From 1e74c0df2179c60036e440e15ed9036163039b2a Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sat, 3 Jul 2021 15:39:17 +0200
Subject: ipsec: T2816: remove default values from Jinja2 template and place
 them in XML

VyOS has a known to work mechanism in supplying CLI default values into the
Python configuration scripts. This commit removes hardcoded default values from
the Jinja2 template and places them into the appropriate XML definitions.

The big advantage is that the default value itself and the corresponding help
string are located in the exact same file.
---
 data/templates/ipsec/swanctl/peer.tmpl    | 4 ++--
 data/templates/ipsec/swanctl/profile.tmpl | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

(limited to 'data/templates')

diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl
index 0559d1dac..b35cd4b60 100644
--- a/data/templates/ipsec/swanctl/peer.tmpl
+++ b/data/templates/ipsec/swanctl/peer.tmpl
@@ -63,7 +63,7 @@
                 if_id_in = {{ peer_conf.vti.bind | replace('vti', '') }}
                 if_id_out = {{ peer_conf.vti.bind | replace('vti', '') }}
                 ipcomp = {{ 'yes' if vti_esp.compression is defined and vti_esp.compression == 'enable' else 'no' }}
-                mode = {{ vti_esp.mode if vti_esp.mode is defined else "tunnel" }}
+                mode = {{ vti_esp.mode }}
 {%     if peer[0:1] == '@' %}
                 start_action = none
 {%     elif peer_conf.connection_type is not defined or peer_conf.connection_type == 'initiate' %}
@@ -101,7 +101,7 @@
                 remote_ts = {{ peer }}{{ remote_suffix }}
 {%       endif %}
                 ipcomp = {{ 'yes' if tunnel_esp.compression is defined and tunnel_esp.compression == 'enable' else 'no' }}
-                mode = {{ tunnel_esp.mode if tunnel_esp.mode is defined else "tunnel" }}
+                mode = {{ tunnel_esp.mode }}
 {%       if peer[0:1] == '@' %}
                 start_action = none
 {%       elif peer_conf.connection_type is not defined or peer_conf.connection_type == 'initiate' %}
diff --git a/data/templates/ipsec/swanctl/profile.tmpl b/data/templates/ipsec/swanctl/profile.tmpl
index 0360972f6..0a7268405 100644
--- a/data/templates/ipsec/swanctl/profile.tmpl
+++ b/data/templates/ipsec/swanctl/profile.tmpl
@@ -7,7 +7,7 @@
     dmvpn-{{ name }}-{{ interface }} {
         proposals = {{ ike_group[profile_conf.ike_group] | get_esp_ike_cipher | join(',') }}
         version = {{ ike.key_exchange[4:] if ike is defined and ike.key_exchange is defined else "0" }}
-        rekey_time = {{ ike.lifetime if ike.lifetime is defined else '28800' }}s
+        rekey_time = {{ ike.lifetime }}s
         keyingtries = 0
 {%       if profile_conf.authentication is defined and profile_conf.authentication.mode is defined and profile_conf.authentication.mode == 'pre-shared-secret' %}
         local {
@@ -20,11 +20,11 @@
         children {
             dmvpn {
                 esp_proposals = {{ esp | get_esp_ike_cipher | join(',')  }}
-                rekey_time = {{ esp.lifetime if esp.lifetime is defined else '3600' }}s
+                rekey_time = {{ esp.lifetime }}s
                 rand_time = 540s
                 local_ts = dynamic[gre]
                 remote_ts = dynamic[gre]
-                mode = {{ esp.mode if esp.mode is defined else 'transport' }}
+                mode = {{ esp.mode }}
 {%       if ike.dead_peer_detection is defined and ike.dead_peer_detection.action is defined %}
                 dpd_action = {{ ike.dead_peer_detection.action }}
 {%       endif %}
-- 
cgit v1.2.3