diff options
| author | Viacheslav Hletenko <v.gletenko@vyos.io> | 2022-08-10 19:51:48 +0000 |
|---|---|---|
| committer | Viacheslav Hletenko <v.gletenko@vyos.io> | 2022-09-16 11:53:41 +0000 |
| commit | bd4588827b563022ce5fb98b1345b787b9194176 (patch) | |
| tree | fc63296fcb1a76dcfb9e964dac886dfd7e743d3f /data/templates/ipsec/swanctl.conf.j2 | |
| parent | 7ae34b68649ef526c18e662d444465bf18a23939 (diff) | |
| download | vyos-1x-bd4588827b563022ce5fb98b1345b787b9194176.tar.gz vyos-1x-bd4588827b563022ce5fb98b1345b787b9194176.zip | |
ipsec: T4118: Change vpn ipsec syntax for IKE ESP and peer
Migration and Change boolean nodes "enable/disable" to
disable-xxxx, enable-xxxx and just xxx for VPN IPsec
configurations
- IKE changes:
- replace 'ipsec ike-group <tag> mobike disable'
=> 'ipsec ike-group <tag> disable-mobike'
- replace 'ipsec ike-group <tag> ikev2-reauth yes|no'
=> 'ipsec ike-group <tag> ikev2-reauth'
- ESP changes:
- replace 'ipsec esp-group <tag> compression enable'
=> 'ipsec esp-group <tag> compression'
- PEER changes:
- replace: 'peer <tag> id xxx'
=> 'peer <tag> local-id xxx'
- replace: 'peer <tag> force-encapsulation enable'
=> 'peer <tag> force-udp-encapsulation'
- add option: 'peer <tag> remote-address x.x.x.x'
Add 'peer <name> remote-address <name>' via migration script
Diffstat (limited to 'data/templates/ipsec/swanctl.conf.j2')
| -rw-r--r-- | data/templates/ipsec/swanctl.conf.j2 | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/data/templates/ipsec/swanctl.conf.j2 b/data/templates/ipsec/swanctl.conf.j2 index bf6b8259c..38d7981c6 100644 --- a/data/templates/ipsec/swanctl.conf.j2 +++ b/data/templates/ipsec/swanctl.conf.j2 @@ -63,9 +63,11 @@ secrets { {% if peer_conf.local_address is vyos_defined %} id-local = {{ peer_conf.local_address }} # dhcp:{{ peer_conf.dhcp_interface if 'dhcp_interface' in peer_conf else 'no' }} {% endif %} - id-remote = {{ peer }} -{% if peer_conf.authentication.id is vyos_defined %} - id-localid = {{ peer_conf.authentication.id }} +{% for address in peer_conf.remote_address %} + id-remote_{{ address | dot_colon_to_dash }} = {{ address }} +{% endfor %} +{% if peer_conf.authentication.local_id is vyos_defined %} + id-localid = {{ peer_conf.authentication.local_id }} {% endif %} {% if peer_conf.authentication.remote_id is vyos_defined %} id-remoteid = {{ peer_conf.authentication.remote_id }} @@ -93,8 +95,8 @@ secrets { {% for ra, ra_conf in remote_access.connection.items() if ra_conf.disable is not vyos_defined %} {% if ra_conf.authentication.server_mode is vyos_defined('pre-shared-secret') %} ike_{{ ra }} { -{% if ra_conf.authentication.id is vyos_defined %} - id = "{{ ra_conf.authentication.id }}" +{% if ra_conf.authentication.local_id is vyos_defined %} + id = "{{ ra_conf.authentication.local_id }}" {% elif ra_conf.local_address is vyos_defined %} id = "{{ ra_conf.local_address }}" {% endif %} |