diff options
Diffstat (limited to 'data/templates/ipsec')
-rw-r--r-- | data/templates/ipsec/ipsec.conf.tmpl | 3 | ||||
-rw-r--r-- | data/templates/ipsec/ipsec.secrets.tmpl | 7 | ||||
-rw-r--r-- | data/templates/ipsec/remote-access.tmpl | 28 |
3 files changed, 38 insertions, 0 deletions
diff --git a/data/templates/ipsec/ipsec.conf.tmpl b/data/templates/ipsec/ipsec.conf.tmpl new file mode 100644 index 000000000..d0b60765b --- /dev/null +++ b/data/templates/ipsec/ipsec.conf.tmpl @@ -0,0 +1,3 @@ +{{delim_ipsec_l2tp_begin}} +include {{ipsec_ra_conn_file}} +{{delim_ipsec_l2tp_end}} diff --git a/data/templates/ipsec/ipsec.secrets.tmpl b/data/templates/ipsec/ipsec.secrets.tmpl new file mode 100644 index 000000000..55c010a3b --- /dev/null +++ b/data/templates/ipsec/ipsec.secrets.tmpl @@ -0,0 +1,7 @@ +{{delim_ipsec_l2tp_begin}} +{% if ipsec_l2tp_auth_mode == 'pre-shared-secret' %} +{{outside_addr}} %any : PSK "{{ipsec_l2tp_secret}}" +{% elif ipsec_l2tp_auth_mode == 'x509' %} +: RSA {{server_key_file_copied}} +{% endif%} +{{delim_ipsec_l2tp_end}} diff --git a/data/templates/ipsec/remote-access.tmpl b/data/templates/ipsec/remote-access.tmpl new file mode 100644 index 000000000..fae48232f --- /dev/null +++ b/data/templates/ipsec/remote-access.tmpl @@ -0,0 +1,28 @@ +{{delim_ipsec_l2tp_begin}} +conn {{ra_conn_name}} + type=transport + left={{outside_addr}} + leftsubnet=%dynamic[/1701] + rightsubnet=%dynamic + mark_in=%unique + auto=add + ike=aes256-sha1-modp1024,3des-sha1-modp1024,3des-sha1-modp1024! + dpddelay=15 + dpdtimeout=45 + dpdaction=clear + esp=aes256-sha1,3des-sha1! + rekey=no +{% if ipsec_l2tp_auth_mode == 'pre-shared-secret' %} + authby=secret + leftauth=psk + rightauth=psk +{% elif ipsec_l2tp_auth_mode == 'x509' %} + authby=rsasig + leftrsasigkey=%cert + rightrsasigkey=%cert + rightca=%same + leftcert={{server_cert_file_copied}} +{% endif %} + ikelifetime={{ipsec_l2tp_ike_lifetime}} + keylife={{ipsec_l2tp_lifetime}} +{{delim_ipsec_l2tp_end}} |