public override void Execute()
{
base.Execute();
var vpnclientIpsecPolicy = new PSIpsecPolicy();
// default SA values
vpnclientIpsecPolicy.SALifeTimeSeconds = (!this.MyInvocation.BoundParameters.ContainsKey("SALifeTime")) ? 7200 : this.SALifeTime;
vpnclientIpsecPolicy.SADataSizeKilobytes = (!this.MyInvocation.BoundParameters.ContainsKey("SADataSize")) ? 104857600 : this.SADataSize;
vpnclientIpsecPolicy.IpsecEncryption = (!this.MyInvocation.BoundParameters.ContainsKey("IpsecEncryption")) ? MNM.IpsecEncryption.GCMAES256 : this.IpsecEncryption;
vpnclientIpsecPolicy.IpsecIntegrity = (!this.MyInvocation.BoundParameters.ContainsKey("IpsecIntegrity")) ? MNM.IpsecIntegrity.GCMAES256 : this.IpsecIntegrity;
// GCM matching check
if ((vpnclientIpsecPolicy.IpsecEncryption.Contains("GCM") || vpnclientIpsecPolicy.IpsecIntegrity.Contains("GCM")) &&
vpnclientIpsecPolicy.IpsecEncryption != vpnclientIpsecPolicy.IpsecIntegrity)
{
throw new ArgumentException("Vpnclient IpsecEncryption and IpsecIntegrity must use matching GCM algorithms");
}
vpnclientIpsecPolicy.IkeEncryption = (!this.MyInvocation.BoundParameters.ContainsKey("IkeEncryption")) ? MNM.IkeEncryption.AES256 : this.IkeEncryption;
vpnclientIpsecPolicy.IkeIntegrity = (!this.MyInvocation.BoundParameters.ContainsKey("IkeIntegrity")) ? MNM.IkeIntegrity.SHA256 : this.IkeIntegrity;
vpnclientIpsecPolicy.DhGroup = (!this.MyInvocation.BoundParameters.ContainsKey("DhGroup")) ? MNM.DhGroup.DHGroup24 : this.DhGroup;
vpnclientIpsecPolicy.PfsGroup = (!this.MyInvocation.BoundParameters.ContainsKey("PfsGroup")) ? MNM.PfsGroup.PFS24 : this.PfsGroup;
WriteObject(vpnclientIpsecPolicy);
}
public override void Execute()
{
base.Execute();
var ipsecPolicy = new PSIpsecPolicy();
// default SA values
ipsecPolicy.SALifeTimeSeconds = (!this.MyInvocation.BoundParameters.ContainsKey("SALifeTimeSeconds")) ? 27000 : this.SALifeTimeSeconds;
ipsecPolicy.SADataSizeKilobytes = (!this.MyInvocation.BoundParameters.ContainsKey("SADataSizeKilobytes")) ? 102400000 : this.SADataSizeKilobytes;
// GCM matching check
if ((this.IpsecEncryption.Contains("GCM") || this.IpsecIntegrity.Contains("GCM")) && this.IpsecEncryption != this.IpsecIntegrity)
{
throw new ArgumentException("IpsecEncryption and IpsecIntegrity must use matching GCM algorithms");
}
// SADataSizeKilobytes either 0 or between 1024 and 2147483647
if (ipsecPolicy.SADataSizeKilobytes != 0 && (ipsecPolicy.SADataSizeKilobytes < 1024 || ipsecPolicy.SADataSizeKilobytes > int.MaxValue))
{
throw new ArgumentException("SA life time in kilobytes must be 0 or between 1024 and 2147483647 included.");
}
ipsecPolicy.IpsecEncryption = this.IpsecEncryption;
ipsecPolicy.IpsecIntegrity = this.IpsecIntegrity;
ipsecPolicy.IkeEncryption = this.IkeEncryption;
ipsecPolicy.IkeIntegrity = this.IkeIntegrity;
ipsecPolicy.DhGroup = this.DhGroup;
ipsecPolicy.PfsGroup = this.PfsGroup;
WriteObject(ipsecPolicy);
}
public override void Execute()
{
base.Execute();
var ipsecPolicy = new PSIpsecPolicy();
ipsecPolicy.SALifeTimeSeconds = this.SALifeTimeSeconds;
ipsecPolicy.SADataSizeKilobytes = this.SADataSizeKilobytes;
ipsecPolicy.IpsecEncryption = this.IpsecEncryption;
ipsecPolicy.IpsecIntegrity = this.IpsecIntegrity;
ipsecPolicy.IkeEncryption = this.IkeEncryption;
ipsecPolicy.IkeIntegrity = this.IkeIntegrity;
ipsecPolicy.DhGroup = this.DhGroup;
ipsecPolicy.PfsGroup = this.PfsGroup;
WriteObject(ipsecPolicy);
}
public override void Execute()
{
base.Execute();
var ipsecPolicy = new PSIpsecPolicy();
// default SA values
ipsecPolicy.SALifeTimeSeconds = (!this.MyInvocation.BoundParameters.ContainsKey("SALifeTimeSeconds")) ? 27000 : this.SALifeTimeSeconds;
ipsecPolicy.SADataSizeKilobytes = (!this.MyInvocation.BoundParameters.ContainsKey("SADataSizeKilobytes")) ? 102400000 : this.SADataSizeKilobytes;
// GCM matching check
if ((this.IpsecEncryption.Contains("GCM") || this.IpsecIntegrity.Contains("GCM")) && this.IpsecEncryption != this.IpsecIntegrity)
{
throw new ArgumentException("IpsecEncryption and IpsecIntegrity must use matching GCM algorithms");
}
ipsecPolicy.IpsecEncryption = this.IpsecEncryption;
ipsecPolicy.IpsecIntegrity = this.IpsecIntegrity;
ipsecPolicy.IkeEncryption = this.IkeEncryption;
ipsecPolicy.IkeIntegrity = this.IkeIntegrity;
ipsecPolicy.DhGroup = this.DhGroup;
ipsecPolicy.PfsGroup = this.PfsGroup;
WriteObject(ipsecPolicy);
}
