summaryrefslogtreecommitdiff
path: root/data/templates/wifi
diff options
context:
space:
mode:
Diffstat (limited to 'data/templates/wifi')
-rw-r--r--data/templates/wifi/cfg80211.conf.tmpl1
-rw-r--r--data/templates/wifi/crda.tmpl1
-rw-r--r--data/templates/wifi/hostapd.conf.j2 (renamed from data/templates/wifi/hostapd.conf.tmpl)342
-rw-r--r--data/templates/wifi/wpa_supplicant.conf.j2 (renamed from data/templates/wifi/wpa_supplicant.conf.tmpl)8
4 files changed, 172 insertions, 180 deletions
diff --git a/data/templates/wifi/cfg80211.conf.tmpl b/data/templates/wifi/cfg80211.conf.tmpl
deleted file mode 100644
index 91df57aab..000000000
--- a/data/templates/wifi/cfg80211.conf.tmpl
+++ /dev/null
@@ -1 +0,0 @@
-{{ 'options cfg80211 ieee80211_regdom=' + regdom if regdom is defined }}
diff --git a/data/templates/wifi/crda.tmpl b/data/templates/wifi/crda.tmpl
deleted file mode 100644
index 6cd125e37..000000000
--- a/data/templates/wifi/crda.tmpl
+++ /dev/null
@@ -1 +0,0 @@
-{{ 'REGDOMAIN=' + regdom if regdom is defined }}
diff --git a/data/templates/wifi/hostapd.conf.tmpl b/data/templates/wifi/hostapd.conf.j2
