unnecessarry to use such way Fixed #162

2025-06-07 15:43:54 +02:00 · 2016-12-14 19:42:39 +03:00 · 2016-12-14 19:42:39 +03:00 · ecb6b498b9
commit ecb6b498b9
parent f1715c4e0b
3 changed files with 12 additions and 14 deletions
--- a/config.cfg
+++ b/config.cfg
@ -52,14 +52,6 @@ strongswan_enabled_plugins:
  - stroke
  - x509
 ipsec_config:
  dpdaction: 'clear'
  dpddelay: '35s'
  rekey: 'no'
  keyexchange: 'ikev2'
  compress: 'yes'
  fragmentation: 'yes'
 ec2_vpc_nets:
  cidr_block: 172.251.0.0/23
  subnet_cidr: 172.251.1.0/24
--- a/roles/vpn/templates/client_ipsec.conf.j2
+++ b/roles/vpn/templates/client_ipsec.conf.j2
@ -1,7 +1,10 @@
 conn ikev2-{{ IP_subject_alt_name }}
-{% for key, value in ipsec_config.iteritems() %}
+    fragmentation=yes
-    {{ key }}={{ value }}
+    rekey=no
-{% endfor %}
+    dpdaction=clear
    keyexchange=ikev2
    compress=yes
    dpddelay=35s
 {% if Win10_Enabled is defined and Win10_Enabled == "Y" %}
    ike=aes128gcm16-sha2_256-prfsha256-ecp256,aes256-sha2_256-prfsha256-modp2048!
--- a/roles/vpn/templates/ipsec.conf.j2
+++ b/roles/vpn/templates/ipsec.conf.j2
@ -3,9 +3,12 @@ config setup
    charondebug="ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2,  mgr 2"
 conn %default
-{% for key, value in ipsec_config.iteritems() %}
+    fragmentation=yes
-    {{ key }}={{ value }}
+    rekey=no
-{% endfor %}
+    dpdaction=clear
    keyexchange=ikev2
    compress=yes
    dpddelay=35s
 {% if Win10_Enabled is defined and Win10_Enabled == "Y" %}
    ike=aes128gcm16-sha2_256-prfsha256-ecp256,aes256-sha2_256-prfsha256-modp2048!