Example 1 with IpsecProposal
use of org.batfish.datamodel.IpsecProposal in project batfish by batfish.
the class CiscoControlPlaneExtractor method enterCip_transform_set.
@Override
public void enterCip_transform_set(Cip_transform_setContext ctx) {
if (_currentIpsecTransformSet != null) {
throw new BatfishException("IpsecTransformSet should be null!");
}
_currentIpsecTransformSet = new IpsecTransformSet(ctx.name.getText(), ctx.getStart().getLine());
IpsecProposal proposal = _currentIpsecTransformSet.getProposal();
proposal.setEncryptionAlgorithm(toEncryptionAlgorithm(ctx.ipsec_encryption()));
proposal.setAuthenticationAlgorithm(toIpsecAuthenticationAlgorithm(ctx.ipsec_authentication()));
proposal.setProtocol(toProtocol(ctx.ipsec_authentication()));
}
Also used :
BatfishException(org.batfish.common.BatfishException)
RedFlagBatfishException(org.batfish.common.RedFlagBatfishException)
IpsecTransformSet(org.batfish.representation.cisco.IpsecTransformSet)
IpsecProposal(org.batfish.datamodel.IpsecProposal)
Example 2 with IpsecProposal
use of org.batfish.datamodel.IpsecProposal in project batfish by batfish.
the class VpnConnection method applyToVpnGateway.
public void applyToVpnGateway(AwsConfiguration awsConfiguration, Region region, Warnings warnings) {
if (!awsConfiguration.getConfigurationNodes().containsKey(_vpnGatewayId)) {
warnings.redFlag(String.format("VPN Gateway \"%s\" referred by VPN connection \"%s\" not found", _vpnGatewayId, _vpnConnectionId));
return;
}
Configuration vpnGatewayCfgNode = awsConfiguration.getConfigurationNodes().get(_vpnGatewayId);
for (int i = 0; i < _ipsecTunnels.size(); i++) {
int idNum = i + 1;
String vpnId = _vpnConnectionId + "-" + idNum;
IpsecTunnel ipsecTunnel = _ipsecTunnels.get(i);
if (ipsecTunnel.getCgwBgpAsn() != -1 && (_staticRoutesOnly || _routes.size() != 0)) {
throw new BatfishException("Unexpected combination of BGP and static routes for VPN connection: \"" + _vpnConnectionId + "\"");
}
// create representation structures and add to configuration node
IpsecVpn ipsecVpn = new IpsecVpn(vpnId, vpnGatewayCfgNode);
vpnGatewayCfgNode.getIpsecVpns().put(vpnId, ipsecVpn);
IpsecPolicy ipsecPolicy = new IpsecPolicy(vpnId);
vpnGatewayCfgNode.getIpsecPolicies().put(vpnId, ipsecPolicy);
ipsecVpn.setIpsecPolicy(ipsecPolicy);
IpsecProposal ipsecProposal = new IpsecProposal(vpnId, -1);
vpnGatewayCfgNode.getIpsecProposals().put(vpnId, ipsecProposal);
ipsecPolicy.getProposals().put(vpnId, ipsecProposal);
IkeGateway ikeGateway = new IkeGateway(vpnId);
vpnGatewayCfgNode.getIkeGateways().put(vpnId, ikeGateway);
ipsecVpn.setIkeGateway(ikeGateway);
IkePolicy ikePolicy = new IkePolicy(vpnId);
vpnGatewayCfgNode.getIkePolicies().put(vpnId, ikePolicy);
ikeGateway.setIkePolicy(ikePolicy);
IkeProposal ikeProposal = new IkeProposal(vpnId, -1);
vpnGatewayCfgNode.getIkeProposals().put(vpnId, ikeProposal);
ikePolicy.getProposals().put(vpnId, ikeProposal);
String externalInterfaceName = "external" + idNum;
InterfaceAddress externalInterfaceAddress = new InterfaceAddress(ipsecTunnel.getVgwOutsideAddress(), Prefix.MAX_PREFIX_LENGTH);
Interface externalInterface = Utils.newInterface(externalInterfaceName, vpnGatewayCfgNode, externalInterfaceAddress);
