summaryrefslogtreecommitdiff
path: root/data/templates/ipsec
diff options
context:
space:
mode:
authorsarthurdev <965089+sarthurdev@users.noreply.github.com>2021-07-06 23:19:48 +0200
committersarthurdev <965089+sarthurdev@users.noreply.github.com>2021-07-07 00:53:27 +0200
commit5a7c46016a23387312b2c9e18528ad7bb20e8366 (patch)
tree8bde3ac286bc552bea9322efcdda33e05e3a86e9 /data/templates/ipsec
parent511253635a9b67396788d24bacafd237594e0e12 (diff)
downloadvyos-1x-5a7c46016a23387312b2c9e18528ad7bb20e8366.tar.gz
vyos-1x-5a7c46016a23387312b2c9e18528ad7bb20e8366.zip
pki: T3642: Migrate rsa-keys to PKI configuration
Diffstat (limited to 'data/templates/ipsec')
-rw-r--r--data/templates/ipsec/swanctl.conf.tmpl11
-rw-r--r--data/templates/ipsec/swanctl/peer.tmpl4
2 files changed, 8 insertions, 7 deletions
diff --git a/data/templates/ipsec/swanctl.conf.tmpl b/data/templates/ipsec/swanctl.conf.tmpl
index 00251d44d..a6ab73cc2 100644
--- a/data/templates/ipsec/swanctl.conf.tmpl
+++ b/data/templates/ipsec/swanctl.conf.tmpl
@@ -48,7 +48,6 @@ secrets {
{% endfor %}
{% endif %}
{% if site_to_site is defined and site_to_site.peer is defined %}
-{% set ns = namespace(local_key_set=False) %}
{% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not defined %}
{% set peer_name = peer.replace(".", "-").replace("@", "") %}
{% if peer_conf.authentication.mode == 'pre-shared-secret' %}
@@ -72,10 +71,12 @@ secrets {
secret = "{{ peer_conf.authentication.x509.passphrase }}"
{% endif %}
}
-{% elif peer_conf.authentication.mode == 'rsa' and not ns.local_key_set %}
-{% set ns.local_key_set = True %}
- rsa_local {
- file = {{ rsa_local_key }}
+{% elif peer_conf.authentication.mode == 'rsa' %}
+ rsa_{{ peer_name }}_local {
+ file = {{ peer_conf.authentication.rsa.local_key }}.pem
+{% if peer_conf.authentication.rsa.passphrase is defined %}
+ secret = "{{ peer_conf.authentication.rsa.passphrase }}"
+{% endif %}
}
{% endif %}
{% endfor %}
diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl
index 4ace06701..8e46e8892 100644
--- a/data/templates/ipsec/swanctl/peer.tmpl
+++ b/data/templates/ipsec/swanctl/peer.tmpl
@@ -38,7 +38,7 @@
{% if peer_conf.authentication.mode == 'x509' %}
certs = {{ peer_conf.authentication.x509.certificate }}.pem
{% elif peer_conf.authentication.mode == 'rsa' %}
- pubkeys = localhost.pub
+ pubkeys = {{ peer_conf.authentication.rsa.local_key }}.pem
{% endif %}
}
remote {
@@ -49,7 +49,7 @@
{% endif %}
auth = {{ 'psk' if peer_conf.authentication.mode == 'pre-shared-secret' else 'pubkey' }}
{% if peer_conf.authentication.mode == 'rsa' %}
- pubkeys = {{ peer_conf.authentication.rsa_key_name }}.pub
+ pubkeys = {{ peer_conf.authentication.rsa.remote_key }}.pem
{% endif %}
}
children {