{% macro conn(l2tp, l2tp_outside_address, l2tp_ike_default, l2tp_esp_default, ike_group, esp_group) %}
{% set l2tp_ike = ike_group[l2tp.ike_group] if l2tp.ike_group is vyos_defined else None %}
{% set l2tp_esp = esp_group[l2tp.esp_group] if l2tp.esp_group is vyos_defined else None %}
    l2tp_remote_access {
        proposals = {{ l2tp_ike | get_esp_ike_cipher | join(',') if l2tp_ike else l2tp_ike_default }}
        local_addrs = {{ l2tp_outside_address }}
        dpd_delay = 15s
        dpd_timeout = 45s
        rekey_time = {{ l2tp_ike.lifetime if l2tp_ike else l2tp.ike_lifetime }}s
        reauth_time = 0
        local {
            auth = {{ 'psk' if l2tp.authentication.mode == 'pre-shared-secret' else 'pubkey' }}
{% if l2tp.authentication.mode == 'x509' %}
            certs = {{ l2tp.authentication.x509.certificate }}.pem
{% endif %}
        }
        remote {
            auth = {{ 'psk' if l2tp.authentication.mode == 'pre-shared-secret' else 'pubkey' }}
        }
        children {
            l2tp_remote_access_esp {
                mode = transport
                esp_proposals = {{ l2tp_esp | get_esp_ike_cipher(l2tp_ike) | join(',') if l2tp_esp else l2tp_esp_default }}
                life_time = {{ l2tp_esp.lifetime if l2tp_esp else l2tp.lifetime }}s
                local_ts = dynamic[/1701]
                remote_ts = dynamic
            }
        }
    }
{% endmacro %}