|
Lines 220-226
Link Here
|
| 220 |
if ((k in s) && s[k] != "yes" && s[k] != "no") |
220 |
if ((k in s) && s[k] != "yes" && s[k] != "no") |
| 221 |
fail("parameter " v(k) " must be \"yes\" or \"no\"") |
221 |
fail("parameter " v(k) " must be \"yes\" or \"no\"") |
| 222 |
} |
222 |
} |
| 223 |
function default(k, val) { |
223 |
function conndefault(k, val) { |
| 224 |
if (!(k in s)) |
224 |
if (!(k in s)) |
| 225 |
s[k] = val |
225 |
s[k] = val |
| 226 |
} |
226 |
} |
|
Lines 313-319
Link Here
|
| 313 |
if (!seensome) |
313 |
if (!seensome) |
| 314 |
fail("internal error, output called inappropriately") |
314 |
fail("internal error, output called inappropriately") |
| 315 |
|
315 |
|
| 316 |
default("type", "tunnel") |
316 |
conndefault("type", "tunnel") |
| 317 |
type_flags = "" |
317 |
type_flags = "" |
| 318 |
t = s["type"] |
318 |
t = s["type"] |
| 319 |
if (t == "tunnel") { |
319 |
if (t == "tunnel") { |
|
Lines 335-341
Link Here
|
| 335 |
} else |
335 |
} else |
| 336 |
fail("unknown type " v(t)) |
336 |
fail("unknown type " v(t)) |
| 337 |
|
337 |
|
| 338 |
default("failureshunt", "none") |
338 |
conndefault("failureshunt", "none") |
| 339 |
t = s["failureshunt"] |
339 |
t = s["failureshunt"] |
| 340 |
if (t == "passthrough") |
340 |
if (t == "passthrough") |
| 341 |
type_flags = type_flags " --failpass"; |
341 |
type_flags = type_flags " --failpass"; |
|
Lines 362-413
Link Here
|
| 362 |
nexthopset("right", drnexthop) |
362 |
nexthopset("right", drnexthop) |
| 363 |
} |
363 |
} |
| 364 |
|
364 |
|
| 365 |
default("keyexchange", "ike") |
365 |
conndefault("keyexchange", "ike") |
| 366 |
if (s["keyexchange"] != "ike") |
366 |
if (s["keyexchange"] != "ike") |
| 367 |
fail("only know how to do keyexchange=ike") |
367 |
fail("only know how to do keyexchange=ike") |
| 368 |
default("auth", "esp") |
368 |
conndefault("auth", "esp") |
| 369 |
if (("auth" in s) && s["auth"] != "esp" && s["auth"] != "ah") |
369 |
if (("auth" in s) && s["auth"] != "esp" && s["auth"] != "ah") |
| 370 |
fail("only know how to do auth=esp or auth=ah") |
370 |
fail("only know how to do auth=esp or auth=ah") |
| 371 |
|
371 |
|
| 372 |
yesno("pfs") |
372 |
yesno("pfs") |
| 373 |
default("pfs", "yes") |
373 |
conndefault("pfs", "yes") |
| 374 |
|
374 |
|
| 375 |
yesno("aggrmode") |
375 |
yesno("aggrmode") |
| 376 |
default("aggrmode", "no") |
376 |
conndefault("aggrmode", "no") |
| 377 |
|
377 |
|
| 378 |
duration("dpddelay") |
378 |
duration("dpddelay") |
| 379 |
duration("dpdtimeout") |
379 |
duration("dpdtimeout") |
| 380 |
if(("dpddelay" in s) && !("dpdtimeout" in s)) |
380 |
if(("dpddelay" in s) && !("dpdtimeout" in s)) |
| 381 |
default("dpdtimeout",120) |
381 |
conndefault("dpdtimeout",120) |
| 382 |
if(!("dpddelay" in s) && ("dpdtimeout" in s)) |
382 |
if(!("dpddelay" in s) && ("dpdtimeout" in s)) |
| 383 |
default("dpddelay",30) |
383 |
conndefault("dpddelay",30) |
| 384 |
default("dpdaction","hold") |
384 |
conndefault("dpdaction","hold") |
| 385 |
|
385 |
|
| 386 |
yesno("forceencaps") |
386 |
yesno("forceencaps") |
| 387 |
default("forceencaps", "no") |
387 |
conndefault("forceencaps", "no") |
| 388 |
yesno("xauth") |
388 |
yesno("xauth") |
| 389 |
default("xauth", "no") |
389 |
conndefault("xauth", "no") |
| 390 |
yesno("xauthserver") |
390 |
yesno("xauthserver") |
| 391 |
default("xauthserver", "no") |
391 |
conndefault("xauthserver", "no") |
| 392 |
yesno("xauthclient") |
392 |
yesno("xauthclient") |
| 393 |
default("xauthclient", "no") |
393 |
conndefault("xauthclient", "no") |
| 394 |
yesno("modecfgserver") |
394 |
yesno("modecfgserver") |
| 395 |
default("modecfgserver", "no") |
395 |
conndefault("modecfgserver", "no") |
| 396 |
yesno("modecfgclient") |
396 |
yesno("modecfgclient") |
| 397 |
default("modecfgclient", "no") |
397 |
conndefault("modecfgclient", "no") |
| 398 |
|
398 |
|
| 399 |
yesno("modecfgpull") |
399 |
yesno("modecfgpull") |
| 400 |
default("modecfgpull", "no") |
400 |
conndefault("modecfgpull", "no") |
| 401 |
|
401 |
|
| 402 |
yesno("compress") |
402 |
