diff options
author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2021-07-06 23:19:48 +0200 |
---|---|---|
committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2021-07-07 00:53:27 +0200 |
commit | 5a7c46016a23387312b2c9e18528ad7bb20e8366 (patch) | |
tree | 8bde3ac286bc552bea9322efcdda33e05e3a86e9 /data/templates/ipsec | |
parent | 511253635a9b67396788d24bacafd237594e0e12 (diff) | |
download | vyos-1x-5a7c46016a23387312b2c9e18528ad7bb20e8366.tar.gz vyos-1x-5a7c46016a23387312b2c9e18528ad7bb20e8366.zip |
pki: T3642: Migrate rsa-keys to PKI configuration
Diffstat (limited to 'data/templates/ipsec')
-rw-r--r-- | data/templates/ipsec/swanctl.conf.tmpl | 11 | ||||
-rw-r--r-- | data/templates/ipsec/swanctl/peer.tmpl | 4 |
2 files changed, 8 insertions, 7 deletions
diff --git a/data/templates/ipsec/swanctl.conf.tmpl b/data/templates/ipsec/swanctl.conf.tmpl index 00251d44d..a6ab73cc2 100644 --- a/data/templates/ipsec/swanctl.conf.tmpl +++ b/data/templates/ipsec/swanctl.conf.tmpl @@ -48,7 +48,6 @@ secrets { {% endfor %} {% endif %} {% if site_to_site is defined and site_to_site.peer is defined %} -{% set ns = namespace(local_key_set=False) %} {% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not defined %} {% set peer_name = peer.replace(".", "-").replace("@", "") %} {% if peer_conf.authentication.mode == 'pre-shared-secret' %} @@ -72,10 +71,12 @@ secrets { secret = "{{ peer_conf.authentication.x509.passphrase }}" {% endif %} } -{% elif peer_conf.authentication.mode == 'rsa' and not ns.local_key_set %} -{% set ns.local_key_set = True %} - rsa_local { - file = {{ rsa_local_key }} +{% elif peer_conf.authentication.mode == 'rsa' %} + rsa_{{ peer_name }}_local { + file = {{ peer_conf.authentication.rsa.local_key }}.pem +{% if peer_conf.authentication.rsa.passphrase is defined %} + secret = "{{ peer_conf.authentication.rsa.passphrase }}" +{% endif %} } {% endif %} {% endfor %} diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl index 4ace06701..8e46e8892 100644 --- a/data/templates/ipsec/swanctl/peer.tmpl +++ b/data/templates/ipsec/swanctl/peer.tmpl @@ -38,7 +38,7 @@ {% if peer_conf.authentication.mode == 'x509' %} certs = {{ peer_conf.authentication.x509.certificate }}.pem {% elif peer_conf.authentication.mode == 'rsa' %} - pubkeys = localhost.pub + pubkeys = {{ peer_conf.authentication.rsa.local_key }}.pem {% endif %} } remote { @@ -49,7 +49,7 @@ {% endif %} auth = {{ 'psk' if peer_conf.authentication.mode == 'pre-shared-secret' else 'pubkey' }} {% if peer_conf.authentication.mode == 'rsa' %} - pubkeys = {{ peer_conf.authentication.rsa_key_name }}.pub + pubkeys = {{ peer_conf.authentication.rsa.remote_key }}.pem {% endif %} } children { |