String vpnInterfaceName = "vpn" + idNum;
InterfaceAddress vpnInterfaceAddress = new InterfaceAddress(ipsecTunnel.getVgwInsideAddress(), ipsecTunnel.getVgwInsidePrefixLength());
Interface vpnInterface = Utils.newInterface(vpnInterfaceName, vpnGatewayCfgNode, vpnInterfaceAddress);
// Set fields within representation structures
// ipsec
ipsecVpn.setBindInterface(vpnInterface);
ipsecPolicy.setPfsKeyGroup(toDiffieHellmanGroup(ipsecTunnel.getIpsecPerfectForwardSecrecy()));
ipsecProposal.setAuthenticationAlgorithm(toIpsecAuthenticationAlgorithm(ipsecTunnel.getIpsecAuthProtocol()));
ipsecProposal.setEncryptionAlgorithm(toEncryptionAlgorithm(ipsecTunnel.getIpsecEncryptionProtocol()));
ipsecProposal.setProtocol(toIpsecProtocol(ipsecTunnel.getIpsecProtocol()));
ipsecProposal.setLifetimeSeconds(ipsecTunnel.getIpsecLifetime());
// ike
ikeGateway.setExternalInterface(externalInterface);
ikeGateway.setAddress(ipsecTunnel.getCgwOutsideAddress());
ikeGateway.setLocalIp(externalInterface.getAddress().getIp());
if (ipsecTunnel.getIkePreSharedKeyHash() != null) {
ikePolicy.setPreSharedKeyHash(ipsecTunnel.getIkePreSharedKeyHash());
ikeProposal.setAuthenticationMethod(IkeAuthenticationMethod.PRE_SHARED_KEYS);
}
ikeProposal.setAuthenticationAlgorithm(toIkeAuthenticationAlgorithm(ipsecTunnel.getIkeAuthProtocol()));
ikeProposal.setDiffieHellmanGroup(toDiffieHellmanGroup(ipsecTunnel.getIkePerfectForwardSecrecy()));
ikeProposal.setEncryptionAlgorithm(toEncryptionAlgorithm(ipsecTunnel.getIkeEncryptionProtocol()));
ikeProposal.setLifetimeSeconds(ipsecTunnel.getIkeLifetime());
// bgp (if configured)
if (ipsecTunnel.getVgwBgpAsn() != -1) {
BgpProcess proc = vpnGatewayCfgNode.getDefaultVrf().getBgpProcess();
if (proc == null) {
proc = new BgpProcess();
proc.setRouterId(ipsecTunnel.getVgwInsideAddress());
proc.setMultipathEquivalentAsPathMatchMode(MultipathEquivalentAsPathMatchMode.EXACT_PATH);
vpnGatewayCfgNode.getDefaultVrf().setBgpProcess(proc);
}
BgpNeighbor cgBgpNeighbor = new BgpNeighbor(ipsecTunnel.getCgwInsideAddress(), vpnGatewayCfgNode);
cgBgpNeighbor.setVrf(Configuration.DEFAULT_VRF_NAME);
proc.getNeighbors().put(cgBgpNeighbor.getPrefix(), cgBgpNeighbor);
cgBgpNeighbor.setRemoteAs(ipsecTunnel.getCgwBgpAsn());
cgBgpNeighbor.setLocalAs(ipsecTunnel.getVgwBgpAsn());
cgBgpNeighbor.setLocalIp(ipsecTunnel.getVgwInsideAddress());
cgBgpNeighbor.setDefaultMetric(BGP_NEIGHBOR_DEFAULT_METRIC);
cgBgpNeighbor.setSendCommunity(false);
VpnGateway vpnGateway = region.getVpnGateways().get(_vpnGatewayId);
List<String> attachmentVpcIds = vpnGateway.getAttachmentVpcIds();
if (attachmentVpcIds.size() != 1) {
throw new BatfishException("Not sure what routes to advertise since VPN Gateway: \"" + _vpnGatewayId + "\" for VPN connection: \"" + _vpnConnectionId + "\" is linked to multiple VPCs");
}
String vpcId = attachmentVpcIds.get(0);
// iBGP connection to VPC
Configuration vpcNode = awsConfiguration.getConfigurationNodes().get(vpcId);
Ip vpcIfaceAddress = vpcNode.getInterfaces().get(_vpnGatewayId).getAddress().getIp();
Ip vgwToVpcIfaceAddress = vpnGatewayCfgNode.getInterfaces().get(vpcId).getAddress().getIp();
