T5870: ipsec remote access VPN: add x509 ("pubkey") authentication.

(cherry picked from commit 656934e85cee799dba5b495d143f6be445ac22d5)
author: Lucas Christian <lucas@lucasec.com> 2023-12-28 22:07:07 -0800
committer: Mergify <37929162+mergify[bot]@users.noreply.github.com> 2023-12-30 21:58:26 +0000
commit: 6cfcef98b8a8fbfa107ecfbb741cfb268ea8340f (patch)
tree: 1e1bd77ac4b2a856ff07477c9e092343f9f57029 /data/templates/ipsec
parent: 74e749be2e4b0ce7da259c84535dff6ba1d072cf (diff)
download: vyos-1x-6cfcef98b8a8fbfa107ecfbb741cfb268ea8340f.tar.gz
vyos-1x-6cfcef98b8a8fbfa107ecfbb741cfb268ea8340f.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/data/templates/ipsec/swanctl/remote_access.j2 b/data/templates/ipsec/swanctl/remote_access.j2
index 60d2d1807..01dc8a4a7 100644
--- a/data/templates/ipsec/swanctl/remote_access.j2
+++ b/data/templates/ipsec/swanctl/remote_access.j2
@@ -29,8 +29,10 @@
 {% endif %}
         }
         remote {
+{% if rw_conf.authentication.client_mode == 'x509' %}
+            auth = pubkey
+{% elif rw_conf.authentication.client_mode.startswith("eap") %}
             auth = {{ rw_conf.authentication.client_mode }}
-{% if rw_conf.authentication.client_mode.startswith("eap") %}
             eap_id = %any
 {% endif %}
         }
author	Lucas Christian <lucas@lucasec.com>	2023-12-28 22:07:07 -0800
committer	Mergify <37929162+mergify[bot]@users.noreply.github.com>	2023-12-30 21:58:26 +0000
commit	6cfcef98b8a8fbfa107ecfbb741cfb268ea8340f (patch)
tree	1e1bd77ac4b2a856ff07477c9e092343f9f57029 /data/templates/ipsec
parent	74e749be2e4b0ce7da259c84535dff6ba1d072cf (diff)
download	vyos-1x-6cfcef98b8a8fbfa107ecfbb741cfb268ea8340f.tar.gz vyos-1x-6cfcef98b8a8fbfa107ecfbb741cfb268ea8340f.zip