Merge pull request #2727 from vyos/mergify/bp/sagitta/pr-2707

T5870: ipsec remote access VPN: add x509 ("pubkey") authentication. (backport #2707)
author: Christian Breunig <christian@breunig.cc> 2023-12-31 07:26:57 +0100
committer: GitHub <noreply@github.com> 2023-12-31 07:26:57 +0100
commit: 9e49bcad817dcc7c39e4d5e2329828251327baad (patch)
tree: 1e1bd77ac4b2a856ff07477c9e092343f9f57029 /data/templates
parent: 74e749be2e4b0ce7da259c84535dff6ba1d072cf (diff)
parent: 6cfcef98b8a8fbfa107ecfbb741cfb268ea8340f (diff)
download: vyos-1x-9e49bcad817dcc7c39e4d5e2329828251327baad.tar.gz
vyos-1x-9e49bcad817dcc7c39e4d5e2329828251327baad.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/data/templates/ipsec/swanctl/remote_access.j2 b/data/templates/ipsec/swanctl/remote_access.j2
index 60d2d1807..01dc8a4a7 100644
--- a/data/templates/ipsec/swanctl/remote_access.j2
+++ b/data/templates/ipsec/swanctl/remote_access.j2
@@ -29,8 +29,10 @@
 {% endif %}
         }
         remote {
+{% if rw_conf.authentication.client_mode == 'x509' %}
+            auth = pubkey
+{% elif rw_conf.authentication.client_mode.startswith("eap") %}
             auth = {{ rw_conf.authentication.client_mode }}
-{% if rw_conf.authentication.client_mode.startswith("eap") %}
             eap_id = %any
 {% endif %}
         }
author	Christian Breunig <christian@breunig.cc>	2023-12-31 07:26:57 +0100
committer	GitHub <noreply@github.com>	2023-12-31 07:26:57 +0100
commit	9e49bcad817dcc7c39e4d5e2329828251327baad (patch)
tree	1e1bd77ac4b2a856ff07477c9e092343f9f57029 /data/templates
parent	74e749be2e4b0ce7da259c84535dff6ba1d072cf (diff)
parent	6cfcef98b8a8fbfa107ecfbb741cfb268ea8340f (diff)
download	vyos-1x-9e49bcad817dcc7c39e4d5e2329828251327baad.tar.gz vyos-1x-9e49bcad817dcc7c39e4d5e2329828251327baad.zip