BgpNeighbor vgwToVpcBgpNeighbor = new BgpNeighbor(vpcIfaceAddress, vpnGatewayCfgNode);
proc.getNeighbors().put(vgwToVpcBgpNeighbor.getPrefix(), vgwToVpcBgpNeighbor);
vgwToVpcBgpNeighbor.setVrf(Configuration.DEFAULT_VRF_NAME);
vgwToVpcBgpNeighbor.setLocalAs(ipsecTunnel.getVgwBgpAsn());
vgwToVpcBgpNeighbor.setLocalIp(vgwToVpcIfaceAddress);
vgwToVpcBgpNeighbor.setRemoteAs(ipsecTunnel.getVgwBgpAsn());
vgwToVpcBgpNeighbor.setDefaultMetric(BGP_NEIGHBOR_DEFAULT_METRIC);
vgwToVpcBgpNeighbor.setSendCommunity(true);
// iBGP connection from VPC
BgpNeighbor vpcToVgwBgpNeighbor = new BgpNeighbor(vgwToVpcIfaceAddress, vpcNode);
BgpProcess vpcProc = new BgpProcess();
vpcNode.getDefaultVrf().setBgpProcess(vpcProc);
vpcProc.setMultipathEquivalentAsPathMatchMode(MultipathEquivalentAsPathMatchMode.EXACT_PATH);
vpcProc.setRouterId(vpcIfaceAddress);
vpcProc.getNeighbors().put(vpcToVgwBgpNeighbor.getPrefix(), vpcToVgwBgpNeighbor);
vpcToVgwBgpNeighbor.setVrf(Configuration.DEFAULT_VRF_NAME);
vpcToVgwBgpNeighbor.setLocalAs(ipsecTunnel.getVgwBgpAsn());
vpcToVgwBgpNeighbor.setLocalIp(vpcIfaceAddress);
vpcToVgwBgpNeighbor.setRemoteAs(ipsecTunnel.getVgwBgpAsn());
vpcToVgwBgpNeighbor.setDefaultMetric(BGP_NEIGHBOR_DEFAULT_METRIC);
vpcToVgwBgpNeighbor.setSendCommunity(true);
String rpRejectAllName = "~REJECT_ALL~";
String rpAcceptAllEbgpAndSetNextHopSelfName = "~ACCEPT_ALL_EBGP_AND_SET_NEXT_HOP_SELF~";
If acceptIffEbgp = new If();
acceptIffEbgp.setGuard(new MatchProtocol(RoutingProtocol.BGP));
acceptIffEbgp.setTrueStatements(ImmutableList.of(Statements.ExitAccept.toStaticStatement()));
acceptIffEbgp.setFalseStatements(ImmutableList.of(Statements.ExitReject.toStaticStatement()));
RoutingPolicy vgwRpAcceptAllBgp = new RoutingPolicy(rpAcceptAllEbgpAndSetNextHopSelfName, vpnGatewayCfgNode);
vpnGatewayCfgNode.getRoutingPolicies().put(vgwRpAcceptAllBgp.getName(), vgwRpAcceptAllBgp);
vgwRpAcceptAllBgp.setStatements(ImmutableList.of(new SetNextHop(new SelfNextHop(), false), acceptIffEbgp));
vgwToVpcBgpNeighbor.setExportPolicy(rpAcceptAllEbgpAndSetNextHopSelfName);
RoutingPolicy vgwRpRejectAll = new RoutingPolicy(rpRejectAllName, vpnGatewayCfgNode);
vpnGatewayCfgNode.getRoutingPolicies().put(rpRejectAllName, vgwRpRejectAll);
vgwToVpcBgpNeighbor.setImportPolicy(rpRejectAllName);
String rpAcceptAllName = "~ACCEPT_ALL~";
RoutingPolicy vpcRpAcceptAll = new RoutingPolicy(rpAcceptAllName, vpcNode);
vpcNode.getRoutingPolicies().put(rpAcceptAllName, vpcRpAcceptAll);
vpcRpAcceptAll.setStatements(ImmutableList.of(Statements.ExitAccept.toStaticStatement()));
vpcToVgwBgpNeighbor.setImportPolicy(rpAcceptAllName);
RoutingPolicy vpcRpRejectAll = new RoutingPolicy(rpRejectAllName, vpcNode);
vpcNode.getRoutingPolicies().put(rpRejectAllName, vpcRpRejectAll);
vpcToVgwBgpNeighbor.setExportPolicy(rpRejectAllName);
Vpc vpc = region.getVpcs().get(vpcId);
String originationPolicyName = vpnId + "_origination";
RoutingPolicy originationRoutingPolicy = new RoutingPolicy(originationPolicyName, vpnGatewayCfgNode);
vpnGatewayCfgNode.getRoutingPolicies().put(originationPolicyName, originationRoutingPolicy);
cgBgpNeighbor.setExportPolicy(originationPolicyName);
If originationIf = new If();