index 433e1d36f..f2312d2d4 100644
--- a/data/templates/wifi/hostapd.conf.tmpl
+++ b/data/templates/wifi/hostapd.conf.j2
@@ -1,5 +1,6 @@
+{# j2lint: disable=operator-enclosed-by-spaces #}
### Autogenerated by interfaces-wireless.py ###
-{% if description %}
+{% if description is vyos_defined %}
# Description: {{ description }}
# User-friendly description of device; up to 32 octets encoded in UTF-8
device_name={{ description | truncate(32, True) }}
@@ -11,7 +12,7 @@ device_name={{ description | truncate(32, True) }}
# command line parameter.
interface={{ ifname }}
-{% if is_bridge_member is defined %}
+{% if is_bridge_member is vyos_defined %}
# In case of atheros and nl80211 driver interfaces, an additional
# configuration parameter, bridge, may be used to notify hostapd if the
# interface is included in a bridge. This parameter is not used with Host AP
@@ -24,9 +25,9 @@ interface={{ ifname }}
# has been started to change the interface mode). If needed, the bridge
# interface is also created.
{# as there can only be one bridge interface it is save to loop #}
-{% for bridge in is_bridge_member %}
+{% for bridge in is_bridge_member %}
bridge={{ bridge }}
-{% endfor %}
+{% endfor %}
{% endif %}
# Driver interface type (hostap/wired/none/nl80211/bsd);
@@ -72,7 +73,7 @@ ssid={{ ssid }}
channel={{ channel }}
{% endif %}
-{% if mode is defined and mode is not none %}
+{% if mode is vyos_defined %}
# Operation mode (a = IEEE 802.11a (5 GHz), b = IEEE 802.11b (2.4 GHz),
# g = IEEE 802.11g (2.4 GHz), ad = IEEE 802.11ad (60 GHz); a/g options are used
# with IEEE 802.11n (HT), too, to specify band). For IEEE 802.11ac (VHT), this
@@ -81,15 +82,15 @@ channel={{ channel }}
# special value "any" can be used to indicate that any support band can be used.
# This special case is currently supported only with drivers with which
# offloaded ACS is used.
-{% if mode == 'n' %}
+{% if mode is vyos_defined('n') %}
hw_mode=g
-{% elif mode == 'ac' %}
+{% elif mode is vyos_defined('ac') %}
hw_mode=a
ieee80211h=1
ieee80211ac=1
-{% else %}
+{% else %}
hw_mode={{ mode }}
-{% endif %}
+{% endif %}
{% endif %}
# ieee80211w: Whether management frame protection (MFP) is enabled
@@ -104,7 +105,7 @@ ieee80211w=1
ieee80211w=2
{% endif %}
-{% if capabilities is defined and capabilities.ht is defined %}
+{% if capabilities is vyos_defined %}
# ht_capab: HT capabilities (list of flags)
# LDPC coding capability: [LDPC] = supported
# Supported channel width set: [HT40-] = both 20 MHz and 40 MHz with secondary
@@ -138,70 +139,70 @@ ieee80211w=2
# DSSS/CCK Mode in 40 MHz: [DSSS_CCK-40] = allowed (not allowed if not set)
# 40 MHz intolerant [40-INTOLERANT] (not advertised if not set)
# L-SIG TXOP protection support: [LSIG-TXOP-PROT] (disabled if not set)
-{% set output = namespace(value='') %}
-
-{% if capabilities.ht.fourtymhz_incapable is defined %}
-{% set output.value = output.value + '[40-INTOLERANT]' %}
-{% endif %}
-{% if capabilities.ht.delayed_block_ack is defined %}
-{% set output.value = output.value + '[DELAYED-BA]' %}
-{% endif %}
-{% if capabilities.ht.dsss_cck_40 is defined %}
-{% set output.value = output.value + '[DSSS_CCK-40]' %}
