From dc4dff040e229a22ffe14ea00a8b394dd6a12a1f Mon Sep 17 00:00:00 2001
From: Julie Bernosky <julie@bernosky.io>
Date: Thu, 19 Oct 2017 07:06:43 -0700
Subject: [PATCH] Add StrongSwan log level config option to ipsec.conf template
 (#700)

---
 config.cfg                        | 4 ++++
 roles/vpn/templates/ipsec.conf.j2 | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/config.cfg b/config.cfg
index 869c53c..638ed14 100644
--- a/config.cfg
+++ b/config.cfg
@@ -20,6 +20,10 @@ vpn_network_ipv6: 'fd9d:bc11:4020::/48'
 server_name: "{{ ansible_ssh_host }}"
 IP_subject_alt_name: "{{ ansible_ssh_host }}"
 
+# StrongSwan log level
+# https://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration
+strongswan_log_level: 2
+
 adblock_lists:
  - "http://winhelp2002.mvps.org/hosts.txt"
  - "https://adaway.org/hosts.txt"
diff --git a/roles/vpn/templates/ipsec.conf.j2 b/roles/vpn/templates/ipsec.conf.j2
index 313d689..6c5a2d4 100644
--- a/roles/vpn/templates/ipsec.conf.j2
+++ b/roles/vpn/templates/ipsec.conf.j2
@@ -1,6 +1,6 @@
 config setup
     uniqueids=never # allow multiple connections per user
-    charondebug="ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2,  mgr 2"
+    charondebug="ike {{ strongswan_log_level }}, knl {{ strongswan_log_level }}, cfg {{ strongswan_log_level }}, net {{ strongswan_log_level }}, esp {{ strongswan_log_level }}, dmn {{ strongswan_log_level }},  mgr {{ strongswan_log_level }}"
 
 conn %default
     fragmentation=yes