List<Statement> statements = originationRoutingPolicy.getStatements();
statements.add(originationIf);
statements.add(Statements.ExitReject.toStaticStatement());
originationIf.getTrueStatements().add(new SetOrigin(new LiteralOrigin(OriginType.IGP, null)));
originationIf.getTrueStatements().add(Statements.ExitAccept.toStaticStatement());
RouteFilterList originationRouteFilter = new RouteFilterList(originationPolicyName);
vpnGatewayCfgNode.getRouteFilterLists().put(originationPolicyName, originationRouteFilter);
vpc.getCidrBlockAssociations().forEach(prefix -> {
RouteFilterLine matchOutgoingPrefix = new RouteFilterLine(LineAction.ACCEPT, prefix, new SubRange(prefix.getPrefixLength(), prefix.getPrefixLength()));
originationRouteFilter.addLine(matchOutgoingPrefix);
});
Conjunction conj = new Conjunction();
originationIf.setGuard(conj);
conj.getConjuncts().add(new MatchProtocol(RoutingProtocol.STATIC));
conj.getConjuncts().add(new MatchPrefixSet(new DestinationNetwork(), new NamedPrefixSet(originationPolicyName)));
}
// static routes (if configured)
for (Prefix staticRoutePrefix : _routes) {
StaticRoute staticRoute = StaticRoute.builder().setNetwork(staticRoutePrefix).setNextHopIp(ipsecTunnel.getCgwInsideAddress()).setAdministrativeCost(Route.DEFAULT_STATIC_ROUTE_ADMIN).setMetric(Route.DEFAULT_STATIC_ROUTE_COST).build();
vpnGatewayCfgNode.getDefaultVrf().getStaticRoutes().add(staticRoute);
}
}
}
Also used :
IpsecVpn(org.batfish.datamodel.IpsecVpn)
Configuration(org.batfish.datamodel.Configuration)
BgpProcess(org.batfish.datamodel.BgpProcess)
LiteralOrigin(org.batfish.datamodel.routing_policy.expr.LiteralOrigin)
NamedPrefixSet(org.batfish.datamodel.routing_policy.expr.NamedPrefixSet)
Ip(org.batfish.datamodel.Ip)
Prefix(org.batfish.datamodel.Prefix)
SelfNextHop(org.batfish.datamodel.routing_policy.expr.SelfNextHop)
BgpNeighbor(org.batfish.datamodel.BgpNeighbor)
IpsecProposal(org.batfish.datamodel.IpsecProposal)
Conjunction(org.batfish.datamodel.routing_policy.expr.Conjunction)
SubRange(org.batfish.datamodel.SubRange)
SetNextHop(org.batfish.datamodel.routing_policy.statement.SetNextHop)
RouteFilterLine(org.batfish.datamodel.RouteFilterLine)
IkeProposal(org.batfish.datamodel.IkeProposal)
BatfishException(org.batfish.common.BatfishException)
StaticRoute(org.batfish.datamodel.StaticRoute)
InterfaceAddress(org.batfish.datamodel.InterfaceAddress)
Statement(org.batfish.datamodel.routing_policy.statement.Statement)
MatchPrefixSet(org.batfish.datamodel.routing_policy.expr.MatchPrefixSet)
SetOrigin(org.batfish.datamodel.routing_policy.statement.SetOrigin)
RoutingPolicy(org.batfish.datamodel.routing_policy.RoutingPolicy)
MatchProtocol(org.batfish.datamodel.routing_policy.expr.MatchProtocol)
DestinationNetwork(org.batfish.datamodel.routing_policy.expr.DestinationNetwork)
IpsecPolicy(org.batfish.datamodel.IpsecPolicy)
IkeGateway(org.batfish.datamodel.IkeGateway)
RouteFilterList(org.batfish.datamodel.RouteFilterList)
IkePolicy(org.batfish.datamodel.IkePolicy)
If(org.batfish.datamodel.routing_policy.statement.If)
Interface(org.batfish.datamodel.Interface)
Example 3 with IpsecProposal
use of org.batfish.datamodel.IpsecProposal in project batfish by batfish.
