diff options
| author | Christian Poessinger <christian@poessinger.com> | 2020-04-05 23:21:31 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2020-04-05 23:21:31 +0200 |
| commit | dbc174dd2b8558cb7a8ad7daf38b8ef38702e0fa (patch) | |
| tree | f7edc85891e79a3ed5d6d9987721c825d1f5c1a9 /data/templates/ipsec/remote-access.tmpl | |
| parent | 6b4aed73cbb16d6f0d4b310230a517d36578c8ae (diff) | |
| download | vyos-1x-dbc174dd2b8558cb7a8ad7daf38b8ef38702e0fa.tar.gz vyos-1x-dbc174dd2b8558cb7a8ad7daf38b8ef38702e0fa.zip | |
ipsec: T2230: move inlined templates to dedicated files
Diffstat (limited to 'data/templates/ipsec/remote-access.tmpl')
| -rw-r--r-- | data/templates/ipsec/remote-access.tmpl | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/data/templates/ipsec/remote-access.tmpl b/data/templates/ipsec/remote-access.tmpl new file mode 100644 index 000000000..fae48232f --- /dev/null +++ b/data/templates/ipsec/remote-access.tmpl @@ -0,0 +1,28 @@ +{{delim_ipsec_l2tp_begin}} +conn {{ra_conn_name}} + type=transport + left={{outside_addr}} + leftsubnet=%dynamic[/1701] + rightsubnet=%dynamic + mark_in=%unique + auto=add + ike=aes256-sha1-modp1024,3des-sha1-modp1024,3des-sha1-modp1024! + dpddelay=15 + dpdtimeout=45 + dpdaction=clear + esp=aes256-sha1,3des-sha1! + rekey=no +{% if ipsec_l2tp_auth_mode == 'pre-shared-secret' %} + authby=secret + leftauth=psk + rightauth=psk +{% elif ipsec_l2tp_auth_mode == 'x509' %} + authby=rsasig + leftrsasigkey=%cert + rightrsasigkey=%cert + rightca=%same + leftcert={{server_cert_file_copied}} +{% endif %} + ikelifetime={{ipsec_l2tp_ike_lifetime}} + keylife={{ipsec_l2tp_lifetime}} +{{delim_ipsec_l2tp_end}} |