summaryrefslogtreecommitdiff
path: root/data/templates/ipsec/swanctl.conf.tmpl
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-04-13 22:51:42 +0200
committerChristian Poessinger <christian@poessinger.com>2022-04-13 22:51:42 +0200
commite8a637eec0cc398f78a877ece6b9c7cdca418970 (patch)
treed5950ea33e209a3a290b617d501807959102a9d0 /data/templates/ipsec/swanctl.conf.tmpl
parentfc36d67b051bad776a5b1d6e9a04f1205487f01f (diff)
downloadvyos-1x-e8a637eec0cc398f78a877ece6b9c7cdca418970.tar.gz
vyos-1x-e8a637eec0cc398f78a877ece6b9c7cdca418970.zip
ipsec: T4333: migrate to new vyos_defined Jinja2 test
Diffstat (limited to 'data/templates/ipsec/swanctl.conf.tmpl')
-rw-r--r--data/templates/ipsec/swanctl.conf.tmpl66
1 files changed, 33 insertions, 33 deletions
diff --git a/data/templates/ipsec/swanctl.conf.tmpl b/data/templates/ipsec/swanctl.conf.tmpl
index 68b108365..6ba93dd1f 100644
--- a/data/templates/ipsec/swanctl.conf.tmpl
+++ b/data/templates/ipsec/swanctl.conf.tmpl
@@ -5,18 +5,18 @@
{% import 'ipsec/swanctl/remote_access.tmpl' as remote_access_tmpl %}
connections {
-{% if profile is defined %}
-{% for name, profile_conf in profile.items() if profile_conf.disable is not defined and profile_conf.bind is defined and profile_conf.bind.tunnel is defined %}
+{% if profile is vyos_defined %}
+{% for name, profile_conf in profile.items() if profile_conf.disable is not vyos_defined and profile_conf.bind.tunnel is vyos_defined %}
{{ profile_tmpl.conn(name, profile_conf, ike_group, esp_group) }}
{% endfor %}
{% endif %}
-{% if site_to_site is defined and site_to_site.peer is defined %}
-{% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not defined %}
+{% if site_to_site.peer is vyos_defined %}
+{% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not vyos_defined %}
{{ peer_tmpl.conn(peer, peer_conf, ike_group, esp_group) }}
{% endfor %}
{% endif %}
-{% if remote_access is defined and remote_access.connection is defined and remote_access.connection is not none %}
-{% for rw, rw_conf in remote_access.connection.items() if rw_conf.disable is not defined %}
+{% if remote_access.connection is vyos_defined %}
+{% for rw, rw_conf in remote_access.connection.items() if rw_conf.disable is not vyos_defined %}
{{ remote_access_tmpl.conn(rw, rw_conf, ike_group, esp_group) }}
{% endfor %}
{% endif %}
@@ -26,16 +26,16 @@ connections {
}
pools {
-{% if remote_access is defined and remote_access.pool is defined and remote_access.pool is not none %}
+{% if remote_access.pool is vyos_defined %}
{% for pool, pool_config in remote_access.pool.items() %}
{{ pool }} {
-{% if pool_config.prefix is defined and pool_config.prefix is not none %}
+{% if pool_config.prefix is vyos_defined %}
addrs = {{ pool_config.prefix }}
{% endif %}
-{% if pool_config.name_server is defined and pool_config.name_server is not none %}
+{% if pool_config.name_server is vyos_defined %}
dns = {{ pool_config.name_server | join(',') }}
{% endif %}
-{% if pool_config.exclude is defined and pool_config.exclude is not none %}
+{% if pool_config.exclude is vyos_defined %}
split_exclude = {{ pool_config.exclude | join(',') }}
{% endif %}
}
@@ -44,9 +44,9 @@ pools {
}
secrets {
-{% if profile is defined %}
-{% for name, profile_conf in profile.items() if profile_conf.disable is not defined and profile_conf.bind is defined and profile_conf.bind.tunnel is defined %}
-{% if profile_conf.authentication.mode == 'pre-shared-secret' %}
+{% if profile is vyos_defined %}
+{% for name, profile_conf in profile.items() if profile_conf.disable is not vyos_defined and profile_conf.bind.tunnel is vyos_defined %}
+{% if profile_conf.authentication.mode is vyos_defined('pre-shared-secret') %}
{% for interface in profile_conf.bind.tunnel %}
ike-dmvpn-{{ interface }} {
secret = {{ profile_conf.authentication.pre_shared_secret }}
@@ -55,54 +55,54 @@ secrets {
{% endif %}
{% endfor %}
{% endif %}
-{% if site_to_site is defined and site_to_site.peer is defined %}
-{% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not defined %}
+{% if site_to_site.peer is vyos_defined %}
