40 lines
1.6 KiB
Django/Jinja
40 lines
1.6 KiB
Django/Jinja
config setup
|
|
|
|
conn %default
|
|
ikelifetime=60m
|
|
keylife=20m
|
|
rekeymargin=3m
|
|
keyingtries=1
|
|
mobike=no
|
|
{% for vpnservice in vpnservices %}
|
|
# Configuration for {{vpnservice.name}}
|
|
{% for ipsec_site_connection in vpnservice.ipsec_site_connections%}
|
|
conn {{ipsec_site_connection.id}}
|
|
authby=secret
|
|
keyexchange=ike{{ipsec_site_connection.ikepolicy.ike_version}}
|
|
left={{vpnservice.get_external_ip(ipsec_site_connection.peer_address)}}
|
|
leftsubnet={{ipsec_site_connection.local_ep_group.cidrs|join(',')}}
|
|
leftid={{vpnservice.get_external_ip(ipsec_site_connection.peer_address)}}
|
|
leftfirewall=yes
|
|
right={{ipsec_site_connection.peer_address}}
|
|
rightsubnet={{ipsec_site_connection.peer_ep_group.cidrs|join(',')}}
|
|
rightid={{ipsec_site_connection.peer_id}}
|
|
auto=route
|
|
dpdaction={{ipsec_site_connection.dpd.action}}
|
|
dpddelay={{ipsec_site_connection.dpd.interval}}
|
|
dpdtimeout={{ipsec_site_connection.dpd.timeout}}
|
|
|
|
# ike
|
|
ike={{ipsec_site_connection.ikepolicy.encryption_algorithm|strongswan}}-{{ipsec_site_connection.ikepolicy.auth_algorithm|strongswan}}-{{ipsec_site_connection.ikepolicy.pfs|strongswan}}
|
|
ikelifetime={{ipsec_site_connection.ikepolicy.lifetime.value}}s
|
|
|
|
# ipsec
|
|
{{ipsec_site_connection.ipsecpolicy.transform_protocol}}={{ipsec_site_connection.ikepolicy.encryption_algorithm|strongswan}}-{{ipsec_site_connection.ikepolicy.auth_algorithm|strongswan}}-{{ipsec_site_connection.ikepolicy.pfs|strongswan}}
|
|
lifetime={{ipsec_site_connection.ipsecpolicy.lifetime.value}}s
|
|
|
|
type={{ipsec_site_connection.ipsecpolicy.encapsulation_mode}}
|
|
|
|
{% endfor %}
|
|
{% endfor %}
|
|
|