2 files changed, 13 insertions, 1 deletions

diff --git a/data/templates/ipsec/swanctl/remote_access.j2 b/data/templates/ipsec/swanctl/remote_access.j2
index adfa32bde..6bced88c7 100644
--- a/data/templates/ipsec/swanctl/remote_access.j2
+++ b/data/templates/ipsec/swanctl/remote_access.j2
@@ -33,7 +33,7 @@
             auth = pubkey
 {% elif rw_conf.authentication.client_mode.startswith("eap") %}
             auth = {{ rw_conf.authentication.client_mode }}
-            eap_id = %any
+            eap_id = {{ '%any' if rw_conf.authentication.eap_id == 'any' else rw_conf.authentication.eap_id }}
 {% endif %}
 {% if rw_conf.authentication.client_mode is vyos_defined('eap-tls') or rw_conf.authentication.client_mode is vyos_defined('x509') %}
 {#          pass all configured CAs as filenames, separated by commas #}
diff --git a/data/templates/load-balancing/haproxy.cfg.j2 b/data/templates/load-balancing/haproxy.cfg.j2
index dd93afba5..e8622ba7b 100644
--- a/data/templates/load-balancing/haproxy.cfg.j2
+++ b/data/templates/load-balancing/haproxy.cfg.j2
@@ -69,6 +69,18 @@ frontend {{ front }}
 {%         endif %}
 {%         if front_config.mode is vyos_defined %}
     mode {{ front_config.mode }}
+{%             if front_config.tcp_request.inspect_delay is vyos_defined %}
+    tcp-request inspect-delay {{ front_config.tcp_request.inspect_delay }}
+{%             endif %}
+{# add tcp-request related directive if ssl is configed #}
+{%             if front_config.mode is vyos_defined('tcp') and front_config.rule is vyos_defined %}
+{%                 for rule, rule_config in front_config.rule.items() %}
+{%                     if rule_config.ssl is vyos_defined %}
+    tcp-request content accept if { req_ssl_hello_type 1 }
+{%                         break %}
+{%                     endif %}
+{%                 endfor %}
+{%             endif %}
 {%         endif %}
 {%         if front_config.rule is vyos_defined %}
 {%             for rule, rule_config in front_config.rule.items() %}