pki: ipsec: l2tp: T2816: T3642: Move IPSec/L2TP code into vpn_ipsec.py and update to use PKI.

1 files changed, 20 insertions, 0 deletions

diff --git a/data/templates/ipsec/swanctl.conf.tmpl b/data/templates/ipsec/swanctl.conf.tmpl
index a6ab73cc2..102d7583f 100644
--- a/data/templates/ipsec/swanctl.conf.tmpl
+++ b/data/templates/ipsec/swanctl.conf.tmpl
@@ -1,4 +1,5 @@
 ### Autogenerated by vpn_ipsec.py ###
+{% import 'ipsec/swanctl/l2tp.tmpl' as l2tp_tmpl %}
 {% import 'ipsec/swanctl/profile.tmpl' as profile_tmpl %}
 {% import 'ipsec/swanctl/peer.tmpl' as peer_tmpl %}
 {% import 'ipsec/swanctl/remote_access.tmpl' as remote_access_tmpl %}
@@ -19,6 +20,9 @@ connections {
 {{ remote_access_tmpl.conn(rw, rw_conf, ike_group, esp_group) }}
 {%   endfor %}
 {% endif %}
+{% if l2tp %}
+{{ l2tp_tmpl.conn(l2tp, l2tp_outside_address, l2tp_ike_default, l2tp_esp_default, ike_group, esp_group) }}
+{% endif %}
 }
 
 pools {
@@ -103,5 +107,21 @@ secrets {
 {%      endif %}
 {%    endfor %}
 {%  endif %}
+{%  if l2tp %}
+{%    if l2tp.authentication.mode == 'pre-shared-secret' %}
+    ike_l2tp_remote_access {
+        id = "{{ l2tp_outside_address }}"
+        secret = "{{ l2tp.authentication.pre_shared_secret }}"
+    }
+{%    elif l2tp.authentication.mode == 'x509' %}
+    private_l2tp_remote_access {
+        id = "{{ l2tp_outside_address }}"
+        file = {{ l2tp.authentication.x509.certificate }}.pem
+{%      if l2tp.authentication.x509.passphrase is defined %}
+        secret = "{{ l2tp.authentication.x509.passphrase }}"
+{%      endif %}
+    }
+{%    endif %}
+{%  endif %}
 }