summaryrefslogtreecommitdiff
path: root/data
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-07-20 15:43:43 +0200
committerGitHub <noreply@github.com>2021-07-20 15:43:43 +0200
commit4ff379d18a750314fda2b2fec5a1e285bd92f15c (patch)
tree36d0090231779a272e03718e1ccc9d6c906f1220 /data
parent2975c5e835fd323ef5d47bebec27e4d08e04dd7a (diff)
parent70785300b0dbd11bcd805f7d2906e77fc826f4a7 (diff)
downloadvyos-1x-4ff379d18a750314fda2b2fec5a1e285bd92f15c.tar.gz
vyos-1x-4ff379d18a750314fda2b2fec5a1e285bd92f15c.zip
Merge pull request #930 from sarthurdev/pki_migration
pki: openconnect: sstp: T3642: Migrate OpenConnect and SSTP to PKI configuration
Diffstat (limited to 'data')
-rw-r--r--data/templates/accel-ppp/sstp.config.tmpl6
-rw-r--r--data/templates/ocserv/ocserv_config.tmpl14
2 files changed, 10 insertions, 10 deletions
diff --git a/data/templates/accel-ppp/sstp.config.tmpl b/data/templates/accel-ppp/sstp.config.tmpl
index 7ca7b1c1e..fad91d118 100644
--- a/data/templates/accel-ppp/sstp.config.tmpl
+++ b/data/templates/accel-ppp/sstp.config.tmpl
@@ -29,9 +29,9 @@ disable
verbose=1
ifname=sstp%d
accept=ssl
-ssl-ca-file={{ ssl.ca_cert_file }}
-ssl-pemfile={{ ssl.cert_file }}
-ssl-keyfile={{ ssl.key_file }}
+ssl-ca-file=/run/accel-pppd/sstp-ca.pem
+ssl-pemfile=/run/accel-pppd/sstp-cert.pem
+ssl-keyfile=/run/accel-pppd/sstp-cert.key
{# Common IP pool definitions #}
{% include 'accel-ppp/config_ip_pool.j2' %}
diff --git a/data/templates/ocserv/ocserv_config.tmpl b/data/templates/ocserv/ocserv_config.tmpl
index 328af0c0d..0be805235 100644
--- a/data/templates/ocserv/ocserv_config.tmpl
+++ b/data/templates/ocserv/ocserv_config.tmpl
@@ -12,16 +12,16 @@ auth = "radius [config=/run/ocserv/radiusclient.conf]"
auth = "plain[/run/ocserv/ocpasswd]"
{% endif %}
-{% if ssl.cert_file %}
-server-cert = {{ ssl.cert_file }}
+{% if ssl.certificate is defined %}
+server-cert = /run/ocserv/cert.pem
+server-key = /run/ocserv/cert.key
+{% if ssl.passphrase is defined %}
+key-pin = {{ ssl.passphrase }}
{% endif %}
-
-{% if ssl.key_file %}
-server-key = {{ ssl.key_file }}
{% endif %}
-{% if ssl.ca_cert_file %}
-ca-cert = {{ ssl.ca_cert_file }}
+{% if ssl.ca_certificate is defined %}
+ca-cert = /run/ocserv/ca.pem
{% endif %}
socket-file = /run/ocserv/ocserv.socket