2ec34202fd
The name of a VPN service and the PSK of an IPsec site connection may contain non-ASCII characters. Outputing plain texts of these contents may lead to UnicodeEncodeError. As *swan can support base64 encoded PSKs. With this commit, we 1. use VPN service id instead of the name in configuration files, and 2. encode IPsec site connection PSK with base64 to make sure that generated configuration files will only contain ASCII characters. Closes-Bug: #1652909 Change-Id: Ie7edf080fc44537a74c57262bd9943c5e4337428
34 lines
1.6 KiB
Plaintext
34 lines
1.6 KiB
Plaintext
# Configuration for {{vpnservice.id}}
|
|
config setup
|
|
|
|
conn %default
|
|
keylife=20m
|
|
rekeymargin=3m
|
|
keyingtries=1
|
|
authby=psk
|
|
mobike=no
|
|
{% for ipsec_site_connection in vpnservice.ipsec_site_connections%}
|
|
conn {{ipsec_site_connection.id}}
|
|
keyexchange={{ipsec_site_connection.ikepolicy.ike_version}}
|
|
left={{ipsec_site_connection.external_ip}}
|
|
leftsubnet={{ipsec_site_connection['local_cidrs']|join(',')}}
|
|
leftid={{ipsec_site_connection.local_id}}
|
|
leftfirewall=yes
|
|
right={{ipsec_site_connection.peer_address}}
|
|
rightsubnet={{ipsec_site_connection['peer_cidrs']|join(',')}}
|
|
rightid={{ipsec_site_connection.peer_id}}
|
|
auto=route
|
|
dpdaction={{ipsec_site_connection.dpd_action}}
|
|
dpddelay={{ipsec_site_connection.dpd_interval}}s
|
|
dpdtimeout={{ipsec_site_connection.dpd_timeout}}s
|
|
ike={{ipsec_site_connection.ikepolicy.encryption_algorithm}}-{{ipsec_site_connection.ikepolicy.auth_algorithm}}-{{ipsec_site_connection.ikepolicy.pfs}}
|
|
ikelifetime={{ipsec_site_connection.ikepolicy.lifetime_value}}s
|
|
{%- if ipsec_site_connection.ipsecpolicy.transform_protocol == "ah" %}
|
|
ah={{ipsec_site_connection.ipsecpolicy.auth_algorithm}}-{{ipsec_site_connection.ipsecpolicy.pfs}}
|
|
{%- else %}
|
|
esp={{ipsec_site_connection.ipsecpolicy.encryption_algorithm}}-{{ipsec_site_connection.ipsecpolicy.auth_algorithm}}-{{ipsec_site_connection.ipsecpolicy.pfs}}
|
|
{%- endif %}
|
|
lifetime={{ipsec_site_connection.ipsecpolicy.lifetime_value}}s
|
|
type={{ipsec_site_connection.ipsecpolicy.encapsulation_mode}}
|
|
{% endfor %}
|