diff options
author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2021-06-29 11:06:44 +0200 |
---|---|---|
committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2021-06-29 21:26:44 +0200 |
commit | f5a8a9cdfe52c331177c8bc7b8fb84fc08d4f60a (patch) | |
tree | 932113197018d823ca83e092139c8a06f89e3b99 /data/templates/ipsec | |
parent | 6f66e71e4622c54058b8689d4be730905d69fe22 (diff) | |
download | vyos-1x-f5a8a9cdfe52c331177c8bc7b8fb84fc08d4f60a.tar.gz vyos-1x-f5a8a9cdfe52c331177c8bc7b8fb84fc08d4f60a.zip |
pki: ipsec: T3642: Migrate IPSec to use PKI configuration
Diffstat (limited to 'data/templates/ipsec')
-rw-r--r-- | data/templates/ipsec/swanctl.conf.tmpl | 6 | ||||
-rw-r--r-- | data/templates/ipsec/swanctl/peer.tmpl | 2 |
2 files changed, 4 insertions, 4 deletions
diff --git a/data/templates/ipsec/swanctl.conf.tmpl b/data/templates/ipsec/swanctl.conf.tmpl index ea6d85743..9e629b176 100644 --- a/data/templates/ipsec/swanctl.conf.tmpl +++ b/data/templates/ipsec/swanctl.conf.tmpl @@ -55,9 +55,9 @@ secrets { } {% elif peer_conf.authentication.mode == 'x509' %} private_{{ peer_conn_name }} { - file = {{ peer_conf.authentication.x509.key.file }} -{% if "password" in peer_conf.authentication.x509.key and peer_conf.authentication.x509.key.password %} - secret = "{{ peer_conf.authentication.x509.key.password}}" + file = {{ peer_conf.authentication.x509.certificate }}.pem +{% if peer_conf.authentication.x509.passphrase is defined %} + secret = "{{ peer_conf.authentication.x509.passphrase }}" {% endif %} } {% elif peer_conf.authentication.mode == 'rsa' and not ns.local_key_set %} diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl index 0d01cd546..36cb1abfb 100644 --- a/data/templates/ipsec/swanctl/peer.tmpl +++ b/data/templates/ipsec/swanctl/peer.tmpl @@ -35,7 +35,7 @@ auth = {{ auth_type }} {% endif %} {% if peer_conf.authentication.mode == 'x509' %} - certs = {{ peer_conf.authentication.x509.cert_file }} + certs = {{ peer_conf.authentication.x509.certificate }}.pem {% elif peer_conf.authentication.mode == 'rsa' %} pubkeys = localhost.pub {% endif %} |