-{% endif %}
-{% if capabilities.ht.greenfield is defined %}
-{% set output.value = output.value + '[GF]' %}
-{% endif %}
-{% if capabilities.ht.ldpc is defined %}
-{% set output.value = output.value + '[LDPC]' %}
-{% endif %}
-{% if capabilities.ht.lsig_protection is defined %}
-{% set output.value = output.value + '[LSIG-TXOP-PROT]' %}
-{% endif %}
-{% if capabilities.ht.stbc is defined and capabilities.ht.stbc.tx is defined %}
-{% set output.value = output.value + '[TX-STBC]' %}
-{% endif %}
-{% if capabilities.ht.stbc is defined and capabilities.ht.stbc.rx is defined %}
-{% set output.value = output.value + '[RX-STBC-' + capabilities.ht.stbc.rx | upper + ']' %}
-{% endif %}
-{% if capabilities.ht.max_amsdu is defined %}
-{% set output.value = output.value + '[MAX-AMSDU-' + capabilities.ht.max_amsdu + ']' %}
-{% endif %}
-{% if capabilities.ht.smps is defined %}
-{% set output.value = output.value + '[SMPS-' + capabilities.ht.smps | upper + ']' %}
-{% endif %}
-
-{% if capabilities.ht.channel_set_width is defined %}
-{% for csw in capabilities.ht.channel_set_width %}
-{% set output.value = output.value + '[' + csw | upper + ']' %}
-{% endfor %}
-{% endif %}
+{% set output = namespace(value='') %}
-{% if capabilities.ht.short_gi is defined %}
-{% for short_gi in capabilities.ht.short_gi %}
-{% set output.value = output.value + '[SHORT-GI-' + short_gi | upper + ']' %}
-{% endfor %}
-{% endif %}
+{% if capabilities.ht.fourtymhz_incapable is vyos_defined %}
+{% set output.value = output.value ~ '[40-INTOLERANT]' %}
+{% endif %}
+{% if capabilities.ht.delayed_block_ack is vyos_defined %}
+{% set output.value = output.value ~ '[DELAYED-BA]' %}
+{% endif %}
+{% if capabilities.ht.dsss_cck_40 is vyos_defined %}
+{% set output.value = output.value ~ '[DSSS_CCK-40]' %}
+{% endif %}
+{% if capabilities.ht.greenfield is vyos_defined %}
+{% set output.value = output.value ~ '[GF]' %}
+{% endif %}
+{% if capabilities.ht.ldpc is vyos_defined %}
+{% set output.value = output.value ~ '[LDPC]' %}
+{% endif %}
+{% if capabilities.ht.lsig_protection is vyos_defined %}
+{% set output.value = output.value ~ '[LSIG-TXOP-PROT]' %}
+{% endif %}
+{% if capabilities.ht.stbc.tx is vyos_defined %}
+{% set output.value = output.value ~ '[TX-STBC]' %}
+{% endif %}
+{% if capabilities.ht.stbc.rx is vyos_defined %}
+{% set output.value = output.value ~ '[RX-STBC-' ~ capabilities.ht.stbc.rx | upper ~ ']' %}
+{% endif %}
+{% if capabilities.ht.max_amsdu is vyos_defined %}
+{% set output.value = output.value ~ '[MAX-AMSDU-' ~ capabilities.ht.max_amsdu ~ ']' %}
+{% endif %}
+{% if capabilities.ht.smps is vyos_defined %}
+{% set output.value = output.value ~ '[SMPS-' ~ capabilities.ht.smps | upper ~ ']' %}
+{% endif %}
+
+{% if capabilities.ht.channel_set_width is vyos_defined %}
+{% for csw in capabilities.ht.channel_set_width %}
+{% set output.value = output.value ~ '[' ~ csw | upper ~ ']' %}
+{% endfor %}
+{% endif %}
+
+{% if capabilities.ht.short_gi is vyos_defined %}
+{% for short_gi in capabilities.ht.short_gi %}
+{% set output.value = output.value ~ '[SHORT-GI-' ~ short_gi | upper ~ ']' %}
+{% endfor %}
+{% endif %}
