### Autogenerated by vpn_ipsec.py ### {% import 'ipsec/swanctl/l2tp.j2' as l2tp_tmpl %} {% import 'ipsec/swanctl/profile.j2' as profile_tmpl %} {% import 'ipsec/swanctl/peer.j2' as peer_tmpl %} {% import 'ipsec/swanctl/remote_access.j2' as remote_access_tmpl %} connections { {% if profile is vyos_defined %} {% for name, profile_conf in profile.items() if profile_conf.disable is not vyos_defined and profile_conf.bind.tunnel is vyos_defined %} {{ profile_tmpl.conn(name, profile_conf, ike_group, esp_group) }} {% endfor %} {% endif %} {% if site_to_site.peer is vyos_defined %} {% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not vyos_defined %} {{ peer_tmpl.conn(peer, peer_conf, ike_group, esp_group) }} {% endfor %} {% endif %} {% if remote_access.connection is vyos_defined %} {% for rw, rw_conf in remote_access.connection.items() if rw_conf.disable is not vyos_defined %} {{ remote_access_tmpl.conn(rw, rw_conf, ike_group, esp_group) }} {% endfor %} {% endif %} {% if l2tp %} {{ l2tp_tmpl.conn(l2tp, l2tp_outside_address, l2tp_ike_default, l2tp_esp_default, ike_group, esp_group) }} {% endif %} } pools { {% if remote_access.pool is vyos_defined %} {% for pool, pool_config in remote_access.pool.items() %} {{ pool }} { {% if pool_config.prefix is vyos_defined %} addrs = {{ pool_config.prefix }} {% elif pool_config.range is vyos_defined %} addrs = {{ pool_config.range.start }}-{{ pool_config.range.stop }} {% endif %} {% if pool_config.name_server is vyos_defined %} dns = {{ pool_config.name_server | join(',') }} {% endif %} {% if pool_config.exclude is vyos_defined %} split_exclude = {{ pool_config.exclude | join(',') }} {% endif %} } {% endfor %} {% endif %} } secrets { {% if profile is vyos_defined %} {% for name, profile_conf in profile.items() if profile_conf.disable is not vyos_defined and profile_conf.bind.tunnel is vyos_defined %} {% if profile_conf.authentication.mode is vyos_defined('pre-shared-secret') %} {% for interface in profile_conf.bind.tunnel %} ike-dmvpn-{{ interface }} { secret = {{ profile_conf.authentication.pre_shared_secret }} } {% endfor %} {% endif %} {% endfor %} {% endif %} {% if site_to_site.peer is vyos_defined %} {% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not vyos_defined %} {% set peer_name = peer.replace("@", "") | dot_colon_to_dash %} {% if peer_conf.authentication.mode is vyos_defined('x509') %} private_{{ peer_name }} { file = {{ peer_conf.authentication.x509.certificate }}.pem {% if peer_conf.authentication.x509.passphrase is vyos_defined %} secret = "{{ peer_conf.authentication.x509.passphrase }}" {% endif %} } {% elif peer_conf.authentication.mode is vyos_defined('rsa') %} rsa_{{ peer_name }}_local { file = {{ peer_conf.authentication.rsa.local_key }}.pem {% if peer_conf.authentication.rsa.passphrase is vyos_defined %} secret = "{{ peer_conf.authentication.rsa.passphrase }}" {% endif %} } {% endif %} {% endfor %} {% endif %} {% if authentication.psk is vyos_defined %} {% for psk, psk_config in authentication.psk.items() %} ike-{{ psk }} { {% if psk_config.id is vyos_defined %} # ID's from auth psk id xxx {% for id in psk_config.id %} {% set gen_uuid = '' | generate_uuid4 %} id-{{ gen_uuid }} = "{{ id }}" {% endfor %} {% endif %} {% if psk_config.secret_type is vyos_defined('base64') %} secret = 0s{{ psk_config.secret }} {% elif psk_config.secret_type is vyos_defined('plaintext') %} secret = "{{ psk_config.secret }}" {% endif %} } {% endfor %} {% endif %} {% if remote_access.connection is vyos_defined %} {% for ra, ra_conf in remote_access.connection.items() if ra_conf.disable is not vyos_defined %} {% if ra_conf.authentication.server_mode is vyos_defined('pre-shared-secret') %} ike_{{ ra }} { {% if ra_conf.authentication.local_id is vyos_defined %} id = "{{ ra_conf.authentication.local_id }}" {% elif ra_conf.local_address is vyos_defined %} id = "{{ ra_conf.local_address }}" {% endif %} secret = "{{ ra_conf.authentication.pre_shared_secret }}" } {% endif %} {% if ra_conf.authentication.client_mode is vyos_defined('eap-mschapv2') and ra_conf.authentication.local_users.username is vyos_defined %} {% for user, user_conf in ra_conf.authentication.local_users.username.items() if user_conf.disable is not vyos_defined %} eap-{{ ra }}-{{ user }} { secret = "{{ user_conf.password }}" id-{{ ra }}-{{ user }} = "{{ user }}" } {% endfor %} {% endif %} {% endfor %} {% endif %} {% if l2tp %} {% if l2tp.authentication.mode is vyos_defined('pre-shared-secret') %} ike_l2tp_remote_access { id = "{{ l2tp_outside_address }}" secret = "{{ l2tp.authentication.pre_shared_secret }}" } {% elif l2tp.authentication.mode is vyos_defined('x509') %} private_l2tp_remote_access { id = "{{ l2tp_outside_address }}" file = {{ l2tp.authentication.x509.certificate }}.pem {% if l2tp.authentication.x509.passphrase is vyos_defined %} secret = "{{ l2tp.authentication.x509.passphrase }}" {% endif %} } {% endif %} {% endif %} }