diff options
| author | Christian Poessinger <christian@poessinger.com> | 2018-11-11 20:46:55 +0100 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2018-11-11 20:48:39 +0100 |
| commit | 1b94994d3f9c7ca32dfad3051fe9c3330edcfd98 (patch) | |
| tree | 74e3e0ffe2adf0e8eddd384accb7ff01bf7be337 | |
| parent | 3f33e3d1ce4e4a8dbcbdabd96763c87dfa4e2cff (diff) | |
| download | vyatta-op-1b94994d3f9c7ca32dfad3051fe9c3330edcfd98.tar.gz vyatta-op-1b94994d3f9c7ca32dfad3051fe9c3330edcfd98.zip | |
T999: "strip-private" does not strip pre-shared-secret
Private information as the IPSec pre shared key was not removed on:
vyos@vyos# show vpn ipsec | strip-private
| -rw-r--r-- | scripts/vyos-strip-config.pl | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/scripts/vyos-strip-config.pl b/scripts/vyos-strip-config.pl index a1e2f23..7b1d9ed 100644 --- a/scripts/vyos-strip-config.pl +++ b/scripts/vyos-strip-config.pl @@ -158,6 +158,9 @@ $input =~ s/ (peer|remote-host|local-host|server) ([\w-]+\.)+[\w-]+/ $1 xxxxx.tl # Strip OpenVPN secrets $input =~ s/(shared-secret-key-file|ca-cert-file|cert-file|dh-file|key-file|client) (\S+)/$1 xxxxxx/g if $stripOvpnSecrets; +# Strip IPSEC secrets +$input =~ s/pre-shared-secret \S+/pre-shared-secret xxxxxx/g if !($keepKeys); + # Strip BGP ASNs $input =~ s/(bgp|remote-as) (\d+)/$1 XXXXXX/g if $stripASN; |