diff options
| author | Christian Poessinger <christian@poessinger.com> | 2021-07-03 19:08:18 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2021-07-03 19:09:47 +0200 |
| commit | 2aec3e61c9130e942cb766aa0e5f4acf900dc921 (patch) | |
| tree | 9d04ea091cd62782cfaef40b8f57da228d5f6178 | |
| parent | 32fab6c7c5a7d8ad926513fcc5a5c637b77769e3 (diff) | |
| download | vyos-1x-2aec3e61c9130e942cb766aa0e5f4acf900dc921.tar.gz vyos-1x-2aec3e61c9130e942cb766aa0e5f4acf900dc921.zip | |
ipsec: T2816: provide x509 certificate base auth building blocks
| -rw-r--r-- | data/templates/ipsec/swanctl/peer.tmpl | 2 | ||||
| -rw-r--r-- | interface-definitions/include/ipsec/authentication-id.xml.i | 11 | ||||
| -rw-r--r-- | interface-definitions/include/ipsec/authentication-x509.xml.i | 11 | ||||
| -rw-r--r-- | interface-definitions/vpn_ipsec.xml.in | 20 |
4 files changed, 25 insertions, 19 deletions
diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl index b35cd4b60..4ace06701 100644 --- a/data/templates/ipsec/swanctl/peer.tmpl +++ b/data/templates/ipsec/swanctl/peer.tmpl @@ -31,7 +31,7 @@ encap = yes {% endif %} local { -{% if peer_conf.authentication.id is defined and peer_conf.authentication.use_x509_id is not defined %} +{% if peer_conf.authentication is defined and peer_conf.authentication.id is defined and peer_conf.authentication.use_x509_id is not defined %} id = "{{ peer_conf.authentication.id }}" {% endif %} auth = {{ 'psk' if peer_conf.authentication.mode == 'pre-shared-secret' else 'pubkey' }} diff --git a/interface-definitions/include/ipsec/authentication-id.xml.i b/interface-definitions/include/ipsec/authentication-id.xml.i new file mode 100644 index 000000000..4967782ec --- /dev/null +++ b/interface-definitions/include/ipsec/authentication-id.xml.i @@ -0,0 +1,11 @@ +<!-- include start from ipsec/authentication-id.xml.i --> +<leafNode name="id"> + <properties> + <help>ID for peer authentication</help> + <valueHelp> + <format>txt</format> + <description>ID used for peer authentication</description> + </valueHelp> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/ipsec/authentication-x509.xml.i b/interface-definitions/include/ipsec/authentication-x509.xml.i new file mode 100644 index 000000000..db675c0bf --- /dev/null +++ b/interface-definitions/include/ipsec/authentication-x509.xml.i @@ -0,0 +1,11 @@ +<!-- include start from ipsec/authentication-x509.xml.i --> +<node name="x509"> + <properties> + <help>X.509 certificate</help> + </properties> + <children> + #include <include/pki/certificate-key.xml.i> + #include <include/pki/ca-certificate.xml.i> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in index c301703c3..ff60bb82f 100644 --- a/interface-definitions/vpn_ipsec.xml.in +++ b/interface-definitions/vpn_ipsec.xml.in @@ -737,15 +737,8 @@ <help>Peer authentication [REQUIRED]</help> </properties> <children> - <leafNode name="id"> - <properties> - <help>ID for peer authentication</help> - <valueHelp> - <format>txt</format> - <description>ID used for peer authentication</description> - </valueHelp> - </properties> - </leafNode> + #include <include/ipsec/authentication-id.xml.i> + #include <include/ipsec/authentication-x509.xml.i> <leafNode name="mode"> <properties> <help>Authentication mode</help> @@ -798,15 +791,6 @@ <valueless/> </properties> </leafNode> - <node name="x509"> - <properties> - <help>X.509 certificate</help> - </properties> - <children> - #include <include/pki/certificate-key.xml.i> - #include <include/pki/ca-certificate.xml.i> - </children> - </node> </children> </node> <leafNode name="connection-type"> |