diff options
| author | Simon <965089+sarthurdev@users.noreply.github.com> | 2021-05-28 16:35:12 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-05-28 16:35:12 +0200 |
| commit | eabc5f1c2e5bfe548cb3d62f2f85f8d61be29b92 (patch) | |
| tree | 2efe4cf2ad2e0cb9b9f355dffa22707b26f785ef /data/templates/ipsec/ipsec.secrets.tmpl | |
| parent | b0e1c8a9c9ef470297bf3c9f5059ad7c720c46ff (diff) | |
| download | vyos-1x-eabc5f1c2e5bfe548cb3d62f2f85f8d61be29b92.tar.gz vyos-1x-eabc5f1c2e5bfe548cb3d62f2f85f8d61be29b92.zip | |
ipsec: T2816: IPSec python rework, includes DMVPN and VTI support
Diffstat (limited to 'data/templates/ipsec/ipsec.secrets.tmpl')
| -rw-r--r-- | data/templates/ipsec/ipsec.secrets.tmpl | 33 |
1 files changed, 30 insertions, 3 deletions
diff --git a/data/templates/ipsec/ipsec.secrets.tmpl b/data/templates/ipsec/ipsec.secrets.tmpl index 55c010a3b..a1432de57 100644 --- a/data/templates/ipsec/ipsec.secrets.tmpl +++ b/data/templates/ipsec/ipsec.secrets.tmpl @@ -1,7 +1,34 @@ +# Created by VyOS - manual changes will be overwritten + +{% if site_to_site is defined and "peer" in site_to_site %} +{% set ns = namespace(local_key_set=False) %} +{% for peer, peer_conf in site_to_site.peer.items() %} +{% if peer_conf.authentication.mode == 'pre-shared-secret' %} +{{ (peer_conf.local_address if "local_address" in peer_conf else "%any") ~ + (" " ~ peer) ~ + ((" " ~ peer_conf.authentication.id) if "id" in peer_conf.authentication else "") ~ + ((" " ~ peer_conf.authentication.remote_id) if "remote_id" in peer_conf.authentication else "") +}} : PSK "{{ peer_conf.authentication.pre_shared_secret }}" # dhcp:{{ peer_conf.dhcp_interface if 'dhcp_interface' in peer_conf else 'no' }} +{% elif peer_conf.authentication.mode == 'x509' %} +{% set key_file = peer_conf.authentication.x509.key.file %} +: RSA {{ key_file if key_file.startswith(x509_path) else (x509_path + key_file) }}{% if "password" in peer_conf.authentication.x509.key and peer_conf.authentication.x509.key.password %} "{{ peer_conf.authentication.x509.key.password}}"{% endif %} +{% elif peer_conf.authentication.mode == 'rsa' and not ns.local_key_set %} +{% set ns.local_key_set = True %} +: RSA {{ rsa_local_key }} +{% endif %} +{% endfor %} +{% endif %} + +{% if include_ipsec_secrets is defined %} +include {{ include_ipsec_secrets }} +{% endif %} + +{% if delim_ipsec_l2tp_begin is defined %} {{delim_ipsec_l2tp_begin}} -{% if ipsec_l2tp_auth_mode == 'pre-shared-secret' %} +{% if ipsec_l2tp_auth_mode == 'pre-shared-secret' %} {{outside_addr}} %any : PSK "{{ipsec_l2tp_secret}}" -{% elif ipsec_l2tp_auth_mode == 'x509' %} +{% elif ipsec_l2tp_auth_mode == 'x509' %} : RSA {{server_key_file_copied}} -{% endif%} +{% endif %} {{delim_ipsec_l2tp_end}} +{% endif %} |