blob: 52c289fa9d564181ef69114e16853db99af3534d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
; Autogenerated by service_stunnel.py
; Example https://www.stunnel.org/config_unix.html#
; **************************************************************************
; * Global options *
; **************************************************************************
; PID file is created inside the chroot jail (if enabled)
pid = {{ config_file | replace('.conf', '.pid') }}
; Debugging stuff (may be useful for troubleshooting)
;foreground = yes
{% if log is vyos_defined %}
debug = {{ log.level }}
{% endif %}
;output = /usr/local/var/log/stunnel.log
; **************************************************************************
; * Service definitions *
; **************************************************************************
; ***************************************** Client mode services ***********
{% if client is vyos_defined %}
{% for name, config in client.items() %}
[{{ name }}]
client = yes
{% if config.listen.address is vyos_defined %}
accept = {{ config.listen.address }}:{{ config.listen.port }}
{% else %}
accept = {{ config.listen.port }}
{% endif %}
{% if config.connect is vyos_defined %}
{% if config.connect.address is vyos_defined %}
connect = {{ config.connect.address }}:{{ config.connect.port }}
{% else %}
connect = {{ config.connect.port }}
{% endif %}
{% endif %}
{% if config.protocol is vyos_defined %}
protocol = {{ config.protocol }}
{% endif %}
{% if config.options is vyos_defined %}
{% if config.options.authentication is vyos_defined %}
protocolAuthentication = {{ config.options.authentication }}
{% endif %}
{% if config.options.domain is vyos_defined %}
protocolDomain = {{ config.options.domain }}
{% endif %}
{% if config.options.host is vyos_defined %}
protocolHost = {{ config.options.host.address }}:{{ config.options.host.port }}
{% endif %}
{% if config.options.password is vyos_defined %}
protocolPassword = {{ config.options.password }}
{% endif %}
{% if config.options.username is vyos_defined %}
protocolUsername = {{ config.options.username }}
{% endif %}
{% endif %}
{% if config.ssl.ca_path is vyos_defined %}
CApath = {{ config.ssl.ca_path }}
{% endif %}
{% if config.ssl.ca_file is vyos_defined %}
CAfile = {{ config.ssl.ca_file }}
{% endif %}
{% if config.ssl.cert is vyos_defined %}
cert = {{ config.ssl.cert }}
{% endif %}
{% if config.ssl.cert_key is vyos_defined %}
key = {{ config.ssl.cert_key }}
{% endif %}
{% if config.psk.file is vyos_defined %}
PSKsecrets = {{ config.psk.file }}
{% endif %}
{% endfor %}
{% endif %}
; ***************************************** Server mode services ***********
{% if server is vyos_defined %}
{% for name, config in server.items() %}
[{{ name }}]
{% if config.listen.address is vyos_defined %}
accept = {{ config.listen.address }}:{{ config.listen.port }}
{% else %}
accept = {{ config.listen.port }}
{% endif %}
{% if config.connect is vyos_defined %}
{% if config.connect.address is vyos_defined %}
connect = {{ config.connect.address }}:{{ config.connect.port }}
{% else %}
connect = {{ config.connect.port }}
{% endif %}
{% endif %}
{% if config.protocol is vyos_defined %}
protocol = {{ config.protocol }}
{% endif %}
{% if config.ssl.ca_path is vyos_defined %}
CApath = {{ config.ssl.ca_path }}
{% endif %}
{% if config.ssl.ca_file is vyos_defined %}
CAfile = {{ config.ssl.ca_file }}
{% endif %}
{% if config.ssl.cert is vyos_defined %}
cert = {{ config.ssl.cert }}
{% endif %}
{% if config.ssl.cert_key is vyos_defined %}
key = {{ config.ssl.cert_key }}
{% endif %}
{% if config.psk.file is vyos_defined %}
PSKsecrets = {{ config.psk.file }}
{% endif %}
{% endfor %}
{% endif %}
|