yesno("compress") |
| 403 |
default("compress", "no") |
403 |
conndefault("compress", "no") |
| 404 |
default("keylife", "8h") |
404 |
conndefault("keylife", "8h") |
| 405 |
duration("keylife") |
405 |
duration("keylife") |
| 406 |
yesno("rekey") |
406 |
yesno("rekey") |
| 407 |
default("rekey", "yes") |
407 |
conndefault("rekey", "yes") |
| 408 |
default("rekeymargin", "9m") |
408 |
conndefault("rekeymargin", "9m") |
| 409 |
duration("rekeymargin") |
409 |
duration("rekeymargin") |
| 410 |
default("keyingtries", "%forever") |
410 |
conndefault("keyingtries", "%forever") |
| 411 |
if (s["keyingtries"] == "%forever") |
411 |
if (s["keyingtries"] == "%forever") |
| 412 |
s["keyingtries"] = 0 |
412 |
s["keyingtries"] = 0 |
| 413 |
integer("keyingtries") |
413 |
integer("keyingtries") |
|
Lines 419-431
Link Here
|
| 419 |
integer("rekeyfuzz") |
419 |
integer("rekeyfuzz") |
| 420 |
} |
420 |
} |
| 421 |
duration("ikelifetime") |
421 |
duration("ikelifetime") |
| 422 |
default("disablearrivalcheck", "no") |
422 |
conndefault("disablearrivalcheck", "no") |
| 423 |
|
423 |
|
| 424 |
default("leftsendcert", "always") |
424 |
conndefault("leftsendcert", "always") |
| 425 |
default("rightsendcert", "always") |
425 |
conndefault("rightsendcert", "always") |
| 426 |
|
426 |
|
| 427 |
default("leftnexthop", "%direct") |
427 |
conndefault("leftnexthop", "%direct") |
| 428 |
default("rightnexthop", "%direct") |
428 |
conndefault("rightnexthop", "%direct") |
| 429 |
if (s["leftnexthop"] == s["left"]) |
429 |
if (s["leftnexthop"] == s["left"]) |
| 430 |
fail("left and leftnexthop must not be the same") |
430 |
fail("left and leftnexthop must not be the same") |
| 431 |
if (s["rightnexthop"] == s["right"]) |
431 |
if (s["rightnexthop"] == s["right"]) |
|
Lines 441-462
Link Here
|
| 441 |
s["rightnexthop"] = drnexthop |
441 |
s["rightnexthop"] = drnexthop |
| 442 |
} |
442 |
} |
| 443 |
|
443 |
|
| 444 |
default("leftupdown", "ipsec _updown") |
444 |
conndefault("leftupdown", "ipsec _updown") |
| 445 |
default("rightupdown", "ipsec _updown") |
445 |
conndefault("rightupdown", "ipsec _updown") |
| 446 |
default("authby", "rsasig") |
446 |
conndefault("authby", "rsasig") |
| 447 |
t = s["authby"] |
447 |
t = s["authby"] |
| 448 |
if (t == "rsasig" || t == "secret|rsasig" || t == "rsasig|secret") { |
448 |
if (t == "rsasig" || t == "secret|rsasig" || t == "rsasig|secret") { |
| 449 |
authtype = "--rsasig" |
449 |
authtype = "--rsasig" |
| 450 |
type_flags = "--encrypt " type_flags |
450 |
type_flags = "--encrypt " type_flags |
| 451 |
if (!("leftcert" in s)) { |
451 |
if (!("leftcert" in s)) { |
| 452 |
default("leftrsasigkey", "%dnsondemand") |
452 |
conndefault("leftrsasigkey", "%dnsondemand") |
| 453 |
if (id("left") == "%any" && |
453 |
if (id("left") == "%any" && |
| 454 |
!(s["leftrsasigkey"] == "%cert" || |
454 |
!(s["leftrsasigkey"] == "%cert" || |
| 455 |
s["leftrsasigkey"] == "0x00") ) |
455 |
s["leftrsasigkey"] == "0x00") ) |
| 456 |
fail("ID " v(id("left")) " cannot have RSA key") |
456 |
fail("ID " v(id("left")) " cannot have RSA key") |
| 457 |
} |
457 |
} |
| 458 |
if (!("rightcert" in s)) { |
458 |
if (!("rightcert" in s)) { |
| 459 |
default("rightrsasigkey", "%dnsondemand") |
459 |
conndefault("rightrsasigkey", "%dnsondemand") |
| 460 |
if (id("right") == "%any" && |
460 |
if (id("right") == "%any" && |
| 461 |
!(s["rightrsasigkey"] == "%cert" || |
461 |
!(s["rightrsasigkey"] == "%cert" || |
| 462 |
s["rightrsasigkey"] == "0x00") ) |
462 |
s["rightrsasigkey"] == "0x00") ) |
|
Lines 476-482
Link Here
|
| 476 |
settings = type_flags |
476 |
settings = type_flags |
| 477 |
|
477 |
|
| 478 |
# BEGIN IPv6 |
478 |
# BEGIN IPv6 |
| 479 |
default("connaddrfamily", "ipv4") |
479 |
conndefault("connaddrfamily", "ipv4") |
| 480 |
if (s["connaddrfamily"] == "ipv6") { |
480 |
if (s["connaddrfamily"] == "ipv6") { |
| 481 |
settings = settings " --ipv6" |
481 |
settings = settings " --ipv6" |
| 482 |
} else if (s["connaddrfamily"] != "ipv4") { |
482 |
} else if (s["connaddrfamily"] != "ipv4") { |