the class VyosConfiguration method convertVpns.
private void convertVpns() {
for (Entry<Ip, IpsecPeer> ipsecPeerEntry : _ipsecPeers.entrySet()) {
// create ipsecvpn and ikegateway to correspond roughly to vyos ipsec
// site-to-site peer
Ip peerAddress = ipsecPeerEntry.getKey();
IpsecPeer ipsecPeer = ipsecPeerEntry.getValue();
String newIpsecVpnName = peerAddress.toString();
String newIkeGatewayName = newIpsecVpnName;
IpsecVpn newIpsecVpn = new IpsecVpn(newIpsecVpnName, _c);
_c.getIpsecVpns().put(newIpsecVpnName, newIpsecVpn);
IkeGateway newIkeGateway = new IkeGateway(newIkeGatewayName);
_c.getIkeGateways().put(newIkeGatewayName, newIkeGateway);
newIpsecVpn.setIkeGateway(newIkeGateway);
newIkeGateway.setLocalId(ipsecPeer.getAuthenticationId());
newIkeGateway.setRemoteId(ipsecPeer.getAuthenticationRemoteId());
newIkeGateway.setAddress(peerAddress);
Ip localAddress = ipsecPeer.getLocalAddress();
org.batfish.datamodel.Interface externalInterface = _ipToInterfaceMap.get(localAddress);
if (externalInterface == null) {
_w.redFlag("Could not determine external interface for vpn \"" + newIpsecVpnName + "\" from local-address: " + localAddress);
} else {
newIkeGateway.setExternalInterface(externalInterface);
}
// bind interface
String bindInterfaceName = ipsecPeer.getBindInterface();
org.batfish.datamodel.Interface newBindInterface = _c.getDefaultVrf().getInterfaces().get(bindInterfaceName);
if (newBindInterface != null) {
Interface bindInterface = _interfaces.get(bindInterfaceName);
bindInterface.getReferers().put(ipsecPeer, "bind interface for site-to-site peer \"" + newIpsecVpnName + "\"");
newIpsecVpn.setBindInterface(newBindInterface);
} else {
_w.redFlag("Reference to undefined bind-interface: \"" + bindInterfaceName + "\"");
}
// convert the referenced ike group
String ikeGroupName = ipsecPeer.getIkeGroup();
IkeGroup ikeGroup = _ikeGroups.get(ikeGroupName);
if (ikeGroup == null) {
_w.redFlag("Reference to undefined ike-group: \"" + ikeGroupName + "\"");
} else {
ikeGroup.getReferers().put(ipsecPeer, "ike group for site-to-site peer: \"" + newIpsecVpnName + "\"");
IkePolicy newIkePolicy = new IkePolicy(ikeGroupName);
_c.getIkePolicies().put(ikeGroupName, newIkePolicy);
newIkeGateway.setIkePolicy(newIkePolicy);
newIkePolicy.setPreSharedKeyHash(ipsecPeer.getAuthenticationPreSharedSecretHash());
// convert contained ike proposals
for (Entry<Integer, IkeProposal> ikeProposalEntry : ikeGroup.getProposals().entrySet()) {
String newIkeProposalName = ikeGroupName + ":" + Integer.toString(ikeProposalEntry.getKey());
IkeProposal ikeProposal = ikeProposalEntry.getValue();
org.batfish.datamodel.IkeProposal newIkeProposal = new org.batfish.datamodel.IkeProposal(newIkeProposalName, -1);
