blob: 0d2654abc3ce91e6998250e9250690933c37c3e0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
# Created by VyOS - manual changes will be overwritten
{% if site_to_site is defined and "peer" in site_to_site %}
{% set ns = namespace(local_key_set=False) %}
{% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not defined %}
{% if peer_conf.authentication.mode == 'pre-shared-secret' %}
{{ (peer_conf.local_address if "local_address" in peer_conf else "%any") ~
(" " ~ peer) ~
((" " ~ peer_conf.authentication.id) if "id" in peer_conf.authentication else "") ~
((" " ~ peer_conf.authentication.remote_id) if "remote_id" in peer_conf.authentication else "")
}} : PSK "{{ peer_conf.authentication.pre_shared_secret }}" # dhcp:{{ peer_conf.dhcp_interface if 'dhcp_interface' in peer_conf else 'no' }}
{% elif peer_conf.authentication.mode == 'x509' %}
{% set key_file = peer_conf.authentication.x509.key.file %}
: RSA {{ key_file if key_file.startswith(x509_path) else (x509_path + key_file) }}{% if "password" in peer_conf.authentication.x509.key and peer_conf.authentication.x509.key.password %} "{{ peer_conf.authentication.x509.key.password}}"{% endif %}
{% elif peer_conf.authentication.mode == 'rsa' and not ns.local_key_set %}
{% set ns.local_key_set = True %}
: RSA {{ rsa_local_key }}
{% endif %}
{% endfor %}
{% endif %}
{% if include_ipsec_secrets is defined %}
include {{ include_ipsec_secrets }}
{% endif %}
{% if delim_ipsec_l2tp_begin is defined %}
{{delim_ipsec_l2tp_begin}}
{% if ipsec_l2tp_auth_mode == 'pre-shared-secret' %}
{{outside_addr}} %any : PSK "{{ipsec_l2tp_secret}}"
{% elif ipsec_l2tp_auth_mode == 'x509' %}
: RSA {{server_key_file_copied}}
{% endif %}
{{delim_ipsec_l2tp_end}}
{% endif %}
|
