From 0b93fce06526a2826c19adcbb25874e51cccf68e Mon Sep 17 00:00:00 2001
From: sarthurdev <965089+sarthurdev@users.noreply.github.com>
Date: Mon, 5 Jul 2021 16:22:54 +0200
Subject: ipsec: T1210: T1251: Add more features to remote-access connections

- Adds client/server authentication methods.
- Adds basic verification to remote-access.
- Adds DHCP pool and options to remote-access.
- Cleanup unused PKI files.
---
 data/templates/ipsec/charon/dhcp.conf.tmpl | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 data/templates/ipsec/charon/dhcp.conf.tmpl

(limited to 'data/templates/ipsec/charon/dhcp.conf.tmpl')

diff --git a/data/templates/ipsec/charon/dhcp.conf.tmpl b/data/templates/ipsec/charon/dhcp.conf.tmpl
new file mode 100644
index 000000000..2879550a8
--- /dev/null
+++ b/data/templates/ipsec/charon/dhcp.conf.tmpl
@@ -0,0 +1,23 @@
+dhcp {
+    load = yes
+
+{% if options is defined and options.remote_access is defined and options.remote_access.dhcp_pool is defined %}
+{%   if options.remote_access.dhcp_pool.interface is defined %}
+    interface = {{ options.remote_access.dhcp_pool.interface }}
+{%   endif %}
+{%   if options.remote_access.dhcp_pool.server is defined %}
+    server = {{ options.remote_access.dhcp_pool.server }}
+{%   endif %}
+{% endif %}
+
+    # Always use the configured server address.
+    # force_server_address = no
+
+    # Derive user-defined MAC address from hash of IKE identity and send client
+    # identity DHCP option.
+    # identity_lease = no
+
+    # Use the DHCP server port (67) as source port when a unicast server address
+    # is configured.
+    # use_server_port = no
+}
-- 
cgit v1.2.3