_c.getIkeProposals().put(newIkeProposalName, newIkeProposal);
newIkePolicy.getProposals().put(newIkeProposalName, newIkeProposal);
newIkeProposal.setDiffieHellmanGroup(ikeProposal.getDhGroup());
newIkeProposal.setEncryptionAlgorithm(ikeProposal.getEncryptionAlgorithm());
newIkeProposal.setLifetimeSeconds(ikeGroup.getLifetimeSeconds());
newIkeProposal.setAuthenticationAlgorithm(ikeProposal.getHashAlgorithm().toIkeAuthenticationAlgorithm());
newIkeProposal.setAuthenticationMethod(ipsecPeer.getAuthenticationMode());
}
}
// convert the referenced esp group
String espGroupName = ipsecPeer.getEspGroup();
EspGroup espGroup = _espGroups.get(espGroupName);
if (espGroup == null) {
_w.redFlag("Reference to undefined esp-group: \"" + espGroupName + "\"");
} else {
espGroup.getReferers().put(ipsecPeer, "esp-group for ipsec site-to-site peer: \"" + newIpsecVpnName + "\"");
IpsecPolicy newIpsecPolicy = new IpsecPolicy(espGroupName);
_c.getIpsecPolicies().put(espGroupName, newIpsecPolicy);
newIpsecVpn.setIpsecPolicy(newIpsecPolicy);
if (espGroup.getPfsSource() == null) {
espGroup.setPfsSource(PfsSource.IKE_GROUP);
}
switch(espGroup.getPfsSource()) {
case DISABLED:
break;
case ESP_GROUP:
newIpsecPolicy.setPfsKeyGroup(espGroup.getPfsDhGroup());
break;
case IKE_GROUP:
newIpsecPolicy.setPfsKeyGroupDynamicIke(true);
break;
default:
throw new BatfishException("Invalid pfs source");
}
// convert contained esp proposals
for (Entry<Integer, EspProposal> espProposalEntry : espGroup.getProposals().entrySet()) {
String newIpsecProposalName = espGroupName + ":" + Integer.toString(espProposalEntry.getKey());
EspProposal espProposal = espProposalEntry.getValue();
IpsecProposal newIpsecProposal = new IpsecProposal(newIpsecProposalName, -1);
_c.getIpsecProposals().put(newIpsecProposalName, newIpsecProposal);
newIpsecPolicy.getProposals().put(newIpsecProposalName, newIpsecProposal);
newIpsecProposal.setAuthenticationAlgorithm(espProposal.getHashAlgorithm().toIpsecAuthenticationAlgorithm());
newIpsecProposal.setEncryptionAlgorithm(espProposal.getEncryptionAlgorithm());
newIpsecProposal.setLifetimeSeconds(espGroup.getLifetimeSeconds());
newIpsecProposal.setProtocol(IpsecProtocol.ESP);
}
}
}
}
Also used :
IpsecVpn(org.batfish.datamodel.IpsecVpn)
BatfishException(org.batfish.common.BatfishException)
Ip(org.batfish.datamodel.Ip)
IpsecProposal(org.batfish.datamodel.IpsecProposal)
IkeGateway(org.batfish.datamodel.IkeGateway)
IpsecPolicy(org.batfish.datamodel.IpsecPolicy)
IkePolicy(org.batfish.datamodel.IkePolicy)
Example 4 with IpsecProposal
use of org.batfish.datamodel.IpsecProposal in project batfish by batfish.
the class IpsecVpnStatusAnswererTest method createIpsecVpn.
