### Autogenerated by vpn_ipsec.py ### {% import 'ipsec/swanctl/profile.tmpl' as profile_tmpl %} {% import 'ipsec/swanctl/peer.tmpl' as peer_tmpl %} connections { {% if profile is defined %} {% for name, profile_conf in profile.items() if profile_conf.disable is not defined and profile_conf.bind is defined and profile_conf.bind.tunnel is defined %} {{ profile_tmpl.conn(name, profile_conf, ike_group, esp_group) }} {% endfor %} {% endif %} {% if site_to_site is defined and site_to_site.peer is defined %} {% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not defined %} {{ peer_tmpl.conn(peer, peer_conf, ike_group, esp_group) }} {% endfor %} {% endif %} } secrets { {% if profile is defined %} {% for name, profile_conf in profile.items() if profile_conf.disable is not defined and profile_conf.bind is defined and profile_conf.bind.tunnel is defined %} {% if profile_conf.authentication.mode == 'pre-shared-secret' %} {% for interface in profile_conf.bind.tunnel %} ike-dmvpn-{{ interface }} { secret = {{ profile_conf.authentication.pre_shared_secret }} } {% endfor %} {% endif %} {% endfor %} {% endif %} {% if site_to_site is defined and site_to_site.peer is defined %} {% set ns = namespace(local_key_set=False) %} {% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not defined %} {% set peer_name = peer.replace(".", "-").replace("@", "") %} {% if peer_conf.authentication.mode == 'pre-shared-secret' %} ike_{{ peer_name }} { {% if peer_conf.local_address is defined %} id-local = {{ peer_conf.local_address }} # dhcp:{{ peer_conf.dhcp_interface if 'dhcp_interface' in peer_conf else 'no' }} {% endif %} id-remote = {{ peer }} {% if peer_conf.authentication.id is defined %} id-localid = {{ peer_conf.authentication.id }} {% endif %} {% if peer_conf.authentication.remote_id is defined %} id-remoteid = {{ peer_conf.authentication.remote_id }} {% endif %} secret = "{{ peer_conf.authentication.pre_shared_secret }}" } {% elif peer_conf.authentication.mode == 'x509' %} private_{{ peer_name }} { file = {{ peer_conf.authentication.x509.certificate }}.pem {% if peer_conf.authentication.x509.passphrase is defined %} secret = "{{ peer_conf.authentication.x509.passphrase }}" {% endif %} } {% elif peer_conf.authentication.mode == 'rsa' and not ns.local_key_set %} {% set ns.local_key_set = True %} rsa_local { file = {{ rsa_local_key }} } {% endif %} {% endfor %} {% endif %} }