSEC_DEFAULT_INACTIVITY_TIMEOUT="0" IPSEC_DEFAULT_MODE="tunnel" IPSEC_DEFAULT_SECURITY_POLICY="system" IPSEC_DEFAULT_START_ACTION="on-demand" +IPSEC_DEFAULT_TYPE="net-to-net" IPSEC_VALID_MODES="gre-transport tunnel vti" IPSEC_VALID_AUTH_MODES="PSK" @@ -1125,12 +1127,14 @@ ipsec_connection_check_name() { # Function that creates one VPN IPsec connection ipsec_connection_new() { - if [ $# -gt 1 ]; then + if [ $# -gt 2 ]; then error "Too many arguments" return ${EXIT_ERROR} fi local connection="${1}" + local type="${2}" + if ! isset connection; then error "Please provide a connection name" return ${EXIT_ERROR} @@ -1148,6 +1152,16 @@ ipsec_connection_new() { return ${EXIT_ERROR} fi + # Set TYPE to default if not set by the user + if ! isset type; then + type="${IPSEC_DEFAULT_TYPE}" + fi + + if ! isoneof "type" "net-to-net" "host-to-net"; then + error "Type is invalid" + return ${EXIT_ERROR} + fi + log DEBUG "Creating VPN IPsec connection ${connection}" if ! mkdir -p "${NETWORK_IPSEC_CONNS_DIR}/${connection}"; then @@ -1164,6 +1178,7 @@ ipsec_connection_new() { ENABLED=${IPSEC_DEFAULT_ENABLED} MODE=${IPSEC_DEFAULT_MODE} START_ACTION=${IPSEC_DEFAULT_START_ACTION} + TYPE="${type}" INACTIVITY_TIMEOUT=${IPSEC_DEFAULT_INACTIVITY_TIMEOUT} SECURITY_POLICY=${IPSEC_DEFAULT_SECURITY_POLICY}