diff --git a/netbox/vpn/choices.py b/netbox/vpn/choices.py index 96d73633f..1ea8bcadb 100644 --- a/netbox/vpn/choices.py +++ b/netbox/vpn/choices.py @@ -72,39 +72,95 @@ class IKEVersionChoices(ChoiceSet): class EncryptionChoices(ChoiceSet): - ENCRYPTION_AES128 = 'aes-128' - ENCRYPTION_AES192 = 'aes-192' - ENCRYPTION_AES256 = 'aes-256' - ENCRYPTION_3DES = '3des' + ENCRYPTION_AES128_CBC = 'aes-128-cbc' + ENCRYPTION_AES128_GCM = 'aes-128-gcm' + ENCRYPTION_AES192_CBC = 'aes-192-cbc' + ENCRYPTION_AES192_GCM = 'aes-192-gcm' + ENCRYPTION_AES256_CBC = 'aes-256-cbc' + ENCRYPTION_AES256_GCM = 'aes-256-gcm' + ENCRYPTION_3DES = '3des-cbc' + ENCRYPTION_DES = 'des-cbc' CHOICES = ( - (ENCRYPTION_AES128, 'AES (128-bit)'), - (ENCRYPTION_AES192, 'AES (192-bit)'), - (ENCRYPTION_AES256, 'AES (256-bit)'), + (ENCRYPTION_AES128_CBC, '128-bit AES (CBC)'), + (ENCRYPTION_AES128_GCM, '128-bit AES (GCM)'), + (ENCRYPTION_AES192_CBC, '192-bit AES (CBC)'), + (ENCRYPTION_AES192_GCM, '192-bit AES (GCM)'), + (ENCRYPTION_AES256_CBC, '256-bit AES (CBC)'), + (ENCRYPTION_AES256_GCM, '256-bit AES (GCM)'), (ENCRYPTION_3DES, '3DES'), + (ENCRYPTION_3DES, 'DES'), ) class AuthenticationChoices(ChoiceSet): - AUTH_SHA1 = 'SHA-1' - AUTH_MD5 = 'MD5' + AUTH_HMAC_SHA1 = 'hmac-sha1' + AUTH_HMAC_SHA256 = 'hmac-sha256' + AUTH_HMAC_SHA384 = 'hmac-sha384' + AUTH_HMAC_SHA512 = 'hmac-sha512' + AUTH_HMAC_MD5 = 'hmac-md5' CHOICES = ( - (AUTH_SHA1, 'SHA-1'), - (AUTH_MD5, 'MD5'), + (AUTH_HMAC_SHA1, 'SHA-1 HMAC'), + (AUTH_HMAC_SHA256, 'SHA-256 HMAC'), + (AUTH_HMAC_SHA384, 'SHA-384 HMAC'), + (AUTH_HMAC_SHA512, 'SHA-512 HMAC'), + (AUTH_HMAC_MD5, 'MD5 HMAC'), ) class DHGroupChoices(ChoiceSet): - # TODO: Add all the groups & annotate their attributes - GROUP_1 = 1 - GROUP_2 = 2 - GROUP_5 = 5 - GROUP_7 = 7 + # https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-8 + GROUP_1 = 1 # 768-bit MODP + GROUP_2 = 2 # 1024-but MODP + # Groups 3-4 reserved + GROUP_5 = 5 # 1536-bit MODP + # Groups 6-13 unassigned + GROUP_14 = 14 # 2048-bit MODP + GROUP_15 = 15 # 3072-bit MODP + GROUP_16 = 16 # 4096-bit MODP + GROUP_17 = 17 # 6144-bit MODP + GROUP_18 = 18 # 8192-bit MODP + GROUP_19 = 19 # 256-bit random ECP + GROUP_20 = 20 # 384-bit random ECP + GROUP_21 = 21 # 521-bit random ECP (521 is not a typo) + GROUP_22 = 22 # 1024-bit MODP w/160-bit prime + GROUP_23 = 23 # 2048-bit MODP w/224-bit prime + GROUP_24 = 24 # 2048-bit MODP w/256-bit prime + GROUP_25 = 25 # 192-bit ECP + GROUP_26 = 26 # 224-bit ECP + GROUP_27 = 27 # brainpoolP224r1 + GROUP_28 = 28 # brainpoolP256r1 + GROUP_29 = 29 # brainpoolP384r1 + GROUP_30 = 30 # brainpoolP512r1 + GROUP_31 = 31 # Curve25519 + GROUP_32 = 32 # Curve448 + GROUP_33 = 33 # GOST3410_2012_256 + GROUP_34 = 34 # GOST3410_2012_512 CHOICES = ( + # Strings are formatted in this manner to optimize translations (GROUP_1, _('Group {n}').format(n=1)), (GROUP_2, _('Group {n}').format(n=2)), (GROUP_5, _('Group {n}').format(n=5)), - (GROUP_7, _('Group {n}').format(n=7)), + (GROUP_14, _('Group {n}').format(n=14)), + (GROUP_16, _('Group {n}').format(n=16)), + (GROUP_17, _('Group {n}').format(n=17)), + (GROUP_18, _('Group {n}').format(n=18)), + (GROUP_19, _('Group {n}').format(n=19)), + (GROUP_20, _('Group {n}').format(n=20)), + (GROUP_21, _('Group {n}').format(n=21)), + (GROUP_22, _('Group {n}').format(n=22)), + (GROUP_23, _('Group {n}').format(n=23)), + (GROUP_24, _('Group {n}').format(n=24)), + (GROUP_25, _('Group {n}').format(n=25)), + (GROUP_26, _('Group {n}').format(n=26)), + (GROUP_27, _('Group {n}').format(n=27)), + (GROUP_28, _('Group {n}').format(n=28)), + (GROUP_29, _('Group {n}').format(n=29)), + (GROUP_30, _('Group {n}').format(n=30)), + (GROUP_31, _('Group {n}').format(n=31)), + (GROUP_32, _('Group {n}').format(n=32)), + (GROUP_33, _('Group {n}').format(n=33)), + (GROUP_34, _('Group {n}').format(n=34)), )