ipsec: T1210: T1251: add "local" traffic-selector include definition

Used by both site2site and remote-access/road-warrior VPN connections.

3 files changed, 32 insertions, 54 deletions

diff --git a/data/templates/ipsec/swanctl/remote_access.tmpl b/data/templates/ipsec/swanctl/remote_access.tmpl
index 004aace2e..a3a1cf0b2 100644
--- a/data/templates/ipsec/swanctl/remote_access.tmpl
+++ b/data/templates/ipsec/swanctl/remote_access.tmpl
@@ -30,8 +30,8 @@
                 rekey_time = {{ esp.lifetime }}s
                 rand_time = 540s
                 dpd_action = clear
-{%   set local_prefix = rw_conf.local_network.prefix if rw_conf.local_network is defined and rw_conf.local_network.prefix is defined else ['0.0.0.0/0', '::/0'] %}
-{%   set local_port = rw_conf.local_network.port if rw_conf.local_network is defined and rw_conf.local_network.port is defined else '' %}
+{%   set local_prefix = rw_conf.local.prefix if rw_conf.local is defined and rw_conf.local.prefix is defined else ['0.0.0.0/0', '::/0'] %}
+{%   set local_port = rw_conf.local.port if rw_conf.local is defined and rw_conf.local.port is defined else '' %}
 {%   set local_suffix = '[%any/{1}]'.format(local_port) if local_port else '' %}
                 local_ts = {{ local_prefix | join(local_suffix + ",") }}{{ local_suffix }}
             }
diff --git a/interface-definitions/include/ipsec/local-traffic-selector.xml.i b/interface-definitions/include/ipsec/local-traffic-selector.xml.i
new file mode 100644
index 000000000..d30a6d11a
--- /dev/null
+++ b/interface-definitions/include/ipsec/local-traffic-selector.xml.i
@@ -0,0 +1,28 @@
+<!-- include start from ipsec/local-traffic-selector.xml.i -->
+<node name="local">
+  <properties>
+    <help>Local parameters for interesting traffic</help>
+  </properties>
+  <children>
+    #include <include/port-number.xml.i>
+    <leafNode name="prefix">
+      <properties>
+        <help>Local IPv4 or IPv6 prefix</help>
+        <valueHelp>
+          <format>ipv4</format>
+          <description>Local IPv4 prefix</description>
+        </valueHelp>
+        <valueHelp>
+          <format>ipv6</format>
+          <description>Local IPv6 prefix</description>
+        </valueHelp>
+        <constraint>
+          <validator name="ipv4-prefix"/>
+          <validator name="ipv6-prefix"/>
+        </constraint>
+        <multi/>
+      </properties>
+    </leafNode>
+  </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in
index 75fd6a92f..187bb1154 100644
--- a/interface-definitions/vpn_ipsec.xml.in
+++ b/interface-definitions/vpn_ipsec.xml.in
@@ -744,32 +744,7 @@
               #include <include/ipsec/esp-group.xml.i>
               #include <include/ipsec/ike-group.xml.i>
               #include <include/ipsec/local-address.xml.i>
-              <node name="local-network">
-                <properties>
-                  <help>Local traffic selectors</help>
-                </properties>
-                <children>
-                  #include <include/port-number.xml.i>
-                  <leafNode name="prefix">
-                    <properties>
-                      <help>Local IPv4 or IPv6 prefix</help>
-                      <valueHelp>
-                        <format>ipv4</format>
-                        <description>Local IPv4 prefix</description>
-                      </valueHelp>
-                      <valueHelp>
-                        <format>ipv6</format>
-                        <description>Local IPv6 prefix</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="ipv4-prefix"/>
-                        <validator name="ipv6-prefix"/>
-                      </constraint>
-                      <multi/>
-                    </properties>
-                  </leafNode>
-                </children>
-              </node>
+              #include <include/ipsec/local-traffic-selector.xml.i>
               <node name="pool">
                 <properties>
                   <help>IP address pool for remote-access users</help>
@@ -1008,32 +983,7 @@
                     <children>
                       #include <include/generic-disable-node.xml.i>
                       #include <include/ipsec/esp-group.xml.i>
-                      <node name="local">
-                        <properties>
-                          <help>Local parameters for interesting traffic</help>
-                        </properties>
-                        <children>
-                          #include <include/port-number.xml.i>
-                          <leafNode name="prefix">
-                            <properties>
-                              <help>Local IPv4 or IPv6 prefix</help>
-                              <valueHelp>
-                                <format>ipv4</format>
-                                <description>Local IPv4 prefix</description>
-                              </valueHelp>
-                              <valueHelp>
-                                <format>ipv6</format>
-                                <description>Local IPv6 prefix</description>
-                              </valueHelp>
-                              <constraint>
-                                <validator name="ipv4-prefix"/>
-                                <validator name="ipv6-prefix"/>
-                              </constraint>
-                              <multi/>
-                            </properties>
-                          </leafNode>
-                        </children>
-                      </node>
+                      #include <include/ipsec/local-traffic-selector.xml.i>
                       #include <include/ip-protocol.xml.i>
                       <node name="remote">
                         <properties>