summaryrefslogtreecommitdiff
path: root/data/templates/ipsec/swanctl/peer.tmpl
diff options
context:
space:
mode:
Diffstat (limited to 'data/templates/ipsec/swanctl/peer.tmpl')
-rw-r--r--data/templates/ipsec/swanctl/peer.tmpl7
1 files changed, 7 insertions, 0 deletions
diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl
index 481ea7224..562e8fdd5 100644
--- a/data/templates/ipsec/swanctl/peer.tmpl
+++ b/data/templates/ipsec/swanctl/peer.tmpl
@@ -5,6 +5,9 @@
peer_{{ name }} {
proposals = {{ ike | get_esp_ike_cipher | join(',') }}
version = {{ ike.key_exchange[4:] if ike is defined and ike.key_exchange is defined else "0" }}
+{% if peer_conf.virtual_address is defined and peer_conf.virtual_address is not none %}
+ vips = {{ peer_conf.virtual_address | join(', ') }}
+{% endif %}
local_addrs = {{ peer_conf.local_address if peer_conf.local_address != 'any' else '0.0.0.0/0' }} # dhcp:{{ peer_conf.dhcp_interface if 'dhcp_interface' in peer_conf else 'no' }}
remote_addrs = {{ peer if peer not in ['any', '0.0.0.0'] and peer[0:1] != '@' else '0.0.0.0/0' }}
{% if peer_conf.authentication is defined and peer_conf.authentication.mode is defined and peer_conf.authentication.mode == 'x509' %}
@@ -80,6 +83,8 @@
start_action = start
{% elif peer_conf.connection_type == 'respond' %}
start_action = trap
+{% elif peer_conf.connection_type == 'none' %}
+ start_action = none
{% endif %}
{% if ike.dead_peer_detection is defined %}
{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'start'} %}
@@ -128,6 +133,8 @@
start_action = start
{% elif peer_conf.connection_type == 'respond' %}
start_action = trap
+{% elif peer_conf.connection_type == 'none' %}
+ start_action = none
{% endif %}
{% if ike.dead_peer_detection is defined %}
{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'start'} %}