ht_capab={{ output.value }}
-{% if capabilities.ht.auto_powersave is defined %}
+{% if capabilities.ht.auto_powersave is vyos_defined %}
# WMM-PS Unscheduled Automatic Power Save Delivery [U-APSD]
# Enable this flag if U-APSD supported outside hostapd (eg., Firmware/driver)
uapsd_advertisement_enabled=1
-{% endif %}
+{% endif %}
{% endif %}
# Required for full HT and VHT functionality
wme_enabled=1
-{% if capabilities is defined and capabilities.require_ht is defined %}
+{% if capabilities.require_ht is vyos_defined %}
# Require stations to support HT PHY (reject association if they do not)
require_ht=1
{% endif %}
-{% if capabilities is defined and capabilities.vht is defined %}
+{% if capabilities.vht is vyos_defined %}
# vht_capab: VHT capabilities (list of flags)
#
# vht_max_mpdu_len: [MAX-MPDU-7991] [MAX-MPDU-11454]
@@ -297,7 +298,7 @@ require_ht=1
# Indicates the maximum length of A-MPDU pre-EOF padding that the STA can recv
# This field is an integer in the range of 0 to 7.
# The length defined by this field is equal to
-# 2 pow(13 + Maximum A-MPDU Length Exponent) -1 octets
+# 2 pow(13 ~ Maximum A-MPDU Length Exponent) -1 octets
#
# VHT Link Adaptation Capable: [VHT-LINK-ADAPT2] [VHT-LINK-ADAPT3]
# Indicates whether or not the STA supports link adaptation using VHT variant
@@ -320,87 +321,86 @@ require_ht=1
# 0 = Tx antenna pattern might change during the lifetime of an association
# 1 = Tx antenna pattern does not change during the lifetime of an
-{% if capabilities.vht.center_channel_freq is defined and capabilities.vht.center_channel_freq.freq_1 is defined %}
-# center freq = 5 GHz + (5 * index)
+{% if capabilities.vht.center_channel_freq.freq_1 is vyos_defined %}
+# center freq = 5 GHz ~ (5 * index)
# So index 42 gives center freq 5.210 GHz
# which is channel 42 in 5G band
vht_oper_centr_freq_seg0_idx={{ capabilities.vht.center_channel_freq.freq_1 }}
-{% endif %}
+{% endif %}
-{% if capabilities.vht.center_channel_freq is defined and capabilities.vht.center_channel_freq.freq_2 is defined %}
-# center freq = 5 GHz + (5 * index)
+{% if capabilities.vht.center_channel_freq.freq_2 is vyos_defined %}
+# center freq = 5 GHz ~ (5 * index)
# So index 159 gives center freq 5.795 GHz
# which is channel 159 in 5G band
vht_oper_centr_freq_seg1_idx={{ capabilities.vht.center_channel_freq.freq_2 }}
-{% endif %}
+{% endif %}
-{% if capabilities.vht.channel_set_width is defined %}
+{% if capabilities.vht.channel_set_width is vyos_defined %}
vht_oper_chwidth={{ capabilities.vht.channel_set_width }}
-{% endif %}
-
-{% set output = namespace(value='') %}
-{% if capabilities.vht.stbc is defined and capabilities.vht.stbc.tx is defined %}
-{% set output.value = output.value + '[TX-STBC-2BY1]' %}
-{% endif %}
-{% if capabilities.vht.stbc is defined and capabilities.vht.stbc.rx is defined %}
-{% set output.value = output.value + '[RX-STBC-' + capabilities.vht.stbc.rx + ']' %}
-{% endif %}
-{% if capabilities.vht.ldpc is defined %}
-{% set output.value = output.value + '[RXLDPC]' %}
-{% endif %}
-{% if capabilities.vht.tx_powersave is defined %}
-{% set output.value = output.value + '[VHT-TXOP-PS]' %}
-{% endif %}
