Lines 220-226
Link Here
|
220 |
if ((k in s) && s[k] != "yes" && s[k] != "no") |
220 |
if ((k in s) && s[k] != "yes" && s[k] != "no") |
221 |
fail("parameter " v(k) " must be \"yes\" or \"no\"") |
221 |
fail("parameter " v(k) " must be \"yes\" or \"no\"") |
222 |
} |
222 |
} |
223 |
function default(k, val) { |
223 |
function defaultconn(k, val) { |
224 |
if (!(k in s)) |
224 |
if (!(k in s)) |
225 |
s[k] = val |
225 |
s[k] = val |
226 |
} |
226 |
} |
Lines 313-319
Link Here
|
313 |
if (!seensome) |
313 |
if (!seensome) |
314 |
fail("internal error, output called inappropriately") |
314 |
fail("internal error, output called inappropriately") |
315 |
|
315 |
|
316 |
default("type", "tunnel") |
316 |
defaultconn("type", "tunnel") |
317 |
type_flags = "" |
317 |
type_flags = "" |
318 |
t = s["type"] |
318 |
t = s["type"] |
319 |
if (t == "tunnel") { |
319 |
if (t == "tunnel") { |
Lines 335-341
Link Here
|
335 |
} else |
335 |
} else |
336 |
fail("unknown type " v(t)) |
336 |
fail("unknown type " v(t)) |
337 |
|
337 |
|
338 |
default("failureshunt", "none") |
338 |
defaultconn("failureshunt", "none") |
339 |
t = s["failureshunt"] |
339 |
t = s["failureshunt"] |
340 |
if (t == "passthrough") |
340 |
if (t == "passthrough") |
341 |
type_flags = type_flags " --failpass"; |
341 |
type_flags = type_flags " --failpass"; |
Lines 362-413
Link Here
|
362 |
nexthopset("right", drnexthop) |
362 |
nexthopset("right", drnexthop) |
363 |
} |
363 |
} |
364 |
|
364 |
|
365 |
default("keyexchange", "ike") |
365 |
defaultconn("keyexchange", "ike") |
366 |
if (s["keyexchange"] != "ike") |
366 |
if (s["keyexchange"] != "ike") |
367 |
fail("only know how to do keyexchange=ike") |
367 |
fail("only know how to do keyexchange=ike") |
368 |
default("auth", "esp") |
368 |
defaultconn("auth", "esp") |
369 |
if (("auth" in s) && s["auth"] != "esp" && s["auth"] != "ah") |
369 |
if (("auth" in s) && s["auth"] != "esp" && s["auth"] != "ah") |
370 |
fail("only know how to do auth=esp or auth=ah") |
370 |
fail("only know how to do auth=esp or auth=ah") |
371 |
|
371 |
|
372 |
yesno("pfs") |
372 |
yesno("pfs") |
373 |
default("pfs", "yes") |
373 |
defaultconn("pfs", "yes") |
374 |
|
374 |
|
375 |
yesno("aggrmode") |
375 |
yesno("aggrmode") |
376 |
default("aggrmode", "no") |
376 |
defaultconn("aggrmode", "no") |
377 |
|
377 |
|
378 |
duration("dpddelay") |
378 |
duration("dpddelay") |
379 |
duration("dpdtimeout") |
379 |
duration("dpdtimeout") |
380 |
if(("dpddelay" in s) && !("dpdtimeout" in s)) |
380 |
if(("dpddelay" in s) && !("dpdtimeout" in s)) |
381 |
default("dpdtimeout",120) |
381 |
defaultconn("dpdtimeout",120) |
382 |
if(!("dpddelay" in s) && ("dpdtimeout" in s)) |
382 |
if(!("dpddelay" in s) && ("dpdtimeout" in s)) |
383 |
default("dpddelay",30) |
383 |
defaultconn("dpddelay",30) |
384 |
default("dpdaction","hold") |
384 |
defaultconn("dpdaction","hold") |
385 |
|
385 |
|
386 |
yesno("forceencaps") |
386 |
yesno("forceencaps") |
387 |
default("forceencaps", "no") |
387 |
defaultconn("forceencaps", "no") |
388 |
yesno("xauth") |
388 |
yesno("xauth") |
389 |
default("xauth", "no") |
389 |
defaultconn("xauth", "no") |
390 |
yesno("xauthserver") |
390 |
yesno("xauthserver") |
391 |
default("xauthserver", "no") |
391 |
defaultconn("xauthserver", "no") |
392 |
yesno("xauthclient") |
392 |
yesno("xauthclient") |
393 |
default("xauthclient", "no") |
393 |
defaultconn("xauthclient", "no") |
394 |
yesno("modecfgserver") |
394 |
yesno("modecfgserver") |
395 |
default("modecfgserver", "no") |
395 |
defaultconn("modecfgserver", "no") |
396 |
yesno("modecfgclient") |
396 |
yesno("modecfgclient") |
397 |
default("modecfgclient", "no") |
397 |
defaultconn("modecfgclient", "no") |
398 |
|
398 |
|
399 |
yesno("modecfgpull") |
399 |
yesno("modecfgpull") |
400 |
default("modecfgpull", "no") |
400 |
defaultconn("modecfgpull", "no") |
401 |
|
401 |
|
402 |
yesno("compress") |
402 |
yesno("compress") |
