diff options
| author | Christian Poessinger <christian@poessinger.com> | 2021-07-26 21:54:54 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2021-07-26 21:54:54 +0200 |
| commit | c31488f0e3206c4477692065781e49f2fbd7c9ed (patch) | |
| tree | a73bd86a2d59ab3b19700f36935336708cf2b91f /data/templates | |
| parent | 67a5ca7fa372f8e3679b533d370ffa362c76f4ca (diff) | |
| download | vyos-1x-c31488f0e3206c4477692065781e49f2fbd7c9ed.tar.gz vyos-1x-c31488f0e3206c4477692065781e49f2fbd7c9ed.zip | |
ipsec: T1210: extend support for iOS profile generation
$ generate ipsec mac-ios-profile <connection> remote <ip>
Diffstat (limited to 'data/templates')
| -rw-r--r-- | data/templates/ipsec/ios_profile.tmpl | 20 |
1 files changed, 7 insertions, 13 deletions
diff --git a/data/templates/ipsec/ios_profile.tmpl b/data/templates/ipsec/ios_profile.tmpl index 49e8b0992..af6c79d6e 100644 --- a/data/templates/ipsec/ios_profile.tmpl +++ b/data/templates/ipsec/ios_profile.tmpl @@ -58,35 +58,29 @@ <!-- The client uses EAP to authenticate --> <key>ExtendedAuthEnabled</key> <integer>1</integer> -{% if ike_proposal is defined and ike_proposal is not none %} <!-- The next two dictionaries are optional (as are the keys in them), but it is recommended to specify them as the default is to use 3DES. IMPORTANT: Because only one proposal is sent (even if nothing is configured here) it must match the server configuration --> <key>IKESecurityAssociationParameters</key> -{% for ike, ike_config in ike_proposal.items() %} <dict> <!-- @see https://developer.apple.com/documentation/networkextension/nevpnikev2encryptionalgorithm --> <key>EncryptionAlgorithm</key> - <string>{{ ike_config.encryption | upper }}</string> + <string>{{ ike_encryption.encryption }}</string> <!-- @see https://developer.apple.com/documentation/networkextension/nevpnikev2integrityalgorithm --> <key>IntegrityAlgorithm</key> - <string>{{ ike_config.hash | upper }}</string> + <string>{{ ike_encryption.hash }}</string> <!-- @see https://developer.apple.com/documentation/networkextension/nevpnikev2diffiehellmangroup --> <key>DiffieHellmanGroup</key> - <integer>{{ ike_config.dh_group | upper }} + <integer>{{ ike_encryption.dh_group }}</integer> </dict> -{% endfor %} -{% endif %} -{% if esp_proposal is defined and esp_proposal is not none %} <key>ChildSecurityAssociationParameters</key> -{% for esp, esp_config in esp_proposal.items() %} <dict> <key>EncryptionAlgorithm</key> - <string>{{ esp_config.encryption | upper }}</string> + <string>{{ esp_encryption.encryption }}</string> <key>IntegrityAlgorithm</key> - <string>{{ esp_config.hash | upper }}</string> + <string>{{ esp_encryption.hash }}</string> + <key>DiffieHellmanGroup</key> + <integer>{{ ike_encryption.dh_group }}</integer> </dict> -{% endfor %} -{% endif %} </dict> </dict> <!-- This payload is optional but it provides an easy way to install the CA certificate together with the configuration --> |