-{% if capabilities.vht.vht_cf is defined %}
-{% set output.value = output.value + '[HTC-VHT]' %}
-{% endif %}
-{% if capabilities.vht.antenna_pattern_fixed is defined %}
-{% set output.value = output.value + '[RX-ANTENNA-PATTERN][TX-ANTENNA-PATTERN]' %}
-{% endif %}
-{% if capabilities.vht.max_mpdu is defined %}
-{% set output.value = output.value + '[MAX-MPDU-' + capabilities.vht.max_mpdu + ']' %}
-{% endif %}
-{% if capabilities.vht.max_mpdu_exp is defined %}
-{% set output.value = output.value + '[MAX-A-MPDU-LEN-EXP-' + capabilities.vht.max_mpdu_exp + ']' %}
-{% endif %}
-{% if capabilities.vht.max_mpdu_exp is defined and capabilities.vht.max_mpdu_exp == '2' %}
-{% set output.value = output.value + '[VHT160]' %}
-{% endif %}
-{% if capabilities.vht.max_mpdu_exp is defined and capabilities.vht.max_mpdu_exp == '3' %}
-{% set output.value = output.value + '[VHT160-80PLUS80]' %}
-{% endif %}
-{% if capabilities.vht.link_adaptation is defined and capabilities.vht.link_adaptation == 'unsolicited' %}
-{% set output.value = output.value + '[VHT-LINK-ADAPT2]' %}
-{% endif %}
-{% if capabilities.vht.link_adaptation is defined and capabilities.vht.link_adaptation == 'both' %}
-{% set output.value = output.value + '[VHT-LINK-ADAPT3]' %}
-{% endif %}
-
-{% for short_gi in capabilities.vht.short_gi if capabilities.vht.short_gi is defined %}
-{% set output.value = output.value + '[SHORT-GI-' + short_gi | upper + ']' %}
-{% endfor %}
-
-{% for beamform in capabilities.vht.beamform if capabilities.vht.beamform is defined %}
-{% set output.value = output.value + '[SU-BEAMFORMER]' if beamform == 'single-user-beamformer' else '' %}
-{% set output.value = output.value + '[SU-BEAMFORMEE]' if beamform == 'single-user-beamformee' else '' %}
-{% set output.value = output.value + '[MU-BEAMFORMER]' if beamform == 'multi-user-beamformer' else '' %}
-{% set output.value = output.value + '[MU-BEAMFORMEE]' if beamform == 'multi-user-beamformee' else '' %}
-{% endfor %}
-
-{% if capabilities.vht.antenna_count is defined and capabilities.vht.antenna_count|int > 1 %}
-{% if capabilities.vht.beamform %}
-{% if beamform == 'single-user-beamformer' %}
-{% if capabilities.vht.antenna_count is defined and capabilities.vht.antenna_count|int > 1 and capabilities.vht.antenna_count|int < 6 %}
-{% set output.value = output.value + '[BF-ANTENNA-' + capabilities.vht.antenna_count|int -1 + ']' %}
-{% set output.value = output.value + '[SOUNDING-DIMENSION-' + capabilities.vht.antenna_count|int -1 + ']' %}
+{% endif %}
+
+{% set output = namespace(value='') %}
+{% if capabilities.vht.stbc.tx is vyos_defined %}
+{% set output.value = output.value ~ '[TX-STBC-2BY1]' %}
+{% endif %}
+{% if capabilities.vht.stbc.rx is vyos_defined %}
+{% set output.value = output.value ~ '[RX-STBC-' ~ capabilities.vht.stbc.rx ~ ']' %}
+{% endif %}
+{% if capabilities.vht.ldpc is vyos_defined %}
+{% set output.value = output.value ~ '[RXLDPC]' %}
+{% endif %}
+{% if capabilities.vht.tx_powersave is vyos_defined %}
+{% set output.value = output.value ~ '[VHT-TXOP-PS]' %}
+{% endif %}
+{% if capabilities.vht.vht_cf is vyos_defined %}
+{% set output.value = output.value ~ '[HTC-VHT]' %}
