diff options
author | Christian Poessinger <christian@poessinger.com> | 2022-04-13 22:51:42 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2022-04-13 22:51:42 +0200 |
commit | e8a637eec0cc398f78a877ece6b9c7cdca418970 (patch) | |
tree | d5950ea33e209a3a290b617d501807959102a9d0 /data/templates/ipsec/swanctl.conf.tmpl | |
parent | fc36d67b051bad776a5b1d6e9a04f1205487f01f (diff) | |
download | vyos-1x-e8a637eec0cc398f78a877ece6b9c7cdca418970.tar.gz vyos-1x-e8a637eec0cc398f78a877ece6b9c7cdca418970.zip |
ipsec: T4333: migrate to new vyos_defined Jinja2 test
Diffstat (limited to 'data/templates/ipsec/swanctl.conf.tmpl')
-rw-r--r-- | data/templates/ipsec/swanctl.conf.tmpl | 66 |
1 files changed, 33 insertions, 33 deletions
diff --git a/data/templates/ipsec/swanctl.conf.tmpl b/data/templates/ipsec/swanctl.conf.tmpl index 68b108365..6ba93dd1f 100644 --- a/data/templates/ipsec/swanctl.conf.tmpl +++ b/data/templates/ipsec/swanctl.conf.tmpl @@ -5,18 +5,18 @@ {% import 'ipsec/swanctl/remote_access.tmpl' as remote_access_tmpl %} connections { -{% if profile is defined %} -{% for name, profile_conf in profile.items() if profile_conf.disable is not defined and profile_conf.bind is defined and profile_conf.bind.tunnel is defined %} +{% if profile is vyos_defined %} +{% for name, profile_conf in profile.items() if profile_conf.disable is not vyos_defined and profile_conf.bind.tunnel is vyos_defined %} {{ profile_tmpl.conn(name, profile_conf, ike_group, esp_group) }} {% endfor %} {% endif %} -{% if site_to_site is defined and site_to_site.peer is defined %} -{% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not defined %} +{% if site_to_site.peer is vyos_defined %} +{% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not vyos_defined %} {{ peer_tmpl.conn(peer, peer_conf, ike_group, esp_group) }} {% endfor %} {% endif %} -{% if remote_access is defined and remote_access.connection is defined and remote_access.connection is not none %} -{% for rw, rw_conf in remote_access.connection.items() if rw_conf.disable is not defined %} +{% if remote_access.connection is vyos_defined %} +{% for rw, rw_conf in remote_access.connection.items() if rw_conf.disable is not vyos_defined %} {{ remote_access_tmpl.conn(rw, rw_conf, ike_group, esp_group) }} {% endfor %} {% endif %} @@ -26,16 +26,16 @@ connections { } pools { -{% if remote_access is defined and remote_access.pool is defined and remote_access.pool is not none %} +{% if remote_access.pool is vyos_defined %} {% for pool, pool_config in remote_access.pool.items() %} {{ pool }} { -{% if pool_config.prefix is defined and pool_config.prefix is not none %} +{% if pool_config.prefix is vyos_defined %} addrs = {{ pool_config.prefix }} {% endif %} -{% if pool_config.name_server is defined and pool_config.name_server is not none %} +{% if pool_config.name_server is vyos_defined %} dns = {{ pool_config.name_server | join(',') }} {% endif %} -{% if pool_config.exclude is defined and pool_config.exclude is not none %} +{% if pool_config.exclude is vyos_defined %} split_exclude = {{ pool_config.exclude | join(',') }} {% endif %} } @@ -44,9 +44,9 @@ pools { } secrets { -{% if profile is defined %} -{% for name, profile_conf in profile.items() if profile_conf.disable is not defined and profile_conf.bind is defined and profile_conf.bind.tunnel is defined %} -{% if profile_conf.authentication.mode == 'pre-shared-secret' %} +{% if profile is vyos_defined %} +{% for name, profile_conf in profile.items() if profile_conf.disable is not vyos_defined and profile_conf.bind.tunnel is vyos_defined %} +{% if profile_conf.authentication.mode is vyos_defined('pre-shared-secret') %} {% for interface in profile_conf.bind.tunnel %} ike-dmvpn-{{ interface }} { secret = {{ profile_conf.authentication.pre_shared_secret }} @@ -55,54 +55,54 @@ secrets { {% endif %} {% endfor %} {% endif %} -{% if site_to_site is defined and site_to_site.peer is defined %} -{% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not defined %} +{% if site_to_site.peer is vyos_defined %} +{% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not vyos_defined %} {% set peer_name = peer.replace("@", "") | dot_colon_to_dash %} -{% if peer_conf.authentication.mode == 'pre-shared-secret' %} +{% if peer_conf.authentication.mode is vyos_defined('pre-shared-secret') %} ike_{{ peer_name }} { -{% if peer_conf.local_address is defined %} +{% if peer_conf.local_address is vyos_defined %} id-local = {{ peer_conf.local_address }} # dhcp:{{ peer_conf.dhcp_interface if 'dhcp_interface' in peer_conf else 'no' }} {% endif %} id-remote = {{ peer }} -{% if peer_conf.authentication.id is defined %} +{% if peer_conf.authentication.id is vyos_defined %} id-localid = {{ peer_conf.authentication.id }} {% endif %} -{% if peer_conf.authentication.remote_id is defined %} +{% if peer_conf.authentication.remote_id is vyos_defined %} id-remoteid = {{ peer_conf.authentication.remote_id }} {% endif %} secret = "{{ peer_conf.authentication.pre_shared_secret }}" } -{% elif peer_conf.authentication.mode == 'x509' %} +{% elif peer_conf.authentication.mode is vyos_defined('x509') %} private_{{ peer_name }} { file = {{ peer_conf.authentication.x509.certificate }}.pem -{% if peer_conf.authentication.x509.passphrase is defined %} +{% if peer_conf.authentication.x509.passphrase is vyos_defined %} secret = "{{ peer_conf.authentication.x509.passphrase }}" {% endif %} } -{% elif peer_conf.authentication.mode == 'rsa' %} +{% elif peer_conf.authentication.mode is vyos_defined('rsa') %} rsa_{{ peer_name }}_local { file = {{ peer_conf.authentication.rsa.local_key }}.pem -{% if peer_conf.authentication.rsa.passphrase is defined %} +{% if peer_conf.authentication.rsa.passphrase is vyos_defined %} secret = "{{ peer_conf.authentication.rsa.passphrase }}" {% endif %} } {% endif %} {% endfor %} {% endif %} -{% if remote_access is defined and remote_access.connection is defined and remote_access.connection is not none %} -{% for ra, ra_conf in remote_access.connection.items() if ra_conf.disable is not defined %} -{% if ra_conf.authentication.server_mode == 'pre-shared-secret' %} +{% if remote_access.connection is vyos_defined %} +{% for ra, ra_conf in remote_access.connection.items() if ra_conf.disable is not vyos_defined %} +{% if ra_conf.authentication.server_mode is vyos_defined('pre-shared-secret') %} ike_{{ ra }} { -{% if ra_conf.authentication.id is defined %} +{% if ra_conf.authentication.id is vyos_defined %} id = "{{ ra_conf.authentication.id }}" -{% elif ra_conf.local_address is defined %} +{% elif ra_conf.local_address is vyos_defined %} id = "{{ ra_conf.local_address }}" {% endif %} secret = "{{ ra_conf.authentication.pre_shared_secret }}" } {% endif %} -{% if ra_conf.authentication.client_mode == 'eap-mschapv2' and ra_conf.authentication.local_users is defined and ra_conf.authentication.local_users.username is defined %} -{% for user, user_conf in ra_conf.authentication.local_users.username.items() if user_conf.disable is not defined %} +{% if ra_conf.authentication.client_mode is vyos_defined('eap-mschapv2') and ra_conf.authentication.local_users.username is vyos_defined %} +{% for user, user_conf in ra_conf.authentication.local_users.username.items() if user_conf.disable is not vyos_defined %} eap-{{ ra }}-{{ user }} { secret = "{{ user_conf.password }}" id-{{ ra }}-{{ user }} = "{{ user }}" @@ -112,16 +112,16 @@ secrets { {% endfor %} {% endif %} {% if l2tp %} -{% if l2tp.authentication.mode == 'pre-shared-secret' %} +{% if l2tp.authentication.mode is vyos_defined('pre-shared-secret') %} ike_l2tp_remote_access { id = "{{ l2tp_outside_address }}" secret = "{{ l2tp.authentication.pre_shared_secret }}" } -{% elif l2tp.authentication.mode == 'x509' %} +{% elif l2tp.authentication.mode is vyos_defined('x509') %} private_l2tp_remote_access { id = "{{ l2tp_outside_address }}" file = {{ l2tp.authentication.x509.certificate }}.pem -{% if l2tp.authentication.x509.passphrase is defined %} +{% if l2tp.authentication.x509.passphrase is vyos_defined %} secret = "{{ l2tp.authentication.x509.passphrase }}" {% endif %} } |