#------------------------------------------------------------------------------
# fli4l __FLI4LVER__ - configuration check for openvpn
#
# Last Update:  $Id$
#
# Copyright (c) 2003-2016 - fli4l-Team <team@fli4l.de>
#------------------------------------------------------------------------------

OPENVPN_PROTOCOL = 'udp(4|6)|tcp(4|6)-(client|server)'
                 : 'The protocol must be one of udp4, udp6, tcp4-client, tcp6-client, tcp4-server, or tcp6-server'
OPENVPN_CIPHER   = 'DES-CBC|RC2-CBC|DES-EDE-CBC|DES-EDE3-CBC|DESX-CBC|BF-CBC|RC2-40-CBC|CAST5-CBC|RC2-64-CBC|AES-128-CBC|AES-192-CBC|AES-256-CBC|CAMELLIA-128-CBC|CAMELLIA-192-CBC|CAMELLIA-256-CBC|SEED-CBC|none'
                 : 'The selected cipher is not supported'
OPENVPN_DIGEST   = 'MD5|RSA-MD5|SHA|RSA-SHA|SHA1|RSA-SHA1|DSA-SHA|DSA-SHA1-old|MDC2|RSA-MDC2|DSA-SHA1|RSA-SHA1-2|DSA|RIPEMD160|RSA-RIPEMD160|MD4|RSA-MD4|ecdsa-with-SHA1|RSA-SHA256|RSA-SHA384|RSA-SHA512|RSA-SHA224|SHA256|SHA384|SHA512|SHA224|whirlpool|none'
                 : 'The selected digest is not supported'
OPENVPN_SECRET   = 'yes|no|webgui'
                 : 'yes creates a new secret at boot time, no disables creating a new key and webgui allows the webgui to create a key'
+FW_IF(OPT_OPENVPN) = 'VPNDEV'
                 : 'no errormessage yet'
+FW_IF6(OPT_OPENVPN) = 'VPNDEV'
                 : 'no errormessage yet'
+FW_IF(OPENVPN_EXPERT) = 'tun[+]|tun[0-9]+'
                 : ''
+FW_IF6(OPENVPN_EXPERT) = 'tun[+]|tun[0-9]+'
                 : ''
FW_OVPN_CHAIN    = 'ovpn-chain'
                 : 'no errormessage yet'
+FW_INPUT_RULE= '(RE:FW_OVPN_CHAIN)'
                 : 'no errormessage yet'
+FW_INPUT_RULE6= '(RE:FW_OVPN_CHAIN)'
                 : 'no errormessage yet'
+FW_FORWARD_RULE = '(RE:FW_OVPN_CHAIN)'
                 : 'no errormessage yet'
+FW_FORWARD_RULE6 = '(RE:FW_OVPN_CHAIN)'
                 : 'no errormessage yet'
+FW_NET          = 'REMOTE-NET'
                 : 'no errormessage yet'
+FW_NET6         = 'REMOTE-NET'
                 : 'no errormessage yet'
+FW_NET_IP       = 'LOCAL-VPN-IP|REMOTE-VPN-IP'
                 : 'no errormessage yet'
+FW_NET_IP6      = 'LOCAL-VPN-IP|REMOTE-VPN-IP'
                 : 'no errormessage yet'
OPENVPN_FW_NAT_POST_RULE= '[[:space:]]*((RE:FW_NAT_POST_MATCH)+)?(RE:FW_IP){2}(RE:FW_NAT_POST_ACTION)'
                 : 'OpenVPN POSTROUTING rules need source and destination ip addresses or networks since fli4l version 3.5.0'
OPENVPN_NAME     = '[-0-9A-Za-z.]{2,16}'
                 : 'OPENVPN_x_NAME name must consist of 2 to 16 characters (only alphanumerical characters, the dot and hyphens are acceptable)'
OPENVPN_DEVNUM   = '[1][0-9][0-9][0-9]'
                 : 'OPENVPN_x_DEVNUM must have a valu beetween 1000 and 1999'
+IP_NET_DEV(OPT_OPENVPN) = 'tun[0-9]+'
                : ' Also tun devices with tun<number> are allowed.'