T6357: create test repository to validate setup

1 files changed, 30 insertions, 0 deletions

diff --git a/data/templates/ipsec/swanctl/l2tp.j2 b/data/templates/ipsec/swanctl/l2tp.j2
new file mode 100644
index 0000000..7e63865
--- /dev/null
+++ b/data/templates/ipsec/swanctl/l2tp.j2
@@ -0,0 +1,30 @@
+{% macro conn(l2tp, l2tp_outside_address, l2tp_ike_default, l2tp_esp_default, ike_group, esp_group) %}
+{% set l2tp_ike = ike_group[l2tp.ike_group] if l2tp.ike_group is vyos_defined else None %}
+{% set l2tp_esp = esp_group[l2tp.esp_group] if l2tp.esp_group is vyos_defined else None %}
+    l2tp_remote_access {
+        proposals = {{ l2tp_ike | get_esp_ike_cipher | join(',') if l2tp_ike else l2tp_ike_default }}
+        local_addrs = {{ l2tp_outside_address }}
+        dpd_delay = 15s
+        dpd_timeout = 45s
+        rekey_time = {{ l2tp_ike.lifetime if l2tp_ike else l2tp.ike_lifetime }}s
+        reauth_time = 0
+        local {
+            auth = {{ 'psk' if l2tp.authentication.mode == 'pre-shared-secret' else 'pubkey' }}
+{% if l2tp.authentication.mode == 'x509' %}
+            certs = {{ l2tp.authentication.x509.certificate }}.pem
+{% endif %}
+        }
+        remote {
+            auth = {{ 'psk' if l2tp.authentication.mode == 'pre-shared-secret' else 'pubkey' }}
+        }
+        children {
+            l2tp_remote_access_esp {
+                mode = transport
+                esp_proposals = {{ l2tp_esp | get_esp_ike_cipher(l2tp_ike) | join(',') if l2tp_esp else l2tp_esp_default }}
+                life_time = {{ l2tp_esp.lifetime if l2tp_esp else l2tp.lifetime }}s
+                local_ts = dynamic[/1701]
+                remote_ts = dynamic
+            }
+        }
+    }
+{% endmacro %}