diff options
author | Viacheslav Hletenko <v.gletenko@vyos.i> | 2022-02-17 21:18:37 +0000 |
---|---|---|
committer | Viacheslav Hletenko <v.gletenko@vyos.io> | 2022-02-19 16:50:29 +0000 |
commit | f6c2b5e4762e7713c5868bebf8e482ce732e3302 (patch) | |
tree | c8a10bd3d5ffc6970d548eec98ddc3feb18c4fd6 /data/templates/ipsec | |
parent | e66879f71da3383a84ebfe6235795e718c32bdb9 (diff) | |
download | vyos-1x-f6c2b5e4762e7713c5868bebf8e482ce732e3302.tar.gz vyos-1x-f6c2b5e4762e7713c5868bebf8e482ce732e3302.zip |
vpn: T4254: Add cisco_flexvpn and install_virtual_ip_on options
Ability to set Cisco FlexVPN vendor ID payload:
charon.cisco_flexvpn
charon.install_virtual_ip_on
swanctl.connections.<conn>.vips = x.x.x.x, z.z.z.z
set vpn ipsec options flexvpn
set vpn ipsec options virtual-ip
set vpn ipsec options interface tunX
set vpn ipsec site-to-site peer x.x.x.x virtual-address x.x.x.x
Diffstat (limited to 'data/templates/ipsec')
-rw-r--r-- | data/templates/ipsec/charon.tmpl | 11 | ||||
-rw-r--r-- | data/templates/ipsec/swanctl/peer.tmpl | 3 |
2 files changed, 14 insertions, 0 deletions
diff --git a/data/templates/ipsec/charon.tmpl b/data/templates/ipsec/charon.tmpl index 4d710921e..b9b020dcd 100644 --- a/data/templates/ipsec/charon.tmpl +++ b/data/templates/ipsec/charon.tmpl @@ -20,6 +20,17 @@ charon { # Send Cisco Unity vendor ID payload (IKEv1 only). # cisco_unity = no + # Cisco FlexVPN +{% if options is defined %} + cisco_flexvpn = {{ 'yes' if options.flexvpn is defined else 'no' }} +{% if options.virtual_ip is defined %} + install_virtual_ip = yes +{% endif %} +{% if options.interface is defined and options.interface is not none %} + install_virtual_ip_on = {{ options.interface }} +{% endif %} +{% endif %} + # Close the IKE_SA if setup of the CHILD_SA along with IKE_AUTH failed. # close_ike_on_child_failure = no diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl index c6b71f2a1..f4e28d818 100644 --- a/data/templates/ipsec/swanctl/peer.tmpl +++ b/data/templates/ipsec/swanctl/peer.tmpl @@ -5,6 +5,9 @@ peer_{{ name }} { proposals = {{ ike | get_esp_ike_cipher | join(',') }} version = {{ ike.key_exchange[4:] if ike is defined and ike.key_exchange is defined else "0" }} +{% if peer_conf.virtual_address is defined and peer_conf.virtual_address is not none %} + vips = {{ peer_conf.virtual_address | join(', ') }} +{% endif %} local_addrs = {{ peer_conf.local_address if peer_conf.local_address != 'any' else '0.0.0.0/0' }} # dhcp:{{ peer_conf.dhcp_interface if 'dhcp_interface' in peer_conf else 'no' }} remote_addrs = {{ peer if peer not in ['any', '0.0.0.0'] and peer[0:1] != '@' else '0.0.0.0/0' }} {% if peer_conf.authentication is defined and peer_conf.authentication.mode is defined and peer_conf.authentication.mode == 'x509' %} |