diff options
author | Christian Poessinger <christian@poessinger.com> | 2022-08-15 19:44:11 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-08-15 19:44:11 +0200 |
commit | 50bdb0e9e450a26ea12acb37022fb5b0aa63d50b (patch) | |
tree | 16d555037ca208c64407f7d753956dc27e26f8c9 /data | |
parent | 63d572ffa332e75c8dbf0f9f627a4c25411d4ac6 (diff) | |
parent | df704a7cb884e879d8c905782aaf869daab31fab (diff) | |
download | vyos-1x-50bdb0e9e450a26ea12acb37022fb5b0aa63d50b.tar.gz vyos-1x-50bdb0e9e450a26ea12acb37022fb5b0aa63d50b.zip |
Merge pull request #1469 from c-po/macsec-equuleus
MACsec: T4537: fix AES-GCM-256 support
Diffstat (limited to 'data')
-rw-r--r-- | data/templates/macsec/wpa_supplicant.conf.tmpl | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/data/templates/macsec/wpa_supplicant.conf.tmpl b/data/templates/macsec/wpa_supplicant.conf.tmpl index 5b353def8..65747ea6f 100644 --- a/data/templates/macsec/wpa_supplicant.conf.tmpl +++ b/data/templates/macsec/wpa_supplicant.conf.tmpl @@ -47,6 +47,12 @@ network={ # 1: Integrity only macsec_integ_only={{ '0' if security is defined and security.encrypt is defined else '1' }} + # macsec_csindex: IEEE 802.1X/MACsec cipher suite + # 0 = GCM-AES-128 + # 1 = GCM-AES-256 +{# security.cipher is a mandatory key #} + macsec_csindex={{ '1' if security.cipher is defined and security.cipher == 'gcm-aes-256' else '0' }} + {% if security is defined %} {% if security.encrypt is defined %} # mka_cak, mka_ckn, and mka_priority: IEEE 802.1X/MACsec pre-shared key mode @@ -63,7 +69,7 @@ network={ # mka_priority (Priority of MKA Actor) is in 0..255 range with 255 being # default priority mka_priority={{ security.mka.priority }} -{% endif %} +{% endif %} {% if security.replay_window is defined %} # macsec_replay_protect: IEEE 802.1X/MACsec replay protection @@ -85,5 +91,9 @@ network={ macsec_replay_window={{ security.replay_window }} {% endif %} {% endif %} + + # macsec_port: IEEE 802.1X/MACsec port - Port component of the SCI + # Range: 1-65534 (default: 1) + macsec_port=1 } |