1 files changed, 32 insertions, 0 deletions

diff --git a/data/templates/ipsec/ike-esp.tmpl b/data/templates/ipsec/ike-esp.tmpl
new file mode 100644
index 000000000..deeb8c80d
--- /dev/null
+++ b/data/templates/ipsec/ike-esp.tmpl
@@ -0,0 +1,32 @@
+{% macro conn(ike, ike_ciphers, esp, esp_ciphers) -%}
+{%  if ike %}
+{%      if "key_exchange" in ike %}
+    keyexchange = {{ ike.key_exchange }}
+{%      endif %}
+    ike = {{ ike_ciphers }}
+{%      if "lifetime" in ike %}
+    ikelifetime = {{ ike.lifetime }}s
+{%      endif %}
+    reauth = {{ ike.ikev2_reauth if "ikev2_reauth" in ike else "no" }}
+    closeaction = {{ ike.close_action if "close_action" in ike else "none" }}
+{%      if "dead_peer_detection" in ike %}
+    dpdaction = {{ ike.dead_peer_detection.action }}
+    dpdtimeout = {{ ike.dead_peer_detection.timeout }}
+    dpddelay = {{ ike.dead_peer_detection.interval }}
+{%      endif %}
+{%      if "key_exchange" in ike and ike.key_exchange == "ikev1" and "mode" in ike and ike.mode == "aggressive" %}
+    aggressive = yes
+{%      endif %}
+{%      if "key_exchange" in ike and ike.key_exchange == "ikev2" %}
+    mobike = {{ "yes" if "mobike" not in ike or ike.mobike == "enable" else "no" }}
+{%      endif %}
+{%  endif %}
+{%  if esp %}
+    esp = {{ esp_ciphers }}
+{%      if "lifetime" in esp %}
+    keylife = {{ esp.lifetime }}s
+{%      endif %}
+    compress = {{ 'yes' if "compression" in esp and esp.compression == 'enable' else 'no' }}
+    type = {{ esp.mode if "mode" in esp else "tunnel" }}
+{%  endif %}
+{%- endmacro %}