+{% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not vyos_defined %}
{% set peer_name = peer.replace("@", "") | dot_colon_to_dash %}
-{% if peer_conf.authentication.mode == 'pre-shared-secret' %}
+{% if peer_conf.authentication.mode is vyos_defined('pre-shared-secret') %}
ike_{{ peer_name }} {
-{% if peer_conf.local_address is defined %}
+{% if peer_conf.local_address is vyos_defined %}
id-local = {{ peer_conf.local_address }} # dhcp:{{ peer_conf.dhcp_interface if 'dhcp_interface' in peer_conf else 'no' }}
{% endif %}
id-remote = {{ peer }}
-{% if peer_conf.authentication.id is defined %}
+{% if peer_conf.authentication.id is vyos_defined %}
id-localid = {{ peer_conf.authentication.id }}
{% endif %}
-{% if peer_conf.authentication.remote_id is defined %}
+{% if peer_conf.authentication.remote_id is vyos_defined %}
id-remoteid = {{ peer_conf.authentication.remote_id }}
{% endif %}
secret = "{{ peer_conf.authentication.pre_shared_secret }}"
}
-{% elif peer_conf.authentication.mode == 'x509' %}
+{% elif peer_conf.authentication.mode is vyos_defined('x509') %}
private_{{ peer_name }} {
file = {{ peer_conf.authentication.x509.certificate }}.pem
-{% if peer_conf.authentication.x509.passphrase is defined %}
+{% if peer_conf.authentication.x509.passphrase is vyos_defined %}
secret = "{{ peer_conf.authentication.x509.passphrase }}"
{% endif %}
}
-{% elif peer_conf.authentication.mode == 'rsa' %}
+{% elif peer_conf.authentication.mode is vyos_defined('rsa') %}
rsa_{{ peer_name }}_local {
file = {{ peer_conf.authentication.rsa.local_key }}.pem
-{% if peer_conf.authentication.rsa.passphrase is defined %}
+{% if peer_conf.authentication.rsa.passphrase is vyos_defined %}
secret = "{{ peer_conf.authentication.rsa.passphrase }}"
{% endif %}
}
{% endif %}
{% endfor %}
{% endif %}
-{% if remote_access is defined and remote_access.connection is defined and remote_access.connection is not none %}
-{% for ra, ra_conf in remote_access.connection.items() if ra_conf.disable is not defined %}
-{% if ra_conf.authentication.server_mode == 'pre-shared-secret' %}
+{% if remote_access.connection is vyos_defined %}
+{% for ra, ra_conf in remote_access.connection.items() if ra_conf.disable is not vyos_defined %}
+{% if ra_conf.authentication.server_mode is vyos_defined('pre-shared-secret') %}
ike_{{ ra }} {
-{% if ra_conf.authentication.id is defined %}
+{% if ra_conf.authentication.id is vyos_defined %}
id = "{{ ra_conf.authentication.id }}"
-{% elif ra_conf.local_address is defined %}
+{% elif ra_conf.local_address is vyos_defined %}
id = "{{ ra_conf.local_address }}"
{% endif %}
secret = "{{ ra_conf.authentication.pre_shared_secret }}"
}
{% endif %}
-{% if ra_conf.authentication.client_mode == 'eap-mschapv2' and ra_conf.authentication.local_users is defined and ra_conf.authentication.local_users.username is defined %}
-{% for user, user_conf in ra_conf.authentication.local_users.username.items() if user_conf.disable is not defined %}
+{% if ra_conf.authentication.client_mode is vyos_defined('eap-mschapv2') and ra_conf.authentication.local_users.username is vyos_defined %}
+{% for user, user_conf in ra_conf.authentication.local_users.username.items() if user_conf.disable is not vyos_defined %}
eap-{{ ra }}-{{ user }} {
secret = "{{ user_conf.password }}"
id-{{ ra }}-{{ user }} = "{{ user }}"
@@ -112,16 +112,16 @@ secrets {
{% endfor %}
{% endif %}
{% if l2tp %}
-{% if l2tp.authentication.mode == 'pre-shared-secret' %}
+{% if l2tp.authentication.mode is vyos_defined('pre-shared-secret') %}
ike_l2tp_remote_access {
id = "{{ l2tp_outside_address }}"
secret = "{{ l2tp.authentication.pre_shared_secret }}"
}
-{% elif l2tp.authentication.mode == 'x509' %}
+{% elif l2tp.authentication.mode is vyos_defined('x509') %}
private_l2tp_remote_access {
id = "{{ l2tp_outside_address }}"
file = {{ l2tp.authentication.x509.certificate }}.pem
-{% if l2tp.authentication.x509.passphrase is defined %}
+{% if l2tp.authentication.x509.passphrase is vyos_defined %}
secret = "{{ l2tp.authentication.x509.passphrase }}"
{% endif %}
}