403 |
default("compress", "no") |
403 |
defaultconn("compress", "no") |
404 |
default("keylife", "8h") |
404 |
defaultconn("keylife", "8h") |
405 |
duration("keylife") |
405 |
duration("keylife") |
406 |
yesno("rekey") |
406 |
yesno("rekey") |
407 |
default("rekey", "yes") |
407 |
defaultconn("rekey", "yes") |
408 |
default("rekeymargin", "9m") |
408 |
defaultconn("rekeymargin", "9m") |
409 |
duration("rekeymargin") |
409 |
duration("rekeymargin") |
410 |
default("keyingtries", "%forever") |
410 |
defaultconn("keyingtries", "%forever") |
411 |
if (s["keyingtries"] == "%forever") |
411 |
if (s["keyingtries"] == "%forever") |
412 |
s["keyingtries"] = 0 |
412 |
s["keyingtries"] = 0 |
413 |
integer("keyingtries") |
413 |
integer("keyingtries") |
Lines 419-431
Link Here
|
419 |
integer("rekeyfuzz") |
419 |
integer("rekeyfuzz") |
420 |
} |
420 |
} |
421 |
duration("ikelifetime") |
421 |
duration("ikelifetime") |
422 |
default("disablearrivalcheck", "no") |
422 |
defaultconn("disablearrivalcheck", "no") |
423 |
|
423 |
|
424 |
default("leftsendcert", "always") |
424 |
defaultconn("leftsendcert", "always") |
425 |
default("rightsendcert", "always") |
425 |
defaultconn("rightsendcert", "always") |
426 |
|
426 |
|
427 |
default("leftnexthop", "%direct") |
427 |
defaultconn("leftnexthop", "%direct") |
428 |
default("rightnexthop", "%direct") |
428 |
defaultconn("rightnexthop", "%direct") |
429 |
if (s["leftnexthop"] == s["left"]) |
429 |
if (s["leftnexthop"] == s["left"]) |
430 |
fail("left and leftnexthop must not be the same") |
430 |
fail("left and leftnexthop must not be the same") |
431 |
if (s["rightnexthop"] == s["right"]) |
431 |
if (s["rightnexthop"] == s["right"]) |
Lines 441-462
Link Here
|
441 |
s["rightnexthop"] = drnexthop |
441 |
s["rightnexthop"] = drnexthop |
442 |
} |
442 |
} |
443 |
|
443 |
|
444 |
default("leftupdown", "ipsec _updown") |
444 |
defaultconn("leftupdown", "ipsec _updown") |
445 |
default("rightupdown", "ipsec _updown") |
445 |
defaultconn("rightupdown", "ipsec _updown") |
446 |
default("authby", "rsasig") |
446 |
defaultconn("authby", "rsasig") |
447 |
t = s["authby"] |
447 |
t = s["authby"] |
448 |
if (t == "rsasig" || t == "secret|rsasig" || t == "rsasig|secret") { |
448 |
if (t == "rsasig" || t == "secret|rsasig" || t == "rsasig|secret") { |
449 |
authtype = "--rsasig" |
449 |
authtype = "--rsasig" |
450 |
type_flags = "--encrypt " type_flags |
450 |
type_flags = "--encrypt " type_flags |
451 |
if (!("leftcert" in s)) { |
451 |
if (!("leftcert" in s)) { |
452 |
default("leftrsasigkey", "%dnsondemand") |
452 |
defaultconn("leftrsasigkey", "%dnsondemand") |
453 |
if (id("left") == "%any" && |
453 |
if (id("left") == "%any" && |
454 |
!(s["leftrsasigkey"] == "%cert" || |
454 |
!(s["leftrsasigkey"] == "%cert" || |
455 |
s["leftrsasigkey"] == "0x00") ) |
455 |
s["leftrsasigkey"] == "0x00") ) |
456 |
fail("ID " v(id("left")) " cannot have RSA key") |
456 |
fail("ID " v(id("left")) " cannot have RSA key") |
457 |
} |
457 |
} |
458 |
if (!("rightcert" in s)) { |
458 |
if (!("rightcert" in s)) { |
459 |
default("rightrsasigkey", "%dnsondemand") |
459 |
defaultconn("rightrsasigkey", "%dnsondemand") |
460 |
if (id("right") == "%any" && |
460 |
if (id("right") == "%any" && |
461 |
!(s["rightrsasigkey"] == "%cert" || |
461 |
!(s["rightrsasigkey"] == "%cert" || |
462 |
s["rightrsasigkey"] == "0x00") ) |
462 |
s["rightrsasigkey"] == "0x00") ) |
Lines 476-482
Link Here
|
476 |
settings = type_flags |
476 |
settings = type_flags |
477 |
|
477 |
|
478 |
# BEGIN IPv6 |
478 |
# BEGIN IPv6 |
479 |
default("connaddrfamily", "ipv4") |
479 |
defaultconn("connaddrfamily", "ipv4") |
480 |
if (s["connaddrfamily"] == "ipv6") { |
480 |
if (s["connaddrfamily"] == "ipv6") { |
481 |
settings = settings " --ipv6" |
481 |
settings = settings " --ipv6" |
482 |
} else if (s["connaddrfamily"] != "ipv4") { |
482 |
} else if (s["connaddrfamily"] != "ipv4") { |