summaryrefslogtreecommitdiff
path: root/data/templates/ipsec/swanctl
diff options
context:
space:
mode:
Diffstat (limited to 'data/templates/ipsec/swanctl')
-rw-r--r--data/templates/ipsec/swanctl/remote_access.j29
1 files changed, 8 insertions, 1 deletions
diff --git a/data/templates/ipsec/swanctl/remote_access.j2 b/data/templates/ipsec/swanctl/remote_access.j2
index e384ae972..c79f292b4 100644
--- a/data/templates/ipsec/swanctl/remote_access.j2
+++ b/data/templates/ipsec/swanctl/remote_access.j2
@@ -46,7 +46,7 @@
{% endif %}
}
children {
- ikev2-vpn {
+ {{ name }}-client {
esp_proposals = {{ esp | get_esp_ike_cipher(ike) | join(',') }}
{% if esp.life_bytes is vyos_defined %}
life_bytes = {{ esp.life_bytes }}
@@ -69,6 +69,13 @@
{% set local_port = rw_conf.local.port if rw_conf.local.port is vyos_defined else '' %}
{% set local_suffix = '[%any/{1}]'.format(local_port) if local_port else '' %}
local_ts = {{ local_prefix | join(local_suffix + ",") }}{{ local_suffix }}
+{% if rw_conf.bind is vyos_defined %}
+{# The key defaults to 0 and will match any policies which similarly do not have a lookup key configuration. #}
+{# Thus we simply shift the key by one to also support a vti0 interface #}
+{% set if_id = rw_conf.bind | replace('vti', '') | int + 1 %}
+ if_id_in = {{ if_id }}
+ if_id_out = {{ if_id }}
+{% endif %}
}
}
}