diff options
author | Christian Poessinger <christian@poessinger.com> | 2021-07-07 17:32:00 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-07-07 17:32:00 +0200 |
commit | 17dff308810497aab19428a6340a4261d91893e4 (patch) | |
tree | 8bde3ac286bc552bea9322efcdda33e05e3a86e9 /data | |
parent | 511253635a9b67396788d24bacafd237594e0e12 (diff) | |
parent | 5a7c46016a23387312b2c9e18528ad7bb20e8366 (diff) | |
download | vyos-1x-17dff308810497aab19428a6340a4261d91893e4.tar.gz vyos-1x-17dff308810497aab19428a6340a4261d91893e4.zip |
Merge pull request #912 from sarthurdev/pki_ipsec_rsa
pki: T3642: Migrate rsa-keys to PKI configuration
Diffstat (limited to 'data')
-rw-r--r-- | data/configd-include.json | 1 | ||||
-rw-r--r-- | data/templates/ipsec/swanctl.conf.tmpl | 11 | ||||
-rw-r--r-- | data/templates/ipsec/swanctl/peer.tmpl | 4 |
3 files changed, 8 insertions, 8 deletions
diff --git a/data/configd-include.json b/data/configd-include.json index d228ac8a3..a03360bdb 100644 --- a/data/configd-include.json +++ b/data/configd-include.json @@ -67,7 +67,6 @@ "tftp_server.py", "vpn_l2tp.py", "vpn_pptp.py", -"vpn_rsa-keys.py", "vpn_sstp.py", "vrf.py", "vrrp.py", diff --git a/data/templates/ipsec/swanctl.conf.tmpl b/data/templates/ipsec/swanctl.conf.tmpl index 00251d44d..a6ab73cc2 100644 --- a/data/templates/ipsec/swanctl.conf.tmpl +++ b/data/templates/ipsec/swanctl.conf.tmpl @@ -48,7 +48,6 @@ secrets { {% endfor %} {% endif %} {% if site_to_site is defined and site_to_site.peer is defined %} -{% set ns = namespace(local_key_set=False) %} {% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not defined %} {% set peer_name = peer.replace(".", "-").replace("@", "") %} {% if peer_conf.authentication.mode == 'pre-shared-secret' %} @@ -72,10 +71,12 @@ secrets { secret = "{{ peer_conf.authentication.x509.passphrase }}" {% endif %} } -{% elif peer_conf.authentication.mode == 'rsa' and not ns.local_key_set %} -{% set ns.local_key_set = True %} - rsa_local { - file = {{ rsa_local_key }} +{% elif peer_conf.authentication.mode == 'rsa' %} + rsa_{{ peer_name }}_local { + file = {{ peer_conf.authentication.rsa.local_key }}.pem +{% if peer_conf.authentication.rsa.passphrase is defined %} + secret = "{{ peer_conf.authentication.rsa.passphrase }}" +{% endif %} } {% endif %} {% endfor %} diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl index 4ace06701..8e46e8892 100644 --- a/data/templates/ipsec/swanctl/peer.tmpl +++ b/data/templates/ipsec/swanctl/peer.tmpl @@ -38,7 +38,7 @@ {% if peer_conf.authentication.mode == 'x509' %} certs = {{ peer_conf.authentication.x509.certificate }}.pem {% elif peer_conf.authentication.mode == 'rsa' %} - pubkeys = localhost.pub + pubkeys = {{ peer_conf.authentication.rsa.local_key }}.pem {% endif %} } remote { @@ -49,7 +49,7 @@ {% endif %} auth = {{ 'psk' if peer_conf.authentication.mode == 'pre-shared-secret' else 'pubkey' }} {% if peer_conf.authentication.mode == 'rsa' %} - pubkeys = {{ peer_conf.authentication.rsa_key_name }}.pub + pubkeys = {{ peer_conf.authentication.rsa.remote_key }}.pem {% endif %} } children { |