summaryrefslogtreecommitdiff
path: root/data
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-05-22 10:38:26 +0200
committerChristian Poessinger <christian@poessinger.com>2020-05-22 10:38:26 +0200
commit63f9e4c0ab996b44ef88a9df20d552c5fd7f748c (patch)
tree4cdddbf372fcb180de5cdce3ca8978e4fa93d72a /data
parent145c62f3b02207f418d1d006d3de2cf3f74e44e1 (diff)
downloadvyos-1x-63f9e4c0ab996b44ef88a9df20d552c5fd7f748c.tar.gz
vyos-1x-63f9e4c0ab996b44ef88a9df20d552c5fd7f748c.zip
macsec: T2023: only render mka in template if encrypt enabled
Diffstat (limited to 'data')
-rw-r--r--data/templates/macsec/wpa_supplicant.conf.tmpl2
1 files changed, 2 insertions, 0 deletions
diff --git a/data/templates/macsec/wpa_supplicant.conf.tmpl b/data/templates/macsec/wpa_supplicant.conf.tmpl
index eee215418..c3a8d9686 100644
--- a/data/templates/macsec/wpa_supplicant.conf.tmpl
+++ b/data/templates/macsec/wpa_supplicant.conf.tmpl
@@ -47,6 +47,7 @@ network={
# 1: Integrity only
macsec_integ_only={{ '0' if security_encrypt else '1' }}
+{% if security_encrypt %}
# mka_cak, mka_ckn, and mka_priority: IEEE 802.1X/MACsec pre-shared key mode
# This allows to configure MACsec with a pre-shared key using a (CAK,CKN) pair.
# In this mode, instances of wpa_supplicant can act as MACsec peers. The peer
@@ -61,5 +62,6 @@ network={
# mka_priority (Priority of MKA Actor) is in 0..255 range with 255 being
# default priority
mka_priority={{ security_mka_priority }}
+{% endif %}
}