+{% endif %}
+{% if capabilities.vht.antenna_pattern_fixed is vyos_defined %}
+{% set output.value = output.value ~ '[RX-ANTENNA-PATTERN][TX-ANTENNA-PATTERN]' %}
+{% endif %}
+{% if capabilities.vht.max_mpdu is vyos_defined %}
+{% set output.value = output.value ~ '[MAX-MPDU-' ~ capabilities.vht.max_mpdu ~ ']' %}
+{% endif %}
+{% if capabilities.vht.max_mpdu_exp is vyos_defined %}
+{% set output.value = output.value ~ '[MAX-A-MPDU-LEN-EXP-' ~ capabilities.vht.max_mpdu_exp ~ ']' %}
+{% if capabilities.vht.max_mpdu_exp is vyos_defined('2') %}
+{% set output.value = output.value ~ '[VHT160]' %}
+{% endif %}
+{% if capabilities.vht.max_mpdu_exp is vyos_defined('3') %}
+{% set output.value = output.value ~ '[VHT160-80PLUS80]' %}
+{% endif %}
+{% endif %}
+{% if capabilities.vht.link_adaptation is vyos_defined('unsolicited') %}
+{% set output.value = output.value ~ '[VHT-LINK-ADAPT2]' %}
+{% elif capabilities.vht.link_adaptation is vyos_defined('both') %}
+{% set output.value = output.value ~ '[VHT-LINK-ADAPT3]' %}
+{% endif %}
+
+{% for short_gi in capabilities.vht.short_gi if capabilities.vht.short_gi is vyos_defined %}
+{% set output.value = output.value ~ '[SHORT-GI-' ~ short_gi | upper ~ ']' %}
+{% endfor %}
+
+{% for beamform in capabilities.vht.beamform if capabilities.vht.beamform is vyos_defined %}
+{% set output.value = output.value ~ '[SU-BEAMFORMER]' if beamform is vyos_defined('single-user-beamformer') else '' %}
+{% set output.value = output.value ~ '[SU-BEAMFORMEE]' if beamform is vyos_defined('single-user-beamformee') else '' %}
+{% set output.value = output.value ~ '[MU-BEAMFORMER]' if beamform is vyos_defined('multi-user-beamformer') else '' %}
+{% set output.value = output.value ~ '[MU-BEAMFORMEE]' if beamform is vyos_defined('multi-user-beamformee') else '' %}
+{% endfor %}
+
+{% if capabilities.vht.antenna_count is vyos_defined and capabilities.vht.antenna_count | int > 1 %}
+{% if capabilities.vht.beamform is vyos_defined %}
+{% if capabilities.vht.beamform == 'single-user-beamformer' %}
+{% if capabilities.vht.antenna_count is vyos_defined and capabilities.vht.antenna_count | int > 1 and capabilities.vht.antenna_count | int < 6 %}
+{% set output.value = output.value ~ '[BF-ANTENNA-' ~ capabilities.vht.antenna_count | int -1 ~ ']' %}
+{% set output.value = output.value ~ '[SOUNDING-DIMENSION-' ~ capabilities.vht.antenna_count | int -1 ~ ']' %}
+{% endif %}
+{% endif %}
+{% if capabilities.vht.antenna_count is vyos_defined and capabilities.vht.antenna_count | int > 1 and capabilities.vht.antenna_count | int < 5 %}
+{% set output.value = output.value ~ '[BF-ANTENNA-' ~ capabilities.vht.antenna_count ~ ']' %}
+{% set output.value = output.value ~ '[SOUNDING-DIMENSION-' ~ capabilities.vht.antenna_count ~ ']' %}
+{% endif %}
{% endif %}
-{% endif %}
-{% if capabilities.vht.antenna_count is defined and capabilities.vht.antenna_count|int > 1 and capabilities.vht.antenna_count|int < 5 %}
-{% set output.value = output.value + '[BF-ANTENNA-' + capabilities.vht.antenna_count + ']' %}
-{% set output.value = output.value + '[SOUNDING-DIMENSION-' + capabilities.vht.antenna_count+ ']' %}
