%PDF-
%PDF-
Mini Shell
Mini Shell
<model>
<mount>//OPNsense/Swanctl</mount>
<version>1.0.0</version>
<description>OPNsense IPsec Connections</description>
<items>
<Connections>
<Connection type=".\ConnnectionField">
<enabled type="BooleanField">
<Default>1</Default>
<Required>Y</Required>
</enabled>
<proposals type=".\IPsecProposalField">
<Default>default</Default>
<Required>Y</Required>
<Multiple>Y</Multiple>
<Phase>1</Phase>
</proposals>
<unique type="OptionField">
<Required>Y</Required>
<Default>no</Default>
<OptionValues>
<no>No (default)</no>
<never>Never</never>
<keep>Keep</keep>
<replace>Replace</replace>
</OptionValues>
</unique>
<aggressive type="BooleanField">
<Default>0</Default>
<Required>Y</Required>
</aggressive>
<version type="OptionField">
<Required>Y</Required>
<Default>0</Default>
<OptionValues>
<ike value="0">IKEv1+IKEv2</ike>
<ikev1 value="1">IKEv1</ikev1>
<ikev2 value="2">IKEv2</ikev2>
</OptionValues>
</version>
<mobike type="BooleanField">
<Default>1</Default>
<Required>Y</Required>
</mobike>
<local_addrs type=".\IKEAddressField"/>
<local_port type="OptionField">
<OptionValues>
<port500 value="">500 (default)</port500>
<port4500 value="4500">4500 (NAT-T)</port4500>
</OptionValues>
</local_port>
<remote_addrs type=".\IKEAddressField"/>
<remote_port type="OptionField">
<OptionValues>
<port500 value="">500 (default)</port500>
<port4500 value="4500">4500 (NAT-T)</port4500>
</OptionValues>
</remote_port>
<encap type="BooleanField">
<Default>0</Default>
<Required>Y</Required>
</encap>
<reauth_time type="IntegerField">
<MinimumValue>0</MinimumValue>
<MaximumValue>500000</MaximumValue>
</reauth_time>
<rekey_time type="IntegerField">
<MinimumValue>0</MinimumValue>
<MaximumValue>500000</MaximumValue>
</rekey_time>
<over_time type="IntegerField">
<MinimumValue>0</MinimumValue>
<MaximumValue>500000</MaximumValue>
</over_time>
<dpd_delay type="IntegerField">
<MinimumValue>0</MinimumValue>
<MaximumValue>500000</MaximumValue>
</dpd_delay>
<dpd_timeout type="IntegerField">
<MinimumValue>0</MinimumValue>
<MaximumValue>500000</MaximumValue>
</dpd_timeout>
<pools type=".\PoolsField">
<Multiple>Y</Multiple>
</pools>
<send_certreq type="BooleanField">
<Default>1</Default>
<Required>Y</Required>
</send_certreq>
<send_cert type="OptionField">
<BlankDesc>Default</BlankDesc>
<OptionValues>
<ifasked>If asked</ifasked>
<never>Never</never>
<always>Always</always>
</OptionValues>
</send_cert>
<keyingtries type="IntegerField">
<MinimumValue>0</MinimumValue>
<MaximumValue>1000</MaximumValue>
</keyingtries>
<description type="DescriptionField">
<Required>Y</Required>
</description>
</Connection>
</Connections>
<locals>
<local type="ArrayField">
<enabled type="BooleanField">
<Default>1</Default>
<Required>Y</Required>
</enabled>
<connection type="ModelRelationField">
<Model>
<host>
<source>OPNsense.IPsec.Swanctl</source>
<items>Connections.Connection</items>
<display>description</display>
</host>
</Model>
<Required>Y</Required>
</connection>
<round type="IntegerField">
<Required>Y</Required>
<MinimumValue>0</MinimumValue>
<MaximumValue>10</MaximumValue>
<Default>0</Default>
</round>
<auth type="OptionField">
<Required>Y</Required>
<Default>psk</Default>
<OptionValues>
<psk>Pre-Shared Key</psk>
<pubkey>Public Key</pubkey>
<eap_tls value="eap-tls">EAP TLS</eap_tls>
<eap_mschapv2 value="eap-mschapv2">EAP-MSCHAPv2</eap_mschapv2>
<xauth_pam value="xauth-pam">Xauth PAM</xauth_pam>
<eap_radius value="eap-radius">EAP RADIUS</eap_radius>
</OptionValues>
</auth>
<id type="TextField">
<Mask>/^([0-9a-zA-Z\.\-,_\:\=\@\%]){0,1024}$/u</Mask>
</id>
<eap_id type="TextField">
<Mask>/^([0-9a-zA-Z\.\-,_\:\=\@\%]){0,1024}$/u</Mask>
</eap_id>
<certs type="CertificateField">
