From dbc174dd2b8558cb7a8ad7daf38b8ef38702e0fa Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sun, 5 Apr 2020 23:21:31 +0200
Subject: ipsec: T2230: move inlined templates to dedicated files

---
 data/templates/ipsec/ipsec.conf.tmpl    |  3 +++
 data/templates/ipsec/ipsec.secrets.tmpl |  7 +++++++
 data/templates/ipsec/remote-access.tmpl | 28 ++++++++++++++++++++++++++++
 3 files changed, 38 insertions(+)
 create mode 100644 data/templates/ipsec/ipsec.conf.tmpl
 create mode 100644 data/templates/ipsec/ipsec.secrets.tmpl
 create mode 100644 data/templates/ipsec/remote-access.tmpl

(limited to 'data/templates')

diff --git a/data/templates/ipsec/ipsec.conf.tmpl b/data/templates/ipsec/ipsec.conf.tmpl
new file mode 100644
index 000000000..d0b60765b
--- /dev/null
+++ b/data/templates/ipsec/ipsec.conf.tmpl
@@ -0,0 +1,3 @@
+{{delim_ipsec_l2tp_begin}}
+include {{ipsec_ra_conn_file}}
+{{delim_ipsec_l2tp_end}}
diff --git a/data/templates/ipsec/ipsec.secrets.tmpl b/data/templates/ipsec/ipsec.secrets.tmpl
new file mode 100644
index 000000000..55c010a3b
--- /dev/null
+++ b/data/templates/ipsec/ipsec.secrets.tmpl
@@ -0,0 +1,7 @@
+{{delim_ipsec_l2tp_begin}}
+{% if ipsec_l2tp_auth_mode == 'pre-shared-secret' %}
+{{outside_addr}} %any : PSK "{{ipsec_l2tp_secret}}"
+{% elif ipsec_l2tp_auth_mode == 'x509' %}
+: RSA {{server_key_file_copied}}
+{% endif%}
+{{delim_ipsec_l2tp_end}}
diff --git a/data/templates/ipsec/remote-access.tmpl b/data/templates/ipsec/remote-access.tmpl
new file mode 100644
index 000000000..fae48232f
--- /dev/null
+++ b/data/templates/ipsec/remote-access.tmpl
@@ -0,0 +1,28 @@
+{{delim_ipsec_l2tp_begin}}
+conn {{ra_conn_name}}
+  type=transport
+  left={{outside_addr}}
+  leftsubnet=%dynamic[/1701]
+  rightsubnet=%dynamic
+  mark_in=%unique
+  auto=add
+  ike=aes256-sha1-modp1024,3des-sha1-modp1024,3des-sha1-modp1024!
+  dpddelay=15
+  dpdtimeout=45
+  dpdaction=clear
+  esp=aes256-sha1,3des-sha1!
+  rekey=no
+{% if ipsec_l2tp_auth_mode == 'pre-shared-secret' %}
+  authby=secret
+  leftauth=psk
+  rightauth=psk
+{% elif ipsec_l2tp_auth_mode == 'x509' %}
+  authby=rsasig
+  leftrsasigkey=%cert
+  rightrsasigkey=%cert
+  rightca=%same
+  leftcert={{server_cert_file_copied}}
+{% endif %}
+  ikelifetime={{ipsec_l2tp_ike_lifetime}}
+  keylife={{ipsec_l2tp_lifetime}}
+{{delim_ipsec_l2tp_end}}
-- 
cgit v1.2.3