diff options
| author | Christian Poessinger <christian@poessinger.com> | 2021-07-04 21:19:43 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-07-04 21:19:43 +0200 |
| commit | caed454a1d1581cc476ceb27fea17d4ef6e77982 (patch) | |
| tree | facbc4268e9ec7c95c17278475ee184bb2181590 /data/templates/ipsec/swanctl.conf.tmpl | |
| parent | e0a754a0a608e1eb9021cf847b83e72165219de2 (diff) | |
| parent | 40c6a0402511383d1fa1ddb8aca9d11765720471 (diff) | |
| download | vyos-1x-caed454a1d1581cc476ceb27fea17d4ef6e77982.tar.gz vyos-1x-caed454a1d1581cc476ceb27fea17d4ef6e77982.zip | |
Merge pull request #908 from c-po/ipsec-ikev2-remote-access
ipsec: T1210: T1251: IKEv2 road-warrior support
Diffstat (limited to 'data/templates/ipsec/swanctl.conf.tmpl')
| -rw-r--r-- | data/templates/ipsec/swanctl.conf.tmpl | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/data/templates/ipsec/swanctl.conf.tmpl b/data/templates/ipsec/swanctl.conf.tmpl index cafe52e78..0eda8479a 100644 --- a/data/templates/ipsec/swanctl.conf.tmpl +++ b/data/templates/ipsec/swanctl.conf.tmpl @@ -1,6 +1,7 @@ ### Autogenerated by vpn_ipsec.py ### {% import 'ipsec/swanctl/profile.tmpl' as profile_tmpl %} {% import 'ipsec/swanctl/peer.tmpl' as peer_tmpl %} +{% import 'ipsec/swanctl/remote_access.tmpl' as remote_access_tmpl %} connections { {% if profile is defined %} @@ -13,6 +14,25 @@ connections { {{ peer_tmpl.conn(peer, peer_conf, ike_group, esp_group) }} {% endfor %} {% endif %} +{% if remote_access is defined and remote_access is not none %} +{% for rw, rw_conf in remote_access.items() if rw_conf.disable is not defined %} +{{ remote_access_tmpl.conn(rw, rw_conf, ike_group, esp_group) }} +{% endfor %} +{% endif %} +} + +pools { +{% if remote_access is defined %} +{% for ra, ra_conf in remote_access.items() if remote_access is defined %} + ra-{{ ra }} { + addrs = {{ ra_conf.pool.prefix }} + dns = {{ ra_conf.pool.name_server | join(",") }} +{% if ra_conf.pool.exclude is defined %} + split_exclude = {{ ra_conf.pool.exclude | join(",") }} +{% endif %} + } +{% endfor %} +{% endif %} } secrets { @@ -60,5 +80,17 @@ secrets { {% endif %} {% endfor %} {% endif %} +{% if remote_access is defined %} +{% for ra, ra_conf in remote_access.items() if remote_access is defined %} +{% if ra_conf.authentication is defined and ra_conf.authentication.local_users is defined and ra_conf.authentication.local_users.username is defined %} +{% for user, user_conf in ra_conf.authentication.local_users.username.items() if user_conf.disable is not defined %} + eap-{{ ra }}-{{ user }} { + secret = "{{ user_conf.password }}" + id-{{ ra }}-{{ user }} = "{{ user }}" + } +{% endfor %} +{% endif %} +{% endfor %} +{% endif %} } |