Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openstack/neutron/files/services/vpn/device_drivers/template/solaris/ipsecinit.conf.template
changeset 6378 9d70f1e25eba
parent 5405 66fd59fecd68 
--- a/components/openstack/neutron/files/services/vpn/device_drivers/template/solaris/ipsecinit.conf.template	Fri Jul 08 12:39:56 2016 -0700
+++ b/components/openstack/neutron/files/services/vpn/device_drivers/template/solaris/ipsecinit.conf.template	Mon Jul 11 12:54:44 2016 -0700
@@ -1,5 +1,6 @@
+{#
 #
-# Copyright (c) 2015, 2016 Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
 #
 #    Licensed under the Apache License, Version 2.0 (the "License"); you may
 #    not use this file except in compliance with the License. You may obtain
@@ -13,15 +14,37 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 #
+#}
 #    IKE Configuration for vpn-service "{{vpnservice.id}}"
 # Configuration for vpn-service "{{vpnservice.id}}"
 {% for ipsec_site_connection in vpnservice.ipsec_site_connections if ipsec_site_connection.admin_state_up
 %}
-{ tunnel {{ipsec_site_connection['tunnel_id']}} negotiate tunnel laddr {{vpnservice.subnet.cidr}} raddr {{ipsec_site_connection['peer_cidrs']|join(' ')}} } ipsec
+{% set aalg=ipsec_site_connection.ipsecpolicy.auth_algorithm %}
+{% set ealg=ipsec_site_connection.ipsecpolicy.encryption_algorithm %}
+{% set tun_name=ipsec_site_connection['tunnel_id'] %}
+{% if ipsec_site_connection.ipsecpolicy.transform_protocol == "esp" %}
+    {% set atok="encr_auth_algs" %}
+{% else %}
+    {% set atok="auth_algs" %}
+{% endif %}
+{% if ipsec_site_connection.ipsecpolicy.transform_protocol == "ah" %}
+    {% set etok="" %}
+    {% set ealg="" %}
+{% else %}
+    {% set etok="encr_algs" %}
+{% endif %}
+{% set laddr=vpnservice.subnet.cidr %}
+{% set raddr=ipsec_site_connection['peer_cidrs']|join(' ') %}
+{# We can support Combined modes algorithms by configuring the authentication
+# and encryption algorithms as the same value.
+#}
+{% if aalg == ealg %}
+    {% set atok="" %}
+    {% set aalg="" %}
+{% endif %}
 
-	{ encr_auth_algs {{ipsec_site_connection.ipsecpolicy.auth_algorithm}}
-	  encr_algs {{ipsec_site_connection.ipsecpolicy.encryption_algorithm}}
-	  sa shared }
+{ tunnel {{tun_name}} negotiate tunnel laddr {{laddr}} raddr {{raddr}} } ipsec
+          { {{atok}} {{aalg}} {{etok}} {{ealg}} sa shared }
 
 {% endfor %}
upstream/oracle/userland-gate