-{% endif %}
{% endif %}
-{% endif %}
vht_capab={{ output.value }}
{% endif %}
@@ -410,19 +410,15 @@ vht_capab={{ output.value }}
# 1 = enabled
# Note: You will also need to enable WMM for full HT functionality.
# Note: hw_mode=g (2.4 GHz) and hw_mode=a (5 GHz) is used to specify the band.
-{% if capabilities is defined and capabilities.require_vht is defined %}
+{% if capabilities.require_vht is vyos_defined %}
ieee80211n=0
# Require stations to support VHT PHY (reject association if they do not)
require_vht=1
{% else %}
-{% if 'n' in mode or 'ac' in mode %}
-ieee80211n=1
-{% else %}
-ieee80211n=0
-{% endif %}
+ieee80211n={{ '1' if 'n' in mode or 'ac' in mode else '0' }}
{% endif %}
-{% if disable_broadcast_ssid is defined %}
+{% if disable_broadcast_ssid is vyos_defined %}
# Send empty SSID in beacons and ignore probe request frames that do not
# specify full SSID, i.e., require stations to know SSID.
# default: disabled (0)
@@ -443,7 +439,7 @@ ignore_broadcast_ssid=1
# 2 = use external RADIUS server (accept/deny lists are searched first)
macaddr_acl=0
-{% if max_stations is defined %}
+{% if max_stations is vyos_defined %}
# Maximum number of stations allowed in station table. New stations will be
# rejected after the station table is full. IEEE 802.11 has a limit of 2007
# different association IDs, so this number should not be larger than that.
@@ -451,13 +447,13 @@ macaddr_acl=0
max_num_sta={{ max_stations }}
{% endif %}
-{% if isolate_stations is defined %}
+{% if isolate_stations is vyos_defined %}
# Client isolation can be used to prevent low-level bridging of frames between
# associated stations in the BSS. By default, this bridging is allowed.
ap_isolate=1
{% endif %}
-{% if reduce_transmit_power is defined %}
+{% if reduce_transmit_power is vyos_defined %}
# Add Power Constraint element to Beacon and Probe Response frames
# This config option adds Power Constraint element when applicable and Country
# element is added. Power Constraint element is required by Transmit Power
@@ -466,7 +462,7 @@ ap_isolate=1
local_pwr_constraint={{ reduce_transmit_power }}
{% endif %}
-{% if expunge_failing_stations is defined %}
+{% if expunge_failing_stations is vyos_defined %}
# Disassociate stations based on excessive transmission failures or other
# indications of connection loss. This depends on the driver capabilities and
# may not be available with all drivers.
@@ -474,7 +470,7 @@ disassoc_low_ack=1
{% endif %}
-{% if security is defined and security.wep is defined %}
+{% if security.wep is vyos_defined %}
# IEEE 802.11 specifies two authentication algorithms. hostapd can be
# configured to allow both of these or only one. Open system authentication
# should be used with IEEE 802.1X.
@@ -503,14 +499,14 @@ wep_default_key=0
# digits, depending on whether 40-bit (64-bit), 104-bit (128-bit), or
# 128-bit (152-bit) WEP is used.
# Only the default key must be supplied; the others are optional.
-{% if security.wep.key is defined %}
-{% for key in sec_wep_key %}
+{% if security.wep.key is vyos_defined %}
+{% for key in sec_wep_key %}
wep_key{{ loop.index -1 }}={{ security.wep.key }}
-{% endfor %}
-{% endif %}
+{% endfor %}
+{% endif %}
-{% elif security is defined and security.wpa is defined %}
+{% elif security.wpa is vyos_defined %}
##### WPA/IEEE 802.11i configuration ##########################################
# Enable WPA. Setting this variable configures the AP to require WPA (either
@@ -527,17 +523,15 @@ wep_key{{ loop.index -1 }}={{ security.wep.key }}
# Note that WPA3 is also configured with bit1 since it uses RSN just like WPA2.
# In other words, for WPA3, wpa 2 is used the configuration (and
# wpa_key_mgmt=SAE for WPA3-Personal instead of wpa_key_mgmt=WPA-PSK).
-{% if security.wpa.mode is defined %}
-{% if security.wpa.mode == 'wpa+wpa2' %}
+{% if security.wpa.mode is vyos_defined('wpa+wpa2') %}
wpa=3
-{% elif security.wpa.mode == 'wpa2' or security.wpa.mode == 'wpa3' %}
+{% elif security.wpa.mode is vyos_defined('wpa2') or security.wpa.mode is vyos_defined('wpa3') %}
