summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-08-02 11:06:15 +0200
committerChristian Poessinger <christian@poessinger.com>2022-08-02 11:06:15 +0200
commit258e6873b60531fe70d868d2e53ce2f921fe7f13 (patch)
tree02accb29c7cd9c1475a2f12a1a0cd62e32df66e6
parentff080c487718506bee0b22155eb1ed725ecb5720 (diff)
downloadvyos-1x-258e6873b60531fe70d868d2e53ce2f921fe7f13.tar.gz
vyos-1x-258e6873b60531fe70d868d2e53ce2f921fe7f13.zip
macsec: T4537: add mussing macsec_csindex option to support GCM-AES-256
-rw-r--r--data/templates/macsec/wpa_supplicant.conf.j210
1 files changed, 10 insertions, 0 deletions
diff --git a/data/templates/macsec/wpa_supplicant.conf.j2 b/data/templates/macsec/wpa_supplicant.conf.j2
index 0ac7cb860..d2529c50d 100644
--- a/data/templates/macsec/wpa_supplicant.conf.j2
+++ b/data/templates/macsec/wpa_supplicant.conf.j2
@@ -62,6 +62,12 @@ network={
# mka_priority (Priority of MKA Actor) is in 0..255 range with 255 being
# default priority
mka_priority={{ security.mka.priority }}
+
+ # macsec_csindex: IEEE 802.1X/MACsec cipher suite
+ # 0 = GCM-AES-128
+ # 1 = GCM-AES-256
+{# security.cipher is a mandatory key #}
+ macsec_csindex={{ '1' if security.cipher is vyos_defined('gcm-aes-256') else '0' }}
{% endif %}
{% if security.replay_window is vyos_defined %}
@@ -83,5 +89,9 @@ network={
# 1..2^32-1: number of packets that could be misordered
macsec_replay_window={{ security.replay_window }}
{% endif %}
+
+ # macsec_port: IEEE 802.1X/MACsec port - Port component of the SCI
+ # Range: 1-65534 (default: 1)
+ macsec_port=1
}