diff options
| author | Lucas Christian <lucas@lucasec.com> | 2023-12-28 22:08:36 -0800 |
|---|---|---|
| committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2024-04-12 09:13:38 +0000 |
| commit | 7100a5797bce50678be6bb001d4d847b26ff9eca (patch) | |
| tree | f5d4a3be093da88eec7b24c83d7365cf4aedab4a /data | |
| parent | 41ad411e11f608a7ded9bf0ce9cbffad8467aa5a (diff) | |
| download | vyos-1x-7100a5797bce50678be6bb001d4d847b26ff9eca.tar.gz vyos-1x-7100a5797bce50678be6bb001d4d847b26ff9eca.zip | |
T5871: ipsec remote access VPN: specify "cacerts" for client auth.
(cherry picked from commit ecc83562b4d756cc50910561a3f52ec260aeb478)
Diffstat (limited to 'data')
| -rw-r--r-- | data/templates/ipsec/swanctl/remote_access.j2 | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/data/templates/ipsec/swanctl/remote_access.j2 b/data/templates/ipsec/swanctl/remote_access.j2 index af7f2994e..adfa32bde 100644 --- a/data/templates/ipsec/swanctl/remote_access.j2 +++ b/data/templates/ipsec/swanctl/remote_access.j2 @@ -35,6 +35,11 @@ auth = {{ rw_conf.authentication.client_mode }} eap_id = %any {% endif %} +{% if rw_conf.authentication.client_mode is vyos_defined('eap-tls') or rw_conf.authentication.client_mode is vyos_defined('x509') %} +{# pass all configured CAs as filenames, separated by commas #} +{# this will produce a string like "MyCA1.pem,MyCA2.pem" #} + cacerts = {{ '.pem,'.join(rw_conf.authentication.x509.ca_certificate) ~ '.pem' }} +{% endif %} } children { ikev2-vpn { |