crl_file = '/config/auth/r1.crl'
print (" NOTE: For this demo to succeed the following files "
"must exist on the '%s'\n"
" (empty files can be created for the sake of the demo):\n"
" %s\n"
" %s\n"
" %s\n"
" %s"
% (nodeName, ca_cert_file, srv_cert_file, crl_file, srv_key_file))
time.sleep(rundelay)
# -------------------------------------------------------------------------
# Encode VPN configuration options by using 'Vpn' object
# -------------------------------------------------------------------------
vpn = Vpn()
# -------------------------------------------------------------------------
# Create and configure Internet Key Exchange (IKE) group
# -------------------------------------------------------------------------
ike_grp_name = "IKE-1W"
proposal_num = 1
# Set the encryption cipher for proposal 1
# (enumeration: 'aes128', 'aes256', '3des')
encryption_cipher = 'aes256'
vpn.set_ipsec_ike_group_proposal_encryption(ike_grp_name, proposal_num,
encryption_cipher)
# Set the hash algorithm for proposal 1
# (enumeration: 'md5', 'sha1')
ca_cert_file = '/config/auth/ca.crt'
srv_cert_file = '/config/auth/r1.crt'
srv_key_file = '/config/auth/r1.key'
print(
" NOTE: For this demo to succeed the following files must exist on the '%s'\n"
" (empty files can be created for the sake of the demo):\n"
" %s\n"
" %s\n"
" %s" % (nodeName, ca_cert_file, srv_cert_file, srv_key_file))
time.sleep(rundelay)
#-------------------------------------------------------------------------
# Encode VPN configuration options by using 'Vpn' object
#-------------------------------------------------------------------------
vpn = Vpn()
#-------------------------------------------------------------------------
# Create and configure Internet Key Exchange (IKE) group
#-------------------------------------------------------------------------
ike_grp_name = "IKE-1W"
proposal_num = 1
# Set the encryption cipher for proposal 1
# (enumeration: 'aes128', 'aes256', '3des')
encryption_cipher = 'aes256'
vpn.set_ipsec_ike_group_proposal_encryption(ike_grp_name, proposal_num,
encryption_cipher)
# Set the hash algorithm for proposal 1
# (enumeration: 'md5', 'sha1')
l2tp_auth_mode, uname1, upswd1, uname2, upswd2, uname3, upswd3))
print(
" NOTE: For this demo to succeed the following files must exist on the '%s'\n"
" (empty files can be created for the sake of the demo):\n"
" %s\n"
" %s\n"
" %s\n"
" %s" %
(nodeName, ca_cert_file, srv_crt_file, crl_file, srv_key_file))
time.sleep(rundelay)
#-------------------------------------------------------------------------
# Encode VPN configuration options by using 'Vpn' object
#-------------------------------------------------------------------------
vpn = Vpn()
# This VPN configuration description
vpn.set_l2tp_remote_access_description(description)
# Enable NAT traversal (this is mandatory)
vpn.set_nat_traversal(nat_traversal)
# Set the allowed subnets
vpn.set_nat_allow_network(nat_allow_network)
# Bind the L2TP server to the external IP address
vpn.set_l2tp_remote_access_outside_address(external_ipaddr)
# Set the next hop IP address for reaching the VPN clients
vpn.set_l2tp_remote_access_outside_nexthop(nexthop_ipaddr)
)
print (" NOTE: For this demo to succeed the following files "
"must exist on the '%s'\n"
" (empty files can be created for the sake of the demo):\n"
" %s\n"
" %s\n"
" %s\n"
" %s"
% (nodeName, ca_cert_file, srv_crt_file, crl_file, srv_key_file))
time.sleep(rundelay)
# -------------------------------------------------------------------------
# Encode VPN configuration options by using 'Vpn' object
# -------------------------------------------------------------------------
vpn = Vpn()
# This VPN configuration description
vpn.set_l2tp_remote_access_description(description)
# Enable NAT traversal (this is mandatory)
vpn.set_nat_traversal(nat_traversal)
# Set the allowed subnets
vpn.set_nat_allow_network(nat_allow_network)
# Bind the L2TP server to the external IP address
vpn.set_l2tp_remote_access_outside_address(external_ipaddr)
# Set the next hop IP address for reaching the VPN clients
vpn.set_l2tp_remote_access_outside_nexthop(nexthop_ipaddr)
l2tp_auth_mode,
uname1, upswd1,
uname2, upswd2,
uname3, upswd3,
dns_srv1, dns_srv2,
wins_srv1, wins_srv2,
mtu
)
)
time.sleep(rundelay)
# -------------------------------------------------------------------------
# Encode VPN configuration options by using 'Vpn' object
# -------------------------------------------------------------------------
vpn = Vpn()
# This VPN configuration description
vpn.set_l2tp_remote_access_description(description)
# Enable NAT traversal
vpn.set_nat_traversal(nat_traversal)
# Set the allowed subnets
vpn.set_nat_allow_network(nat_allow_network)
# Bind the L2TP server to the external IP address
vpn.set_l2tp_remote_access_outside_address(external_ipaddr)
# Set the next hop IP address for reaching the VPN clients
vpn.set_l2tp_remote_access_outside_nexthop(nexthop_ipaddr)
print ("!!!Demo terminated, reason: %s" % status.detailed())
ctrl.delete_netconf_node(vrouter)
exit(0)
print "\n"
print (">>> Create new VPN configuration on the '%s'" % (nodeName))
time.sleep(rundelay)
#-------------------------------------------------------------------------
# Encode VPN configuration options by using 'Vpn' object
#-------------------------------------------------------------------------
vpn = Vpn()
#-------------------------------------------------------------------------
# Create and configure Internet Key Exchange (IKE) group
#-------------------------------------------------------------------------
ike_grp_name = "IKE-1W"
proposal_num = 1
# Set the encryption cipher for proposal 1
# (enumeration: 'aes128', 'aes256', '3des')
encryption_cipher = 'aes256'
vpn.set_ipsec_ike_group_proposal_encryption(ike_grp_name, proposal_num, encryption_cipher)
# Set the hash algorithm for proposal 1
# (enumeration: 'md5', 'sha1')
hash_algorith = 'sha1'
uname2, upswd2,
uname3, upswd3,
dns_srv1, dns_srv2,
wins_srv1, wins_srv2,
mtu
)
)
time.sleep(rundelay)
#-------------------------------------------------------------------------
# Encode VPN configuration options by using 'Vpn' object
#-------------------------------------------------------------------------
vpn = Vpn()
# This VPN configuration description
vpn.set_l2tp_remote_access_description(description)
# Enable NAT traversal
vpn.set_nat_traversal(nat_traversal)
# Set the allowed subnets
vpn.set_nat_allow_network(nat_allow_network)
# Bind the L2TP server to the external IP address
vpn.set_l2tp_remote_access_outside_address(external_ipaddr)
# Set the next hop IP address for reaching the VPN clients
vpn.set_l2tp_remote_access_outside_nexthop(nexthop_ipaddr)