blob: 2df5c2a4d2024f067f86d6cb951d87ef0e24d182 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
{% macro conn(l2tp, l2tp_outside_address, l2tp_ike_default, l2tp_esp_default, ike_group, esp_group) %}
{% set l2tp_ike = ike_group[l2tp.ike_group] if l2tp.ike_group is defined else None %}
{% set l2tp_esp = esp_group[l2tp.esp_group] if l2tp.esp_group is defined else None %}
l2tp_remote_access {
proposals = {{ l2tp_ike | get_esp_ike_cipher | join(',') if l2tp_ike else l2tp_ike_default }}
local_addrs = {{ l2tp_outside_address }}
dpd_delay = 15s
dpd_timeout = 45s
rekey_time = {{ l2tp_ike.lifetime if l2tp_ike else l2tp.ike_lifetime }}s
reauth_time = 0
local {
auth = {{ 'psk' if l2tp.authentication.mode == 'pre-shared-secret' else 'pubkey' }}
{% if l2tp.authentication.mode == 'x509' %}
certs = {{ l2tp.authentication.x509.certificate }}.pem
{% endif %}
}
remote {
auth = {{ 'psk' if l2tp.authentication.mode == 'pre-shared-secret' else 'pubkey' }}
}
children {
l2tp_remote_access_esp {
mode = transport
esp_proposals = {{ l2tp_esp | get_esp_ike_cipher | join(',') if l2tp_esp else l2tp_esp_default }}
life_time = {{ l2tp_esp.lifetime if l2tp_esp else l2tp.lifetime }}s
local_ts = dynamic[/1701]
remote_ts = dynamic
}
}
}
{% endmacro %}
|
