From 7ae0b404ad9fdefa856c7e450b224b47d854a4eb Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Tue, 17 Jan 2023 11:04:08 +0000 Subject: T4916: Rewrite IPsec peer authentication and psk migration Rewrite strongswan IPsec authentication to reflect structure from swanctl.conf The most important change is that more than one local/remote ID in the same auth entry should be allowed replace: 'ipsec site-to-site peer authentication pre-shared-secret xxx' => 'ipsec authentication psk secret xxx' set vpn ipsec authentication psk id '192.0.2.1' set vpn ipsec authentication psk id '192.0.2.2' set vpn ipsec authentication psk secret 'xxx' set vpn ipsec site-to-site peer authentication local-id '192.0.2.1' set vpn ipsec site-to-site peer authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer authentication remote-id '192.0.2.2' Add template filter for Jinja2 'generate_uuid4' --- .../include/dhcp-interface-multi.xml.i | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 interface-definitions/include/dhcp-interface-multi.xml.i (limited to 'interface-definitions/include/dhcp-interface-multi.xml.i') diff --git a/interface-definitions/include/dhcp-interface-multi.xml.i b/interface-definitions/include/dhcp-interface-multi.xml.i new file mode 100644 index 000000000..c74751a19 --- /dev/null +++ b/interface-definitions/include/dhcp-interface-multi.xml.i @@ -0,0 +1,18 @@ + + + + DHCP interface supplying next-hop IP address + + + + + txt + DHCP interface name + + + #include + + + + + \ No newline at end of file -- cgit v1.2.3