]> git.ipfire.org Git - people/stevee/network.git/blobdiff - src/functions/functions.ipsec
projects / people / stevee / network.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
ipsec: add type
[people/stevee/network.git] / src / functions / functions.ipsec
diff --git a/src/functions/functions.ipsec b/src/functions/functions.ipsec
index fee6fc117d3680f04aef645755f8d5777d80dec4..846ae7ea0c23746743c15734d725b1371fede33f 100644 (file)
--- a/src/functions/functions.ipsec
+++ b/src/functions/functions.ipsec
@@ -36,6 +36,7 @@ IPSEC_CONNECTION_CONFIG_SETTINGS="\
        REMOTE_PREFIX \
        SECURITY_POLICY \
        START_ACTION \
+       TYPE \
        ENABLED"
 
 IPSEC_POOL_CONFIG_SETTINGS="\
@@ -53,6 +54,7 @@ IPSEC_DEFAULT_INACTIVITY_TIMEOUT="0"
 IPSEC_DEFAULT_MODE="tunnel"
 IPSEC_DEFAULT_SECURITY_POLICY="system"
 IPSEC_DEFAULT_START_ACTION="on-demand"
+IPSEC_DEFAULT_TYPE="net-to-net"
 
 IPSEC_VALID_MODES="gre-transport tunnel vti"
 IPSEC_VALID_AUTH_MODES="PSK"
@@ -1125,12 +1127,14 @@ ipsec_connection_check_name() {
 
 # Function that creates one VPN IPsec connection
 ipsec_connection_new() {
-       if [ $# -gt 1 ]; then
+       if [ $# -gt 2 ]; then
                error "Too many arguments"
                return ${EXIT_ERROR}
        fi
 
        local connection="${1}"
+       local type="${2}"
+
        if ! isset connection; then
                error "Please provide a connection name"
                return ${EXIT_ERROR}
@@ -1148,6 +1152,16 @@ ipsec_connection_new() {
                return ${EXIT_ERROR}
        fi
 
+       # Set TYPE to default if not set by the user
+       if ! isset type; then
+               type="${IPSEC_DEFAULT_TYPE}"
+       fi
+
+       if ! isoneof "type" "net-to-net" "host-to-net"; then
+               error "Type is invalid"
+               return ${EXIT_ERROR}
+       fi
+
        log DEBUG "Creating VPN IPsec connection ${connection}"
 
        if ! mkdir -p "${NETWORK_IPSEC_CONNS_DIR}/${connection}"; then
@@ -1164,6 +1178,7 @@ ipsec_connection_new() {
        ENABLED=${IPSEC_DEFAULT_ENABLED}
        MODE=${IPSEC_DEFAULT_MODE}
        START_ACTION=${IPSEC_DEFAULT_START_ACTION}
+       TYPE="${type}"
 
        INACTIVITY_TIMEOUT=${IPSEC_DEFAULT_INACTIVITY_TIMEOUT}
        SECURITY_POLICY=${IPSEC_DEFAULT_SECURITY_POLICY}
Stevee's network tree.