summaryrefslogtreecommitdiff
path: root/data
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-07-07 17:32:00 +0200
committerGitHub <noreply@github.com>2021-07-07 17:32:00 +0200
commit17dff308810497aab19428a6340a4261d91893e4 (patch)
tree8bde3ac286bc552bea9322efcdda33e05e3a86e9 /data
parent511253635a9b67396788d24bacafd237594e0e12 (diff)
parent5a7c46016a23387312b2c9e18528ad7bb20e8366 (diff)
downloadvyos-1x-17dff308810497aab19428a6340a4261d91893e4.tar.gz
vyos-1x-17dff308810497aab19428a6340a4261d91893e4.zip
Merge pull request #912 from sarthurdev/pki_ipsec_rsa
pki: T3642: Migrate rsa-keys to PKI configuration
Diffstat (limited to 'data')
-rw-r--r--data/configd-include.json1
-rw-r--r--data/templates/ipsec/swanctl.conf.tmpl11
-rw-r--r--data/templates/ipsec/swanctl/peer.tmpl4
3 files changed, 8 insertions, 8 deletions
diff --git a/data/configd-include.json b/data/configd-include.json
index d228ac8a3..a03360bdb 100644
--- a/data/configd-include.json
+++ b/data/configd-include.json
@@ -67,7 +67,6 @@
"tftp_server.py",
"vpn_l2tp.py",
"vpn_pptp.py",
-"vpn_rsa-keys.py",
"vpn_sstp.py",
"vrf.py",
"vrrp.py",
diff --git a/data/templates/ipsec/swanctl.conf.tmpl b/data/templates/ipsec/swanctl.conf.tmpl
index 00251d44d..a6ab73cc2 100644
--- a/data/templates/ipsec/swanctl.conf.tmpl
+++ b/data/templates/ipsec/swanctl.conf.tmpl
@@ -48,7 +48,6 @@ secrets {
{% endfor %}
{% endif %}
{% if site_to_site is defined and site_to_site.peer is defined %}
-{% set ns = namespace(local_key_set=False) %}
{% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not defined %}
{% set peer_name = peer.replace(".", "-").replace("@", "") %}
{% if peer_conf.authentication.mode == 'pre-shared-secret' %}
@@ -72,10 +71,12 @@ secrets {
secret = "{{ peer_conf.authentication.x509.passphrase }}"
{% endif %}
}
-{% elif peer_conf.authentication.mode == 'rsa' and not ns.local_key_set %}
-{% set ns.local_key_set = True %}
- rsa_local {
- file = {{ rsa_local_key }}
+{% elif peer_conf.authentication.mode == 'rsa' %}
+ rsa_{{ peer_name }}_local {
+ file = {{ peer_conf.authentication.rsa.local_key }}.pem
+{% if peer_conf.authentication.rsa.passphrase is defined %}
+ secret = "{{ peer_conf.authentication.rsa.passphrase }}"
+{% endif %}
}
{% endif %}
{% endfor %}
diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl
index 4ace06701..8e46e8892 100644
--- a/data/templates/ipsec/swanctl/peer.tmpl
+++ b/data/templates/ipsec/swanctl/peer.tmpl
@@ -38,7 +38,7 @@
{% if peer_conf.authentication.mode == 'x509' %}
certs = {{ peer_conf.authentication.x509.certificate }}.pem
{% elif peer_conf.authentication.mode == 'rsa' %}
- pubkeys = localhost.pub
+ pubkeys = {{ peer_conf.authentication.rsa.local_key }}.pem
{% endif %}
}
remote {
@@ -49,7 +49,7 @@
{% endif %}
auth = {{ 'psk' if peer_conf.authentication.mode == 'pre-shared-secret' else 'pubkey' }}
{% if peer_conf.authentication.mode == 'rsa' %}
- pubkeys = {{ peer_conf.authentication.rsa_key_name }}.pub
+ pubkeys = {{ peer_conf.authentication.rsa.remote_key }}.pem
{% endif %}
}
children {