Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org --- src/functions/functions.ipsec | 9 +++++++++ 1 file changed, 9 insertions(+)
diff --git a/src/functions/functions.ipsec b/src/functions/functions.ipsec index ed889a6..a174a7f 100644 --- a/src/functions/functions.ipsec +++ b/src/functions/functions.ipsec @@ -729,3 +729,12 @@ ipsec_connection_destroy() { fi done } + +# List all ipsec connections +ipsec_list_connections() { + local connection + for connection in ${NETWORK_IPSEC_CONNS_DIR}/*; do + [ -d ${connection} ] || continue + basename ${connection} + done +}
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org --- src/functions/functions.vpn-security-policies | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
diff --git a/src/functions/functions.vpn-security-policies b/src/functions/functions.vpn-security-policies index 8bb9065..d17a155 100644 --- a/src/functions/functions.vpn-security-policies +++ b/src/functions/functions.vpn-security-policies @@ -1002,3 +1002,17 @@ vpn_security_policies_make_esp_proposal() { # Returns as a comma-separated list list_join proposals , } + +# List all security policies +vpn_security_policies_list_all() { + local security_policy + for security_policy in ${NETWORK_SHARE_DIR}/vpn/security-policies/*; do + [ -f ${security_policy} ] || continue + basename ${security_policy} + done + + for security_policy in ${NETWORK_CONFIG_DIR}/vpn/security-policies/*; do + [ -f ${security_policy} ] || continue + basename ${security_policy} + done +}
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org --- src/network | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/src/network b/src/network index 288f4be..9b74c88 100644 --- a/src/network +++ b/src/network @@ -1271,6 +1271,9 @@ cli_raw() { db-dump) db_dump ;; + ipsec-connection-exists) + ipsec_connection_exists $@ + ;; list-devices) device_list ;;
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org --- src/network | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/src/network b/src/network index 9b74c88..7c56496 100644 --- a/src/network +++ b/src/network @@ -1298,6 +1298,9 @@ cli_raw() { list-hooks) hook_list $@ ;; + list-ipsec-connections) + ipsec_list_connections + ;; list-ports) port_list ;;
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org --- src/network | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/src/network b/src/network index 7c56496..4e84471 100644 --- a/src/network +++ b/src/network @@ -1307,6 +1307,9 @@ cli_raw() { list-ports-of-zone) zone_get_ports $@ ;; + list-vpn-security-policies-all) + vpn_security_policies_list_all + ;; list-settings) network_settings_list ;;
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org --- src/bash-completion/network | 185 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 184 insertions(+), 1 deletion(-)
diff --git a/src/bash-completion/network b/src/bash-completion/network index 34d3f2f..4e392b9 100644 --- a/src/bash-completion/network +++ b/src/bash-completion/network @@ -340,6 +340,186 @@ _network_settings() { COMPREPLY=( $(compgen -W "${keys}" -- "${cur}") ) }
+_network_vpn() { + local words=( $@ ) + + local commands="ipsec" + local cmd="$(_network_find_on_cmdline "${commands}")" + if [[ -z "${cmd}" ]]; then + COMPREPLY=( $(compgen -W "${commands}" -- "${cur}") ) + return 0 + fi + + + local args="${words[@]:1}" + case "${cmd}" in + ipsec) + _network_vpn_ipsec ${args} + ;; + esac +} + +_network_vpn_ipsec() { + local words=( $@ ) + + local commands="connection" + local cmd="$(_network_find_on_cmdline "${commands}")" + if [[ -z "${cmd}" ]]; then + COMPREPLY=( $(compgen -W "${commands}" -- "${cur}") ) + return 0 + fi + + + local args="${words[@]:1}" + case "${cmd}" in + connection) + _network_vpn_ipsec_connection ${args} + ;; + esac +} + +_network_vpn_ipsec_connection() { + local words=( $@ ) + + local commands="destroy new $(network raw list-ipsec-connections)" + local cmd="$(_network_find_on_cmdline "${commands}")" + if [[ -z "${cmd}" ]]; then + COMPREPLY=( $(compgen -W "${commands}" -- "${cur}") ) + return 0 + fi + + + local args="${words[@]:1}" + case "${cmd}" in + destroy) + : + ;; + new) + : + ;; + *) + if network raw ipsec-connection-exists ${cmd}; then + _network_vpn_ipsec_connection_subcommands ${cmd} ${args} + fi + ;; + esac +} + +_network_vpn_ipsec_connection_subcommands() { + local connection=${1} + shift + local words=( $@ ) + + local commands="authentication inactivity-timout local mode peer remote security-policy show" + local cmd="$(_network_find_on_cmdline "${commands}")" + if [[ -z "${cmd}" ]]; then + COMPREPLY=( $(compgen -W "${commands}" -- "${cur}") ) + return 0 + fi + + + local args="${words[@]:1}" + case "${cmd}" in + authentication) + _network_vpn_ipsec_connection_subcommands_authentication ${connection} ${args} + ;; + local) + _network_vpn_ipsec_connection_subcommands_local_remote ${connection} "local" ${args} + ;; + mode) + _network_vpn_ipsec_connection_subcommands_mode ${args} + ;; + remote) + _network-vpn_ipsec_connection_subcommands_local_remote ${connection} "remote" ${args} + ;; + security-policy) + _network_vpn_ipsec_connection_subcommands_security_policy ${args} + ;; + esac +} + +_network_vpn_ipsec_connection_subcommands_authentication() { + local connection=${1} + shift + local words=( $@ ) + + local commands="psk mode" + local cmd="$(_network_find_on_cmdline "${commands}")" + if [[ -z "${cmd}" ]]; then + COMPREPLY=( $(compgen -W "${commands}" -- "${cur}") ) + return 0 + fi + + + local args="${words[@]:1}" + case "${cmd}" in + mode) + _network_vpn_ipsec_connection_subcommands_authentication_mode ${connection} ${args} + ;; + esac +} + +_network_vpn_ipsec_connection_subcommands_local_remote() { + local connection=${1} + local type=${2} + shift 2 + local words=( $@ ) + + local commands="id prefix" + local cmd="$(_network_find_on_cmdline "${commands}")" + if [[ -z "${cmd}" ]]; then + COMPREPLY=( $(compgen -W "${commands}" -- "${cur}") ) + return 0 + fi + + + local args="${words[@]:1}" + case "${cmd}" in + prefix) + _network_vpn_ipsec_connection_subcommands_prefix "${connection}" "${type}" ${args} + ;; + esac +} + +_network_vpn_ipsec_connection_subcommands_prefix() { + : +} + +_network_vpn_ipsec_connection_subcommands_authentication_mode() { + local connection=${1} + shift + local words=( $@ ) + + local commands="PSK" + local cmd="$(_network_find_on_cmdline "${commands}")" + if [[ -z "${cmd}" ]]; then + COMPREPLY=( $(compgen -W "${commands}" -- "${cur}") ) + return 0 + fi +} + +_network_vpn_ipsec_connection_subcommands_mode() { + local words=( $@ ) + + local commands="gre-transport tunnel vti" + local cmd="$(_network_find_on_cmdline "${commands}")" + if [[ -z "${cmd}" ]]; then + COMPREPLY=( $(compgen -W "${commands}" -- "${cur}") ) + return 0 + fi +} + +_network_vpn_ipsec_connection_subcommands_security_policy() { + local words=( $@ ) + + local commands="$(network raw list-vpn-security-policies-all)" + local cmd="$(_network_find_on_cmdline "${commands}")" + if [[ -z "${cmd}" ]]; then + COMPREPLY=( $(compgen -W "${commands}" -- "${cur}") ) + return 0 + fi +} + _network_zone() { local words=( $@ )
@@ -543,7 +723,7 @@ _network() { ;; *) COMPREPLY=( $(compgen -W "device dhcpv4 dhcpv6 dns-server \ - help hostname port reset route settings status zone" \ + help hostname port reset route settings status vpn zone" \ -- "${cur}") ) ;; esac @@ -575,6 +755,9 @@ _network() { # start, stop and status optionally take a zone _network_complete_zones ;; + vpn) + _network_vpn ${args} + ;; zone) _network_zone ${args} ;;
-
Jonatan Schlag