diff options
author | John Estabrook <jestabro@vyos.io> | 2023-08-16 09:09:10 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-08-16 09:09:10 -0500 |
commit | 9cdc76fe5badcf44cf38ea82ed89332b32d9d62b (patch) | |
tree | 9bb955c7f2f7b623bb05970f3db3383b04de2f9e /data/templates/openvpn | |
parent | 3a3e490a198a10b6a05d5a0e2f1487ebfd6551a0 (diff) | |
parent | 26d7ab49d92d5c665f5d6bc21375a21e22da33f6 (diff) | |
download | vyos-1x-9cdc76fe5badcf44cf38ea82ed89332b32d9d62b.tar.gz vyos-1x-9cdc76fe5badcf44cf38ea82ed89332b32d9d62b.zip |
Merge pull request #2150 from dmbaturin/T5271-openvpn-peer-fingerprint-restrictions
T5271: allow OpenVPN peer-fingerprint to be used instead of a CA in site-to-site mode
Diffstat (limited to 'data/templates/openvpn')
-rw-r--r-- | data/templates/openvpn/server.conf.j2 | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/data/templates/openvpn/server.conf.j2 b/data/templates/openvpn/server.conf.j2 index a9bd45370..f76fbbe79 100644 --- a/data/templates/openvpn/server.conf.j2 +++ b/data/templates/openvpn/server.conf.j2 @@ -185,7 +185,7 @@ tls-version-min {{ tls.tls_version_min }} {% endif %} {% if tls.dh_params is vyos_defined %} dh /run/openvpn/{{ ifname }}_dh.pem -{% elif mode is vyos_defined('server') and tls.private_key is vyos_defined %} +{% else %} dh none {% endif %} {% if tls.auth_key is vyos_defined %} @@ -201,9 +201,9 @@ tls-client tls-server {% endif %} -{% if peer_fingerprint is vyos_defined %} +{% if tls.peer_fingerprint is vyos_defined %} <peer-fingerprint> -{% for fp in peer_fingerprint %} +{% for fp in tls.peer_fingerprint %} {{ fp }} {% endfor %} </peer-fingerprint> |