<Multiple>Y</Multiple>
<ValidationMessage>Please select a valid certificate from the list</ValidationMessage>
</certs>
<pubkeys type="ModelRelationField">
<Model>
<host>
<source>OPNsense.IPsec.IPsec</source>
<items>keyPairs.keyPair</items>
<display>name</display>
</host>
</Model>
<Multiple>Y</Multiple>
</pubkeys>
<description type="DescriptionField"/>
</local>
</locals>
<remotes>
<remote type="ArrayField">
<enabled type="BooleanField">
<Default>1</Default>
<Required>Y</Required>
</enabled>
<connection type="ModelRelationField">
<Model>
<host>
<source>OPNsense.IPsec.Swanctl</source>
<items>Connections.Connection</items>
<display>description</display>
</host>
</Model>
<Required>Y</Required>
</connection>
<round type="IntegerField">
<Required>Y</Required>
<MinimumValue>0</MinimumValue>
<MaximumValue>10</MaximumValue>
<Default>0</Default>
</round>
<auth type="OptionField">
<Required>Y</Required>
<Default>psk</Default>
<OptionValues>
<psk>Pre-Shared Key</psk>
<pubkey>Public Key</pubkey>
<eap_tls value="eap-tls">EAP TLS</eap_tls>
<eap_mschapv2 value="eap-mschapv2">EAP-MSCHAPv2</eap_mschapv2>
<xauth_pam value="xauth-pam">Xauth PAM</xauth_pam>
<eap_radius value="eap-radius">EAP RADIUS</eap_radius>
</OptionValues>
</auth>
<id type="TextField">
<Mask>/^([0-9a-zA-Z\.\-,_\:\=\@\%]){0,1024}$/u</Mask>
</id>
<eap_id type="TextField">
<Mask>/^([0-9a-zA-Z\.\-,_\:\=\@\%]){0,1024}$/u</Mask>
</eap_id>
<groups type="AuthGroupField">
<Multiple>Y</Multiple>
</groups>
<certs type="CertificateField">
<Multiple>Y</Multiple>
<ValidationMessage>Please select a valid certificate from the list</ValidationMessage>
</certs>
<pubkeys type="ModelRelationField">
<Model>
<host>
<source>OPNsense.IPsec.IPsec</source>
<items>keyPairs.keyPair</items>
<display>name</display>
</host>
</Model>
<Multiple>Y</Multiple>
</pubkeys>
<!-- XXX add cacert field + logic in ipsec_write_cas -->
<description type="DescriptionField"/>
</remote>
</remotes>
<children>
<child type="ArrayField">
<enabled type="BooleanField">
<Default>1</Default>
<Required>Y</Required>
</enabled>
<connection type="ModelRelationField">
<Model>
<host>
<source>OPNsense.IPsec.Swanctl</source>
<items>Connections.Connection</items>
<display>description</display>
</host>
</Model>
<Required>Y</Required>
</connection>
<reqid type="IntegerField">
<MinimumValue>1</MinimumValue>
<MaximumValue>65535</MaximumValue>
</reqid>
<esp_proposals type=".\IPsecProposalField">
<Default>default</Default>
<Required>Y</Required>
<Multiple>Y</Multiple>
<Phase>2</Phase>
</esp_proposals>
<sha256_96 type="BooleanField">
<Default>0</Default>
<Required>Y</Required>
</sha256_96>
<start_action type="OptionField">
<Required>Y</Required>
<Default>start</Default>
<OptionValues>
<none>None</none>
<trap_start value="trap|start">Trap+start</trap_start>
<route>Route</route>
<start>Start</start>
<trap>Trap</trap>
</OptionValues>
</start_action>
<close_action type="OptionField">
<Required>Y</Required>
<Default>none</Default>
<OptionValues>
<none>None</none>
<trap>Trap</trap>
<start>Start</start>
</OptionValues>
</close_action>
<dpd_action type="OptionField">
<Required>Y</Required>
<Default>clear</Default>
<OptionValues>
<clear>Clear</clear>
<trap>Trap</trap>
<start>Start</start>
</OptionValues>
</dpd_action>
<mode type="OptionField">
<Required>Y</Required>
<Default>tunnel</Default>
<OptionValues>
<tunnel>Tunnel</tunnel>
<transport>Transport</transport>
<pass>Pass</pass>
<drop>Drop</drop>
</OptionValues>
</mode>
<policies type="BooleanField">
<Default>1</Default>
<Required>Y</Required>
</policies>
<local_ts type="NetworkField">
<FieldSeparator>,</FieldSeparator>
<asList>Y</asList>
<WildcardEnabled>N</WildcardEnabled>
</local_ts>
