diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-05-22 10:38:26 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-05-22 10:38:26 +0200 |
commit | 63f9e4c0ab996b44ef88a9df20d552c5fd7f748c (patch) | |
tree | 4cdddbf372fcb180de5cdce3ca8978e4fa93d72a /data | |
parent | 145c62f3b02207f418d1d006d3de2cf3f74e44e1 (diff) | |
download | vyos-1x-63f9e4c0ab996b44ef88a9df20d552c5fd7f748c.tar.gz vyos-1x-63f9e4c0ab996b44ef88a9df20d552c5fd7f748c.zip |
macsec: T2023: only render mka in template if encrypt enabled
Diffstat (limited to 'data')
-rw-r--r-- | data/templates/macsec/wpa_supplicant.conf.tmpl | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/data/templates/macsec/wpa_supplicant.conf.tmpl b/data/templates/macsec/wpa_supplicant.conf.tmpl index eee215418..c3a8d9686 100644 --- a/data/templates/macsec/wpa_supplicant.conf.tmpl +++ b/data/templates/macsec/wpa_supplicant.conf.tmpl @@ -47,6 +47,7 @@ network={ # 1: Integrity only macsec_integ_only={{ '0' if security_encrypt else '1' }} +{% if security_encrypt %} # mka_cak, mka_ckn, and mka_priority: IEEE 802.1X/MACsec pre-shared key mode # This allows to configure MACsec with a pre-shared key using a (CAK,CKN) pair. # In this mode, instances of wpa_supplicant can act as MACsec peers. The peer @@ -61,5 +62,6 @@ network={ # mka_priority (Priority of MKA Actor) is in 0..255 range with 255 being # default priority mka_priority={{ security_mka_priority }} +{% endif %} } |