T7290: Fix VPN IPsec log level processing

Fix the IPsec log level option processing
   set vpn ipsec log level '2'

Render Jinja2 template to generate correct log for IPsec for
the file /etc/strongswan.d/charon-systemd.conf

2 files changed, 20 insertions, 0 deletions

diff --git a/data/templates/ipsec/charon_systemd.conf.j2 b/data/templates/ipsec/charon_systemd.conf.j2
new file mode 100644
index 000000000..368aa1ae3
--- /dev/null
+++ b/data/templates/ipsec/charon_systemd.conf.j2
@@ -0,0 +1,18 @@
+# Generated by ${vyos_conf_scripts_dir}/vpn_ipsec.py
+
+charon-systemd {
+
+    # Section to configure native systemd journal logger, very similar to the
+    # syslog logger as described in LOGGER CONFIGURATION in strongswan.conf(5).
+    journal {
+
+        # Loglevel for a specific subsystem.
+        # <subsystem> = <default>
+
+{% if log.level is vyos_defined %}
+        # Default loglevel.
+        default = {{ log.level }}
+{% endif %}
+    }
+
+}
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py
index 71a503e61..2754314f7 100755
--- a/src/conf_mode/vpn_ipsec.py
+++ b/src/conf_mode/vpn_ipsec.py
@@ -64,6 +64,7 @@ swanctl_dir        = '/etc/swanctl'
 charon_conf        = '/etc/strongswan.d/charon.conf'
 charon_dhcp_conf   = '/etc/strongswan.d/charon/dhcp.conf'
 charon_radius_conf = '/etc/strongswan.d/charon/eap-radius.conf'
+charon_systemd_conf = '/etc/strongswan.d/charon-systemd.conf'
 interface_conf     = '/etc/strongswan.d/interfaces_use.conf'
 swanctl_conf       = f'{swanctl_dir}/swanctl.conf'
 
@@ -745,6 +746,7 @@ def generate(ipsec):
     render(charon_conf, 'ipsec/charon.j2', ipsec)
     render(charon_dhcp_conf, 'ipsec/charon/dhcp.conf.j2', ipsec)
     render(charon_radius_conf, 'ipsec/charon/eap-radius.conf.j2', ipsec)
+    render(charon_systemd_conf, 'ipsec/charon_systemd.conf.j2', ipsec)
     render(interface_conf, 'ipsec/interfaces_use.conf.j2', ipsec)
     render(swanctl_conf, 'ipsec/swanctl.conf.j2', ipsec)