summaryrefslogtreecommitdiff
path: root/data/templates/ipsec/ipsec.secrets.tmpl
blob: 0d2654abc3ce91e6998250e9250690933c37c3e0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
# Created by VyOS - manual changes will be overwritten

{%  if site_to_site is defined and "peer" in site_to_site %}
{%      set ns = namespace(local_key_set=False) %}
{%      for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not defined %}
{%          if peer_conf.authentication.mode == 'pre-shared-secret' %}
{{ (peer_conf.local_address if "local_address" in peer_conf else "%any") ~
    (" " ~ peer) ~
    ((" " ~ peer_conf.authentication.id) if "id" in peer_conf.authentication else "") ~
    ((" " ~ peer_conf.authentication.remote_id) if "remote_id" in peer_conf.authentication else "")
}} : PSK "{{ peer_conf.authentication.pre_shared_secret }}" # dhcp:{{ peer_conf.dhcp_interface if 'dhcp_interface' in peer_conf else 'no' }}
{%          elif peer_conf.authentication.mode == 'x509' %}
{%              set key_file = peer_conf.authentication.x509.key.file %}
: RSA {{ key_file if key_file.startswith(x509_path) else (x509_path + key_file) }}{% if "password" in peer_conf.authentication.x509.key and peer_conf.authentication.x509.key.password %} "{{ peer_conf.authentication.x509.key.password}}"{% endif %}
{%          elif peer_conf.authentication.mode == 'rsa' and not ns.local_key_set %}
{%              set ns.local_key_set = True %}
: RSA {{ rsa_local_key }}
{%          endif %}
{%      endfor %}
{%  endif %}

{%  if include_ipsec_secrets is defined %}
include {{ include_ipsec_secrets }}
{%  endif %}

{%  if delim_ipsec_l2tp_begin is defined %}
{{delim_ipsec_l2tp_begin}}
{%      if ipsec_l2tp_auth_mode == 'pre-shared-secret' %}
{{outside_addr}} %any : PSK "{{ipsec_l2tp_secret}}"
{%      elif ipsec_l2tp_auth_mode == 'x509' %}
: RSA {{server_key_file_copied}}
{%      endif %}
{{delim_ipsec_l2tp_end}}
{%  endif %}