private static IpsecVpn createIpsecVpn(String name, IkeProposal ikeProposal, IpsecProposal ipsecProposal, String pskHash) {
IpsecVpn ipsecVpn = new IpsecVpn(name);
ipsecVpn.setOwner(new Configuration(name, ConfigurationFormat.UNKNOWN));
IkeGateway ikeGw = new IkeGateway(name + "-ikeGw");
ipsecVpn.setIkeGateway(ikeGw);
IkePolicy ikePolicy = new IkePolicy(name + "-ikePolicy");
ikeGw.setIkePolicy(ikePolicy);
SortedMap<String, IkeProposal> ikeProposalMap = new TreeMap<>();
ikeProposalMap.put(name + "-ikeproposal", ikeProposal);
ikePolicy.setProposals(ikeProposalMap);
ikePolicy.setPreSharedKeyHash(pskHash);
IpsecPolicy ipsecPolicy = new IpsecPolicy(name + "-ipsecpolicy");
ipsecVpn.setIpsecPolicy(ipsecPolicy);
SortedMap<String, IpsecProposal> ipsecProposalMap = new TreeMap<>();
ipsecProposalMap.put(name + "-ipsecproposal", ipsecProposal);
ipsecPolicy.setProposals(ipsecProposalMap);
return ipsecVpn;
}
Also used :
IpsecVpn(org.batfish.datamodel.IpsecVpn)
IkeProposal(org.batfish.datamodel.IkeProposal)
IpsecProposal(org.batfish.datamodel.IpsecProposal)
Configuration(org.batfish.datamodel.Configuration)
IkeGateway(org.batfish.datamodel.IkeGateway)
IpsecPolicy(org.batfish.datamodel.IpsecPolicy)
IkePolicy(org.batfish.datamodel.IkePolicy)
TreeMap(java.util.TreeMap)
Example 5 with IpsecProposal
use of org.batfish.datamodel.IpsecProposal in project batfish by batfish.
the class JuniperConfiguration method toIpsecPolicy.
private org.batfish.datamodel.IpsecPolicy toIpsecPolicy(IpsecPolicy oldIpsecPolicy) {
String name = oldIpsecPolicy.getName();
org.batfish.datamodel.IpsecPolicy newIpsecPolicy = new org.batfish.datamodel.IpsecPolicy(name);
// ipsec proposals
oldIpsecPolicy.getProposals().forEach((ipsecProposalName, ipsecProposalLine) -> {
IpsecProposal ipsecProposal = _c.getIpsecProposals().get(ipsecProposalName);
if (ipsecProposal == null) {
undefined(JuniperStructureType.IPSEC_PROPOSAL, ipsecProposalName, JuniperStructureUsage.IPSEC_POLICY_IPSEC_PROPOSAL, ipsecProposalLine);
} else {
_ipsecProposals.get(ipsecProposalName).getReferers().put(oldIpsecPolicy, "IPSEC proposal for IPSEC policy: " + oldIpsecPolicy);
newIpsecPolicy.getProposals().put(ipsecProposalName, ipsecProposal);
}
});
// perfect-forward-secrecy diffie-hellman key group
newIpsecPolicy.setPfsKeyGroup(oldIpsecPolicy.getPfsKeyGroup());
return newIpsecPolicy;
}
Also used :
IpsecProposal(org.batfish.datamodel.IpsecProposal)
Aggregations
IpsecProposal (org.batfish.datamodel.IpsecProposal)6
BatfishException (org.batfish.common.BatfishException)3
IkeGateway (org.batfish.datamodel.IkeGateway)3
IkePolicy (org.batfish.datamodel.IkePolicy)3
IpsecPolicy (org.batfish.datamodel.IpsecPolicy)3
IpsecVpn (org.batfish.datamodel.IpsecVpn)3
Configuration (org.batfish.datamodel.Configuration)2
IkeProposal (org.batfish.datamodel.IkeProposal)2
Ip (org.batfish.datamodel.Ip)2
TreeMap (java.util.TreeMap)1
RedFlagBatfishException (org.batfish.common.RedFlagBatfishException)1
BgpNeighbor (org.batfish.datamodel.BgpNeighbor)1
BgpProcess (org.batfish.datamodel.BgpProcess)1
Interface (org.batfish.datamodel.Interface)1
InterfaceAddress (org.batfish.datamodel.InterfaceAddress)1
Prefix (org.batfish.datamodel.Prefix)1
RouteFilterLine (org.batfish.datamodel.RouteFilterLine)1
RouteFilterList (org.batfish.datamodel.RouteFilterList)1
StaticRoute (org.batfish.datamodel.StaticRoute)1
SubRange (org.batfish.datamodel.SubRange)1
