ipsec: T2230: move inlined templates to dedicated files

3 files changed, 38 insertions, 0 deletions

diff --git a/data/templates/ipsec/ipsec.conf.tmpl b/data/templates/ipsec/ipsec.conf.tmpl
new file mode 100644
index 000000000..d0b60765b
--- /dev/null
+++ b/data/templates/ipsec/ipsec.conf.tmpl
@@ -0,0 +1,3 @@
+{{delim_ipsec_l2tp_begin}}
+include {{ipsec_ra_conn_file}}
+{{delim_ipsec_l2tp_end}}
diff --git a/data/templates/ipsec/ipsec.secrets.tmpl b/data/templates/ipsec/ipsec.secrets.tmpl
new file mode 100644
index 000000000..55c010a3b
--- /dev/null
+++ b/data/templates/ipsec/ipsec.secrets.tmpl
@@ -0,0 +1,7 @@
+{{delim_ipsec_l2tp_begin}}
+{% if ipsec_l2tp_auth_mode == 'pre-shared-secret' %}
+{{outside_addr}} %any : PSK "{{ipsec_l2tp_secret}}"
+{% elif ipsec_l2tp_auth_mode == 'x509' %}
+: RSA {{server_key_file_copied}}
+{% endif%}
+{{delim_ipsec_l2tp_end}}
diff --git a/data/templates/ipsec/remote-access.tmpl b/data/templates/ipsec/remote-access.tmpl
new file mode 100644
index 000000000..fae48232f
--- /dev/null
+++ b/data/templates/ipsec/remote-access.tmpl
@@ -0,0 +1,28 @@
+{{delim_ipsec_l2tp_begin}}
+conn {{ra_conn_name}}
+  type=transport
+  left={{outside_addr}}
+  leftsubnet=%dynamic[/1701]
+  rightsubnet=%dynamic
+  mark_in=%unique
+  auto=add
+  ike=aes256-sha1-modp1024,3des-sha1-modp1024,3des-sha1-modp1024!
+  dpddelay=15
+  dpdtimeout=45
+  dpdaction=clear
+  esp=aes256-sha1,3des-sha1!
+  rekey=no
+{% if ipsec_l2tp_auth_mode == 'pre-shared-secret' %}
+  authby=secret
+  leftauth=psk
+  rightauth=psk
+{% elif ipsec_l2tp_auth_mode == 'x509' %}
+  authby=rsasig
+  leftrsasigkey=%cert
+  rightrsasigkey=%cert
+  rightca=%same
+  leftcert={{server_cert_file_copied}}
+{% endif %}
+  ikelifetime={{ipsec_l2tp_ike_lifetime}}
+  keylife={{ipsec_l2tp_lifetime}}
+{{delim_ipsec_l2tp_end}}