blob: deeb8c80dd8a89c65d5df76308886c16bf72b9a6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
{% macro conn(ike, ike_ciphers, esp, esp_ciphers) -%}
{% if ike %}
{% if "key_exchange" in ike %}
keyexchange = {{ ike.key_exchange }}
{% endif %}
ike = {{ ike_ciphers }}
{% if "lifetime" in ike %}
ikelifetime = {{ ike.lifetime }}s
{% endif %}
reauth = {{ ike.ikev2_reauth if "ikev2_reauth" in ike else "no" }}
closeaction = {{ ike.close_action if "close_action" in ike else "none" }}
{% if "dead_peer_detection" in ike %}
dpdaction = {{ ike.dead_peer_detection.action }}
dpdtimeout = {{ ike.dead_peer_detection.timeout }}
dpddelay = {{ ike.dead_peer_detection.interval }}
{% endif %}
{% if "key_exchange" in ike and ike.key_exchange == "ikev1" and "mode" in ike and ike.mode == "aggressive" %}
aggressive = yes
{% endif %}
{% if "key_exchange" in ike and ike.key_exchange == "ikev2" %}
mobike = {{ "yes" if "mobike" not in ike or ike.mobike == "enable" else "no" }}
{% endif %}
{% endif %}
{% if esp %}
esp = {{ esp_ciphers }}
{% if "lifetime" in esp %}
keylife = {{ esp.lifetime }}s
{% endif %}
compress = {{ 'yes' if "compression" in esp and esp.compression == 'enable' else 'no' }}
type = {{ esp.mode if "mode" in esp else "tunnel" }}
{% endif %}
{%- endmacro %}
|
