summaryrefslogtreecommitdiff
path: root/data/templates/openvpn
diff options
context:
space:
mode:
authorJohn Estabrook <jestabro@vyos.io>2023-08-16 09:09:10 -0500
committerGitHub <noreply@github.com>2023-08-16 09:09:10 -0500
commit9cdc76fe5badcf44cf38ea82ed89332b32d9d62b (patch)
tree9bb955c7f2f7b623bb05970f3db3383b04de2f9e /data/templates/openvpn
parent3a3e490a198a10b6a05d5a0e2f1487ebfd6551a0 (diff)
parent26d7ab49d92d5c665f5d6bc21375a21e22da33f6 (diff)
downloadvyos-1x-9cdc76fe5badcf44cf38ea82ed89332b32d9d62b.tar.gz
vyos-1x-9cdc76fe5badcf44cf38ea82ed89332b32d9d62b.zip
Merge pull request #2150 from dmbaturin/T5271-openvpn-peer-fingerprint-restrictions
T5271: allow OpenVPN peer-fingerprint to be used instead of a CA in site-to-site mode
Diffstat (limited to 'data/templates/openvpn')
-rw-r--r--data/templates/openvpn/server.conf.j26
1 files changed, 3 insertions, 3 deletions
diff --git a/data/templates/openvpn/server.conf.j2 b/data/templates/openvpn/server.conf.j2
index a9bd45370..f76fbbe79 100644
--- a/data/templates/openvpn/server.conf.j2
+++ b/data/templates/openvpn/server.conf.j2
@@ -185,7 +185,7 @@ tls-version-min {{ tls.tls_version_min }}
{% endif %}
{% if tls.dh_params is vyos_defined %}
dh /run/openvpn/{{ ifname }}_dh.pem
-{% elif mode is vyos_defined('server') and tls.private_key is vyos_defined %}
+{% else %}
dh none
{% endif %}
{% if tls.auth_key is vyos_defined %}
@@ -201,9 +201,9 @@ tls-client
tls-server
{% endif %}
-{% if peer_fingerprint is vyos_defined %}
+{% if tls.peer_fingerprint is vyos_defined %}
<peer-fingerprint>
-{% for fp in peer_fingerprint %}
+{% for fp in tls.peer_fingerprint %}
{{ fp }}
{% endfor %}
</peer-fingerprint>