diff options
Diffstat (limited to 'data/templates/ipsec/swanctl.conf.tmpl')
| -rw-r--r-- | data/templates/ipsec/swanctl.conf.tmpl | 46 |
1 files changed, 35 insertions, 11 deletions
diff --git a/data/templates/ipsec/swanctl.conf.tmpl b/data/templates/ipsec/swanctl.conf.tmpl index a6ab73cc2..161f19f95 100644 --- a/data/templates/ipsec/swanctl.conf.tmpl +++ b/data/templates/ipsec/swanctl.conf.tmpl @@ -1,4 +1,5 @@ ### Autogenerated by vpn_ipsec.py ### +{% import 'ipsec/swanctl/l2tp.tmpl' as l2tp_tmpl %} {% import 'ipsec/swanctl/profile.tmpl' as profile_tmpl %} {% import 'ipsec/swanctl/peer.tmpl' as peer_tmpl %} {% import 'ipsec/swanctl/remote_access.tmpl' as remote_access_tmpl %} @@ -14,21 +15,28 @@ connections { {{ peer_tmpl.conn(peer, peer_conf, ike_group, esp_group) }} {% endfor %} {% endif %} -{% if remote_access is defined and remote_access is not none %} -{% for rw, rw_conf in remote_access.items() if rw_conf.disable is not defined %} +{% if remote_access is defined and remote_access.connection is defined and remote_access.connection is not none %} +{% for rw, rw_conf in remote_access.connection.items() if rw_conf.disable is not defined %} {{ remote_access_tmpl.conn(rw, rw_conf, ike_group, esp_group) }} {% endfor %} {% endif %} +{% if l2tp %} +{{ l2tp_tmpl.conn(l2tp, l2tp_outside_address, l2tp_ike_default, l2tp_esp_default, ike_group, esp_group) }} +{% endif %} } pools { -{% if remote_access is defined %} -{% for ra, ra_conf in remote_access.items() if ra_conf.pool.dhcp_enable is not defined %} - ra-{{ ra }} { - addrs = {{ ra_conf.pool.prefix }} - dns = {{ ra_conf.pool.name_server | join(",") }} -{% if ra_conf.pool.exclude is defined %} - split_exclude = {{ ra_conf.pool.exclude | join(",") }} +{% if remote_access is defined and remote_access.pool is defined and remote_access.pool is not none %} +{% for pool, pool_config in remote_access.pool.items() %} + {{ pool }} { +{% if pool_config.prefix is defined and pool_config.prefix is not none %} + addrs = {{ pool_config.prefix }} +{% endif %} +{% if pool_config.name_server is defined and pool_config.name_server is not none %} + dns = {{ pool_config.name_server | join(',') }} +{% endif %} +{% if pool_config.exclude is defined and pool_config.exclude is not none %} + split_exclude = {{ pool_config.exclude | join(',') }} {% endif %} } {% endfor %} @@ -81,8 +89,8 @@ secrets { {% endif %} {% endfor %} {% endif %} -{% if remote_access is defined %} -{% for ra, ra_conf in remote_access.items() if remote_access is defined %} +{% if remote_access is defined and remote_access.connection is defined and remote_access.connection is not none %} +{% for ra, ra_conf in remote_access.connection.items() if ra_conf.disable is not defined %} {% if ra_conf.authentication.server_mode == 'pre-shared-secret' %} ike_{{ ra }} { {% if ra_conf.authentication.id is defined %} @@ -103,5 +111,21 @@ secrets { {% endif %} {% endfor %} {% endif %} +{% if l2tp %} +{% if l2tp.authentication.mode == 'pre-shared-secret' %} + ike_l2tp_remote_access { + id = "{{ l2tp_outside_address }}" + secret = "{{ l2tp.authentication.pre_shared_secret }}" + } +{% elif l2tp.authentication.mode == 'x509' %} + private_l2tp_remote_access { + id = "{{ l2tp_outside_address }}" + file = {{ l2tp.authentication.x509.certificate }}.pem +{% if l2tp.authentication.x509.passphrase is defined %} + secret = "{{ l2tp.authentication.x509.passphrase }}" +{% endif %} + } +{% endif %} +{% endif %} } |