diff options
Diffstat (limited to 'data/templates/ipsec')
-rw-r--r-- | data/templates/ipsec/swanctl.conf.tmpl | 2 | ||||
-rw-r--r-- | data/templates/ipsec/swanctl/peer.tmpl | 10 |
2 files changed, 6 insertions, 6 deletions
diff --git a/data/templates/ipsec/swanctl.conf.tmpl b/data/templates/ipsec/swanctl.conf.tmpl index 9e629b176..0ff08ee15 100644 --- a/data/templates/ipsec/swanctl.conf.tmpl +++ b/data/templates/ipsec/swanctl.conf.tmpl @@ -18,7 +18,7 @@ connections { {% set peer_ike = ike_group[peer_conf.ike_group] %} {% set peer_esp = esp_group[peer_conf.default_esp_group] if peer_conf.default_esp_group is defined else None %} {% set auth_type = authby[peer_conf.authentication.mode] %} -{{ peer_tmpl.conn(peer_conn_name, peer, peer_conf, peer_ike, peer_esp, ciphers, esp_group, auth_type, marks) }} +{{ peer_tmpl.conn(peer_conn_name, peer, peer_conf, peer_ike, peer_esp, ciphers, esp_group, auth_type) }} {% endfor %} {% endif %} } diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl index 36cb1abfb..c97ac1f67 100644 --- a/data/templates/ipsec/swanctl/peer.tmpl +++ b/data/templates/ipsec/swanctl/peer.tmpl @@ -1,4 +1,4 @@ -{% macro conn(name, peer, peer_conf, ike, esp, ciphers, esp_group, auth_type, marks) %} +{% macro conn(name, peer, peer_conf, ike, esp, ciphers, esp_group, auth_type) %} peer_{{ name }} { proposals = {{ ciphers.ike[peer_conf.ike_group] }} version = {{ ike['key_exchange'][4:] if "key_exchange" in ike else "0" }} @@ -61,8 +61,8 @@ local_ts = 0.0.0.0/0,::/0 remote_ts = 0.0.0.0/0,::/0 updown = "/etc/ipsec.d/vti-up-down {{ peer_conf.vti.bind }} {{ peer_conf.dhcp_interface if peer_conf.dhcp_interface is defined else 'no' }}" - mark_in = {{ marks[peer_conf.vti.bind] }} - mark_out = {{ marks[peer_conf.vti.bind] }} + if_id_in = {{ peer_conf.vti.bind | replace('vti', '') }} + if_id_out = {{ peer_conf.vti.bind | replace('vti', '') }} ipcomp = {{ 'yes' if "compression" in vti_esp and vti_esp.compression == 'enable' else 'no' }} mode = {{ vti_esp.mode if "mode" in vti_esp else "tunnel" }} {% if peer[0:1] == '@' %} @@ -117,8 +117,8 @@ {% endif %} {% if peer_conf.vti is defined and peer_conf.vti.bind is defined %} updown = "/etc/ipsec.d/vti-up-down {{ peer_conf.vti.bind }} {{ peer_conf.dhcp_interface if peer_conf.dhcp_interface is defined else 'no' }}" - mark_in = {{ marks[peer_conf.vti.bind] }} - mark_out = {{ marks[peer_conf.vti.bind] }} + if_id_in = {{ peer_conf.vti.bind | replace('vti', '') }} + if_id_out = {{ peer_conf.vti.bind | replace('vti', '') }} {% endif %} } {% if tunnel_conf.passthrough is defined and tunnel_conf.passthrough %} |