diff options
author | Lucas Christian <lucas@lucasec.com> | 2023-12-28 22:07:07 -0800 |
---|---|---|
committer | Lucas Christian <lucas@lucasec.com> | 2023-12-30 12:44:04 -0800 |
commit | 656934e85cee799dba5b495d143f6be445ac22d5 (patch) | |
tree | 5be8f070c2da60c8692b88a50db2bc44e07e4d2e /data/templates/ipsec | |
parent | 1e46cd606d9d87226fe0400bf3a53bda360808d8 (diff) | |
download | vyos-1x-656934e85cee799dba5b495d143f6be445ac22d5.tar.gz vyos-1x-656934e85cee799dba5b495d143f6be445ac22d5.zip |
T5870: ipsec remote access VPN: add x509 ("pubkey") authentication.
Diffstat (limited to 'data/templates/ipsec')
-rw-r--r-- | data/templates/ipsec/swanctl/remote_access.j2 | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/data/templates/ipsec/swanctl/remote_access.j2 b/data/templates/ipsec/swanctl/remote_access.j2 index 60d2d1807..01dc8a4a7 100644 --- a/data/templates/ipsec/swanctl/remote_access.j2 +++ b/data/templates/ipsec/swanctl/remote_access.j2 @@ -29,8 +29,10 @@ {% endif %} } remote { +{% if rw_conf.authentication.client_mode == 'x509' %} + auth = pubkey +{% elif rw_conf.authentication.client_mode.startswith("eap") %} auth = {{ rw_conf.authentication.client_mode }} -{% if rw_conf.authentication.client_mode.startswith("eap") %} eap_id = %any {% endif %} } |