summaryrefslogtreecommitdiff
path: root/data
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-08-15 19:44:11 +0200
committerGitHub <noreply@github.com>2022-08-15 19:44:11 +0200
commit50bdb0e9e450a26ea12acb37022fb5b0aa63d50b (patch)
tree16d555037ca208c64407f7d753956dc27e26f8c9 /data
parent63d572ffa332e75c8dbf0f9f627a4c25411d4ac6 (diff)
parentdf704a7cb884e879d8c905782aaf869daab31fab (diff)
downloadvyos-1x-50bdb0e9e450a26ea12acb37022fb5b0aa63d50b.tar.gz
vyos-1x-50bdb0e9e450a26ea12acb37022fb5b0aa63d50b.zip
Merge pull request #1469 from c-po/macsec-equuleus
MACsec: T4537: fix AES-GCM-256 support
Diffstat (limited to 'data')
-rw-r--r--data/templates/macsec/wpa_supplicant.conf.tmpl12
1 files changed, 11 insertions, 1 deletions
diff --git a/data/templates/macsec/wpa_supplicant.conf.tmpl b/data/templates/macsec/wpa_supplicant.conf.tmpl
index 5b353def8..65747ea6f 100644
--- a/data/templates/macsec/wpa_supplicant.conf.tmpl
+++ b/data/templates/macsec/wpa_supplicant.conf.tmpl
@@ -47,6 +47,12 @@ network={
# 1: Integrity only
macsec_integ_only={{ '0' if security is defined and security.encrypt is defined else '1' }}
+ # macsec_csindex: IEEE 802.1X/MACsec cipher suite
+ # 0 = GCM-AES-128
+ # 1 = GCM-AES-256
+{# security.cipher is a mandatory key #}
+ macsec_csindex={{ '1' if security.cipher is defined and security.cipher == 'gcm-aes-256' else '0' }}
+
{% if security is defined %}
{% if security.encrypt is defined %}
# mka_cak, mka_ckn, and mka_priority: IEEE 802.1X/MACsec pre-shared key mode
@@ -63,7 +69,7 @@ network={
# mka_priority (Priority of MKA Actor) is in 0..255 range with 255 being
# default priority
mka_priority={{ security.mka.priority }}
-{% endif %}
+{% endif %}
{% if security.replay_window is defined %}
# macsec_replay_protect: IEEE 802.1X/MACsec replay protection
@@ -85,5 +91,9 @@ network={
macsec_replay_window={{ security.replay_window }}
{% endif %}
{% endif %}
+
+ # macsec_port: IEEE 802.1X/MACsec port - Port component of the SCI
+ # Range: 1-65534 (default: 1)
+ macsec_port=1
}