shift
local words=( $@ )
- local commands="authentication color description down inactivity-timeout local mode peer remote security-policy show up"
+ local commands="authentication color description down inactivity-timeout local mode peer remote security-policy show up zone"
local cmd="$(_network_find_on_cmdline "${commands}")"
if [[ -z "${cmd}" ]]; then
COMPREPLY=( $(compgen -W "${commands}" -- "${cur}") )
security-policy)
_network_vpn_ipsec_connection_subcommands_security_policy ${args}
;;
- esac
+ zone)
+ _network_vpn_ipsec_connection_subcommands_zone "${connection}" ${args}
+ ;;
+ esac
}
_network_vpn_ipsec_connection_subcommands_authentication() {
fi
}
+_network_vpn_ipsec_connection_subcommands_zone() {
+ local connection="${1}"
+ shift
+
+ local words=( $@ )
+
+ # XXX TODO find zones that can be attached here
+}
+
_network_vpn_security_policies() {
local words=( $@ )
SECURITY_POLICY \
START_ACTION \
TYPE \
- ENABLED"
+ ENABLED \
+ ZONE"
# Default values
IPSEC_DEFAULT_AUTH_MODE="PSK"
shift 2
case "${key}" in
- authentication|down|disable|dpd|enable|inactivity_timeout|local|mode|peer|pool|remote|security_policy|start_action|up)
+ authentication|down|disable|dpd|enable|inactivity_timeout|local|mode|peer|pool|remote|security_policy|start_action|up|zone)
ipsec_connection_${key} ${connection} "$@"
;;
color)
return ${EXIT_OK}
}
+ipsec_connection_zone() {
+ local connection="${1}"
+ local zone="${2}"
+ shift 2
+
+ # Check if we got an argument
+ if ! isset zone; then
+ error "Zone is not set"
+ return ${EXIT_ERROR}
+ fi
+
+ local ZONE
+ case "${zone}" in
+ -)
+ if ! ipsec_connection_read_config "${connection}" "ZONE"; then
+ log ERROR "Could not read configuration for IPsec connection ${connection}"
+ return ${EXIT_ERROR}
+ fi
+
+ # Removes zone setting
+ zone=""
+
+ if isset ZONE; then
+ log INFO "Removing zone ${ZONE} from IPsec connection '${connection}'"
+ fi
+ ;;
+
+ *)
+ # Check if the zone exists
+ if ! zone_exists "${zone}"; then
+ error "Zone ${zone} does not exist"
+ return ${EXIT_ERROR}
+ fi
+
+ # Zone must be of type tunnel
+ local hook="$(zone_get_hook "${zone}")"
+
+ case "${hook}" in
+ ip-tunnel)
+ # We support ip-tunnels
+ ;;
+
+ *)
+ error "Zones of type ${hook} are not supported"
+ return ${EXIT_ERROR}
+ ;;
+ esac
+
+ # Check if this zone is alreadz attached to another IPsec connection
+ # XXX
+
+ log INFO "Adding zone ${zone} to IPsec connection '${connection}'"
+ ;;
+ esac
+
+ # Save settings
+ if ! ipsec_connection_write_config_key "${connection}" "ZONE" "${zone}"; then
+ error "Could not write configuration settings"
+ return ${EXIT_ERROR}
+ fi
+
+ return ${EXIT_OK}
+}
+
# Set the local address
ipsec_connection_local_address() {
if [ ! $# -eq 2 ]; then