diff options
author | Viacheslav Hletenko <v.gletenko@vyos.io> | 2023-01-17 11:04:08 +0000 |
---|---|---|
committer | Viacheslav Hletenko <v.gletenko@vyos.io> | 2023-01-26 11:28:03 +0000 |
commit | 7ae0b404ad9fdefa856c7e450b224b47d854a4eb (patch) | |
tree | aa8fca32cc1f6a83cc8d5bfaccde866338bf3b6c /python/vyos/template.py | |
parent | fc1c93a141bd095884088a8fa6f935d642bf6528 (diff) | |
download | vyos-1x-7ae0b404ad9fdefa856c7e450b224b47d854a4eb.tar.gz vyos-1x-7ae0b404ad9fdefa856c7e450b224b47d854a4eb.zip |
T4916: Rewrite IPsec peer authentication and psk migration
Rewrite strongswan IPsec authentication to reflect structure
from swanctl.conf
The most important change is that more than one local/remote ID in the
same auth entry should be allowed
replace: 'ipsec site-to-site peer <tag> authentication pre-shared-secret xxx'
=> 'ipsec authentication psk <tag> secret xxx'
set vpn ipsec authentication psk <tag> id '192.0.2.1'
set vpn ipsec authentication psk <tag> id '192.0.2.2'
set vpn ipsec authentication psk <tag> secret 'xxx'
set vpn ipsec site-to-site peer <tag> authentication local-id '192.0.2.1'
set vpn ipsec site-to-site peer <tag> authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer <tag> authentication remote-id '192.0.2.2'
Add template filter for Jinja2 'generate_uuid4'
Diffstat (limited to 'python/vyos/template.py')
-rw-r--r-- | python/vyos/template.py | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/python/vyos/template.py b/python/vyos/template.py index 2a4135f9e..e079a820b 100644 --- a/python/vyos/template.py +++ b/python/vyos/template.py @@ -193,6 +193,16 @@ def dot_colon_to_dash(text): text = text.replace(".", "-") return text +@register_filter('generate_uuid4') +def generate_uuid4(text): + """ Generate random unique ID + Example: + % uuid4() + UUID('958ddf6a-ef14-4e81-8cfb-afb12456d1c5') + """ + from uuid import uuid4 + return uuid4() + @register_filter('netmask_from_cidr') def netmask_from_cidr(prefix): """ Take CIDR prefix and convert the prefix length to a "subnet mask". |