wpa=2
-{% elif security.wpa.mode == 'wpa' %}
+{% elif security.wpa.mode is vyos_defined('wpa') %}
wpa=1
{% endif %}
-{% endif %}
-{% if security.wpa.cipher is defined %}
+{% if security.wpa.cipher is vyos_defined %}
# Set of accepted cipher suites (encryption algorithms) for pairwise keys
# (unicast packets). This is a space separated list of algorithms:
# CCMP = AES in Counter mode with CBC-MAC (CCMP-128)
@@ -551,16 +545,16 @@ wpa=1
# TKIP will be used as the group cipher. The optional group_cipher parameter can
# be used to override this automatic selection.
-{% if security.wpa.mode is defined and security.wpa.mode == 'wpa2' %}
+{% if security.wpa.mode is vyos_defined('wpa2') %}
# Pairwise cipher for RSN/WPA2 (default: use wpa_pairwise value)
rsn_pairwise={{ security.wpa.cipher | join(" ") }}
-{% else %}
+{% else %}
# Pairwise cipher for WPA (v1) (default: TKIP)
wpa_pairwise={{ security.wpa.cipher | join(" ") }}
+{% endif %}
{% endif %}
-{% endif %}
-{% if security.wpa.group_cipher is defined %}
+{% if security.wpa.group_cipher is vyos_defined %}
# Optional override for automatic group cipher selection
# This can be used to select a specific group cipher regardless of which
# pairwise ciphers were enabled for WPA and RSN. It should be noted that
@@ -568,9 +562,9 @@ wpa_pairwise={{ security.wpa.cipher | join(" ") }}
# interoperability issues and in general, this parameter is mainly used for
# testing purposes.
group_cipher={{ security.wpa.group_cipher | join(" ") }}
-{% endif %}
+{% endif %}
-{% if security.wpa.passphrase is defined %}
+{% if security.wpa.passphrase is vyos_defined %}
# IEEE 802.11 specifies two authentication algorithms. hostapd can be
# configured to allow both of these or only one. Open system authentication
# should be used with IEEE 802.1X.
@@ -594,13 +588,13 @@ wpa_passphrase={{ security.wpa.passphrase }}
# WPA-EAP-SHA256 = WPA2-Enterprise using SHA256
# SAE = SAE (WPA3-Personal)
# WPA-EAP-SUITE-B-192 = WPA3-Enterprise with 192-bit security/CNSA suite
-{% if security.wpa.mode is defined and security.wpa.mode == 'wpa3' %}
+{% if security.wpa.mode is vyos_defined('wpa3') %}
wpa_key_mgmt=SAE
-{% else %}
+{% else %}
wpa_key_mgmt=WPA-PSK WPA-PSK-SHA256
-{% endif %}
+{% endif %}
-{% elif security.wpa.radius is defined %}
+{% elif security.wpa.radius is vyos_defined %}
##### IEEE 802.1X-2004 related configuration ##################################
# Require IEEE 802.1X authorization
ieee8021x=1
@@ -614,43 +608,43 @@ ieee8021x=1
# WPA-EAP-SHA256 = WPA2-Enterprise using SHA256
# SAE = SAE (WPA3-Personal)
# WPA-EAP-SUITE-B-192 = WPA3-Enterprise with 192-bit security/CNSA suite
-{% if security.wpa.mode is defined and security.wpa.mode == 'wpa3' %}
+{% if security.wpa.mode is vyos_defined('wpa3') %}
wpa_key_mgmt=WPA-EAP-SUITE-B-192
-{% else %}
+{% else %}
wpa_key_mgmt=WPA-EAP WPA-EAP-SHA256
-{% endif %}
+{% endif %}
-{% if security.wpa.radius.server is defined %}
+{% if security.wpa.radius.server is vyos_defined %}
# RADIUS client forced local IP address for the access point
# Normally the local IP address is determined automatically based on configured
# IP addresses, but this field can be used to force a specific address to be
# used, e.g., when the device has multiple IP addresses.
# The own IP address of the access point (used as NAS-IP-Address)
-{% if security.wpa.radius.source_address is defined %}
+{% if security.wpa.radius.source_address is vyos_defined %}
radius_client_addr={{ security.wpa.radius.source_address }}
own_ip_addr={{ security.wpa.radius.source_address }}
-{% else %}
+{% else %}
own_ip_addr=127.0.0.1
-{% endif %}
+{% endif %}
-{% for radius in security.wpa.radius.server if not radius.disabled %}
+{% for radius in security.wpa.radius.server if not radius.disabled %}
# RADIUS authentication server
auth_server_addr={{ radius.server }}
auth_server_port={{ radius.port }}
auth_server_shared_secret={{ radius.key }}
-{% if radius.acc_port %}
+{% if radius.acc_port %}
# RADIUS accounting server
acct_server_addr={{ radius.server }}
acct_server_port={{ radius.acc_port }}
acct_server_shared_secret={{ radius.key }}
-{% endif %}
-{% endfor %}
-{% else %}
+{% endif %}
+{% endfor %}
+{% else %}
# Open system
auth_algs=1
+{% endif %}
{% endif %}
-{% endif %}
{% endif %}
# TX queue parameters (EDCF / bursting)
diff --git a/data/templates/wifi/wpa_supplicant.conf.tmpl b/data/templates/wifi/wpa_supplicant.conf.j2
index 20b4f7976..01e0d632f 100644
--- a/data/templates/wifi/wpa_supplicant.conf.tmpl
+++ b/data/templates/wifi/wpa_supplicant.conf.j2
@@ -18,7 +18,7 @@ network={
# this will add latency to scanning, so enable this only when needed)
scan_ssid=1
-{% if security is defined and security.wpa is defined and security.wpa.passphrase is defined %}
+{% if security.wpa.passphrase is vyos_defined %}
# ieee80211w: whether management frame protection is enabled
# 0 = disabled (default unless changed with the global pmf parameter)
# 1 = optional
@@ -59,11 +59,11 @@ network={
# OWE = Opportunistic Wireless Encryption (a.k.a. Enhanced Open)
# DPP = Device Provisioning Protocol
# If not set, this defaults to: WPA-PSK WPA-EAP
-{% if security.wpa.mode is defined and security.wpa.mode == 'wpa3' %}
+{% if security.wpa.mode is vyos_defined('wpa3') %}
key_mgmt=SAE
-{% else %}
+{% else %}
key_mgmt=WPA-PSK WPA-PSK-SHA256
-{% endif %}
+{% endif %}
# psk: WPA preshared key; 256-bit pre-shared key
# The key used in WPA-PSK mode can be entered either as 64 hex-digits, i.e.,