T5873: vpn ipsec remote-access: support VTI interfaces

2 files changed, 9 insertions, 0 deletions

diff --git a/data/templates/ipsec/swanctl.conf.j2 b/data/templates/ipsec/swanctl.conf.j2
index d44d0f5e4..698a9135e 100644
--- a/data/templates/ipsec/swanctl.conf.j2
+++ b/data/templates/ipsec/swanctl.conf.j2
@@ -31,6 +31,8 @@ pools {
     {{ pool }} {
 {%         if pool_config.prefix is vyos_defined %}
         addrs = {{ pool_config.prefix }}
+{%         elif pool_config.range is vyos_defined %}
+        addrs = {{ pool_config.range.start }}-{{ pool_config.range.stop }}
 {%         endif %}
 {%         if pool_config.name_server is vyos_defined %}
         dns = {{ pool_config.name_server | join(',') }}
diff --git a/data/templates/ipsec/swanctl/remote_access.j2 b/data/templates/ipsec/swanctl/remote_access.j2
index e384ae972..a3b61f781 100644
--- a/data/templates/ipsec/swanctl/remote_access.j2
+++ b/data/templates/ipsec/swanctl/remote_access.j2
@@ -69,6 +69,13 @@
 {% set local_port = rw_conf.local.port if rw_conf.local.port is vyos_defined else '' %}
 {% set local_suffix = '[%any/{1}]'.format(local_port) if local_port else '' %}
                 local_ts = {{ local_prefix | join(local_suffix + ",") }}{{ local_suffix }}
+{% if rw_conf.bind is vyos_defined %}
+{#     The key defaults to 0 and will match any policies which similarly do not have a lookup key configuration. #}
+{#     Thus we simply shift the key by one to also support a vti0 interface #}
+{%     set if_id = rw_conf.bind | replace('vti', '') | int + 1 %}
+                if_id_in = {{ if_id }}
+                if_id_out = {{ if_id }}
+{% endif %}
             }
         }
     }