<remote_ts type="NetworkField">
<FieldSeparator>,</FieldSeparator>
<asList>Y</asList>
<WildcardEnabled>N</WildcardEnabled>
</remote_ts>
<rekey_time type="IntegerField">
<Default>3600</Default>
<MinimumValue>0</MinimumValue>
<MaximumValue>500000</MaximumValue>
<Required>Y</Required>
</rekey_time>
<description type="DescriptionField"/>
</child>
</children>
<Pools>
<Pool type="ArrayField">
<enabled type="BooleanField">
<Default>1</Default>
<Required>Y</Required>
</enabled>
<name type="TextField">
<Required>Y</Required>
<Mask>/^([0-9a-zA-Z\.,_\-:]){1,1024}$/u</Mask>
<Constraints>
<check001>
<ValidationMessage>Pool name must be unique.</ValidationMessage>
<type>UniqueConstraint</type>
</check001>
</Constraints>
</name>
<addrs type="NetworkField">
<Required>Y</Required>
<WildcardEnabled>N</WildcardEnabled>
<NetMaskRequired>Y</NetMaskRequired>
<ValidationMessage>Please specify a valid CIDR subnet.</ValidationMessage>
</addrs>
<dns type="NetworkField">
<FieldSeparator>,</FieldSeparator>
<NetMaskAllowed>N</NetMaskAllowed>
<WildcardEnabled>N</WildcardEnabled>
<AsList>Y</AsList>
<ValidationMessage>Entry is not a valid IPv4 or IPv6 address.</ValidationMessage>
</dns>
</Pool>
</Pools>
<VTIs>
<VTI type=".\VTIField">
<enabled type="BooleanField">
<Default>1</Default>
<Required>Y</Required>
</enabled>
<reqid type="IntegerField">
<MinimumValue>1</MinimumValue>
<MaximumValue>65535</MaximumValue>
<Required>Y</Required>
<Constraints>
<check001>
<ValidationMessage>Reqid must be unique.</ValidationMessage>
<type>UniqueConstraint</type>
</check001>
</Constraints>
</reqid>
<local type="NetworkField">
<NetMaskAllowed>N</NetMaskAllowed>
<WildcardEnabled>N</WildcardEnabled>
<ValidationMessage>Please specify a valid address.</ValidationMessage>
</local>
<remote type="NetworkField">
<NetMaskAllowed>N</NetMaskAllowed>
<WildcardEnabled>N</WildcardEnabled>
<ValidationMessage>Please specify a valid address.</ValidationMessage>
</remote>
<tunnel_local type="NetworkField">
<NetMaskAllowed>N</NetMaskAllowed>
<WildcardEnabled>N</WildcardEnabled>
<Required>Y</Required>
<ValidationMessage>Please specify a valid address.</ValidationMessage>
</tunnel_local>
<tunnel_remote type="NetworkField">
<NetMaskAllowed>N</NetMaskAllowed>
<WildcardEnabled>N</WildcardEnabled>
<Required>Y</Required>
<ValidationMessage>Please specify a valid address.</ValidationMessage>
</tunnel_remote>
<tunnel_local2 type="NetworkField">
<NetMaskAllowed>N</NetMaskAllowed>
<WildcardEnabled>N</WildcardEnabled>
<ValidationMessage>Please specify a valid address.</ValidationMessage>
</tunnel_local2>
<tunnel_remote2 type="NetworkField">
<NetMaskAllowed>N</NetMaskAllowed>
<WildcardEnabled>N</WildcardEnabled>
<ValidationMessage>Please specify a valid address.</ValidationMessage>
</tunnel_remote2>
<description type="DescriptionField"/>
</VTI>
</VTIs>
<SPDs>
<SPD type=".\SPDField">
<enabled type="BooleanField">
<Default>1</Default>
<Required>Y</Required>
</enabled>
<protocol type="OptionField">
<Required>Y</Required>
<Default>esp</Default>
<OptionValues>
<esp>ESP</esp>
<ah>AH</ah>
</OptionValues>
</protocol>
<reqid type="IntegerField">
<MinimumValue>1</MinimumValue>
<MaximumValue>65535</MaximumValue>
</reqid>
<connection_child type="ModelRelationField">
<Model>
<host>
<source>OPNsense.IPsec.Swanctl</source>
<items>children.child</items>
<display>connection,description</display>
<display_format>%s - %s</display_format>
</host>
</Model>
</connection_child>
<source type="NetworkField">
<Required>Y</Required>
<WildcardEnabled>N</WildcardEnabled>
</source>
<destination type="NetworkField">
<WildcardEnabled>N</WildcardEnabled>
</destination>
<description type="DescriptionField"/>
</SPD>
</SPDs>
</items>
</model>
Zerion Mini Shell 1.0