1 files changed, 18 insertions, 0 deletions

diff --git a/data/templates/ipsec/swanctl.conf.tmpl b/data/templates/ipsec/swanctl.conf.tmpl
index cafe52e78..15c035688 100644
--- a/data/templates/ipsec/swanctl.conf.tmpl
+++ b/data/templates/ipsec/swanctl.conf.tmpl
@@ -1,6 +1,7 @@
 ### Autogenerated by vpn_ipsec.py ###
 {% import 'ipsec/swanctl/profile.tmpl' as profile_tmpl %}
 {% import 'ipsec/swanctl/peer.tmpl' as peer_tmpl %}
+{% import 'ipsec/swanctl/remote_access.tmpl' as remote_access_tmpl %}
 
 connections {
 {% if profile is defined %}
@@ -13,6 +14,11 @@ connections {
 {{     peer_tmpl.conn(peer, peer_conf, ike_group, esp_group) }}
 {%   endfor %}
 {%  endif %}
+{% if remote_access is defined and remote_access is not none %}
+{%   for rw, rw_conf in remote_access.items() if rw_conf.disable is not defined %}
+{{ remote_access_tmpl.conn(rw, rw_conf, ike_group, esp_group) }}
+{%   endfor %}
+{% endif %}
 }
 
 secrets {
@@ -60,5 +66,17 @@ secrets {
 {%      endif %}
 {%    endfor %}
 {%  endif %}
+{%  if remote_access is defined %}
+{%    for ra, ra_conf in remote_access.items() if remote_access is defined %}
+{%      if ra_conf.authentication is defined and ra_conf.authentication.local_users is defined and ra_conf.authentication.local_users.username is defined %}
+{%        for user, user_conf in ra_conf.authentication.local_users.username.items() if user_conf.disable is not defined %}
+    eap-{{ ra }}-{{ user }} {
+        secret = "{{ user_conf.password }}"
+        id-{{ ra }}-{{ user }} = "{{ user }}"
+    }
+{%        endfor %}
+{%      endif %}
+{%    endfor %}
+{%  endif %}
 }