From 49b1afc25b73d9c5daae1c76edb88aab42afa83e Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 1 May 2022 19:44:52 +0200 Subject: ipsec: T4353: fix Jinja2 linting errors --- data/templates/ipsec/charon/eap-radius.conf.tmpl | 115 ----------------------- 1 file changed, 115 deletions(-) delete mode 100644 data/templates/ipsec/charon/eap-radius.conf.tmpl (limited to 'data/templates/ipsec/charon/eap-radius.conf.tmpl') diff --git a/data/templates/ipsec/charon/eap-radius.conf.tmpl b/data/templates/ipsec/charon/eap-radius.conf.tmpl deleted file mode 100644 index b58022521..000000000 --- a/data/templates/ipsec/charon/eap-radius.conf.tmpl +++ /dev/null @@ -1,115 +0,0 @@ -eap-radius { - # Send RADIUS accounting information to RADIUS servers. - # accounting = no - - # Close the IKE_SA if there is a timeout during interim RADIUS accounting - # updates. - # accounting_close_on_timeout = yes - - # Interval in seconds for interim RADIUS accounting updates, if not - # specified by the RADIUS server in the Access-Accept message. - # accounting_interval = 0 - - # If enabled, accounting is disabled unless an IKE_SA has at least one - # virtual IP. Only for IKEv2, for IKEv1 a virtual IP is strictly necessary. - # accounting_requires_vip = no - - # If enabled, adds the Class attributes received in Access-Accept message to - # the RADIUS accounting messages. - # accounting_send_class = no - - # Use class attributes in Access-Accept messages as group membership - # information. - # class_group = no - - # Closes all IKE_SAs if communication with the RADIUS server times out. If - # it is not set only the current IKE_SA is closed. - # close_all_on_timeout = no - - # Send EAP-Start instead of EAP-Identity to start RADIUS conversation. - # eap_start = no - - # Use filter_id attribute as group membership information. - # filter_id = no - - # Prefix to EAP-Identity, some AAA servers use a IMSI prefix to select the - # EAP method. - # id_prefix = - - # Whether to load the plugin. Can also be an integer to increase the - # priority of this plugin. - load = yes - - # NAS-Identifier to include in RADIUS messages. - nas_identifier = {{ remote_access.radius.nas_identifier if remote_access.radius.nas_identifier is vyos_defined else 'strongSwan' }} - - # Port of RADIUS server (authentication). - # port = 1812 - - # Base to use for calculating exponential back off. - # retransmit_base = 1.4 - - # Timeout in seconds before sending first retransmit. - # retransmit_timeout = 2.0 - - # Number of times to retransmit a packet before giving up. - # retransmit_tries = 4 - - # Shared secret between RADIUS and NAS. If set, make sure to adjust the - # permissions of the config file accordingly. - # secret = - - # IP/Hostname of RADIUS server. - # server = - - # Number of sockets (ports) to use, increase for high load. - # sockets = 1 - - # Whether to include the UDP port in the Called- and Calling-Station-Id - # RADIUS attributes. - # station_id_with_port = yes - - dae { - # Enables support for the Dynamic Authorization Extension (RFC 5176). - # enable = no - - # Address to listen for DAE messages from the RADIUS server. - # listen = 0.0.0.0 - - # Port to listen for DAE requests. - # port = 3799 - - # Shared secret used to verify/sign DAE messages. If set, make sure to - # adjust the permissions of the config file accordingly. - # secret = - } - - forward { - # RADIUS attributes to be forwarded from IKEv2 to RADIUS. - # ike_to_radius = - - # Same as ike_to_radius but from RADIUS to IKEv2. - # radius_to_ike = - } - - # Section to specify multiple RADIUS servers. - servers { -{% if remote_access.radius.server is vyos_defined %} -{% for server, server_options in remote_access.radius.server.items() if server_options.disable is not vyos_defined %} - {{ server | replace('.', '-') }} { - address = {{ server }} - secret = {{ server_options.key }} - auth_port = {{ server_options.port }} -{% if server_options.disable_accounting is not vyos_defined %} - acct_port = {{ server_options.port | int +1 }} -{% endif %} - sockets = 20 - } -{% endfor %} -{% endif %} - } - - # Section to configure multiple XAuth authentication rounds via RADIUS. - xauth { - } -} -- cgit v1.2.3