From 4d2c89dcd50d3c158dc76ac5ab843dd66105bc02 Mon Sep 17 00:00:00 2001 From: Lucas Christian Date: Thu, 28 Dec 2023 22:26:56 -0800 Subject: T5873: vpn ipsec remote-access: support VTI interfaces --- data/templates/ipsec/swanctl.conf.j2 | 2 ++ data/templates/ipsec/swanctl/remote_access.j2 | 7 +++++++ 2 files changed, 9 insertions(+) (limited to 'data') diff --git a/data/templates/ipsec/swanctl.conf.j2 b/data/templates/ipsec/swanctl.conf.j2 index d44d0f5e4..698a9135e 100644 --- a/data/templates/ipsec/swanctl.conf.j2 +++ b/data/templates/ipsec/swanctl.conf.j2 @@ -31,6 +31,8 @@ pools { {{ pool }} { {% if pool_config.prefix is vyos_defined %} addrs = {{ pool_config.prefix }} +{% elif pool_config.range is vyos_defined %} + addrs = {{ pool_config.range.start }}-{{ pool_config.range.stop }} {% endif %} {% if pool_config.name_server is vyos_defined %} dns = {{ pool_config.name_server | join(',') }} diff --git a/data/templates/ipsec/swanctl/remote_access.j2 b/data/templates/ipsec/swanctl/remote_access.j2 index e384ae972..a3b61f781 100644 --- a/data/templates/ipsec/swanctl/remote_access.j2 +++ b/data/templates/ipsec/swanctl/remote_access.j2 @@ -69,6 +69,13 @@ {% set local_port = rw_conf.local.port if rw_conf.local.port is vyos_defined else '' %} {% set local_suffix = '[%any/{1}]'.format(local_port) if local_port else '' %} local_ts = {{ local_prefix | join(local_suffix + ",") }}{{ local_suffix }} +{% if rw_conf.bind is vyos_defined %} +{# The key defaults to 0 and will match any policies which similarly do not have a lookup key configuration. #} +{# Thus we simply shift the key by one to also support a vti0 interface #} +{% set if_id = rw_conf.bind | replace('vti', '') | int + 1 %} + if_id_in = {{ if_id }} + if_id_out = {{ if_id }} +{% endif %} } } } -- cgit v1.2.3 From 50cf1746d3ab5e3666a3e502c67d7d853ae7f932 Mon Sep 17 00:00:00 2001 From: Lucas Christian Date: Sun, 7 Jul 2024 03:19:02 -0700 Subject: T5873: vpn ipsec remote-access: improve child ESP session naming --- data/templates/ipsec/swanctl/remote_access.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'data') diff --git a/data/templates/ipsec/swanctl/remote_access.j2 b/data/templates/ipsec/swanctl/remote_access.j2 index a3b61f781..c79f292b4 100644 --- a/data/templates/ipsec/swanctl/remote_access.j2 +++ b/data/templates/ipsec/swanctl/remote_access.j2 @@ -46,7 +46,7 @@ {% endif %} } children { - ikev2-vpn { + {{ name }}-client { esp_proposals = {{ esp | get_esp_ike_cipher(ike) | join(',') }} {% if esp.life_bytes is vyos_defined %} life_bytes = {{ esp.life_bytes }} -- cgit v1.2.3