summaryrefslogtreecommitdiff
path: root/data
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-07-01 20:50:57 +0200
committerChristian Poessinger <christian@poessinger.com>2021-07-01 20:50:57 +0200
commit469e57398f3a9700fee210a94e57601f51466f43 (patch)
tree4b0b4e7e8ea68938511a62e990a7d1b24de1d7ee /data
parentd565d4baffb930462f1a913d6f8a80111958a6f8 (diff)
parent30e4f083c98f93058c59f89e140819f7a3151f43 (diff)
downloadvyos-1x-469e57398f3a9700fee210a94e57601f51466f43.tar.gz
vyos-1x-469e57398f3a9700fee210a94e57601f51466f43.zip
Merge branch 'pki_ipsec' of https://github.com/sarthurdev/vyos-1x into pki-cli
* 'pki_ipsec' of https://github.com/sarthurdev/vyos-1x: pki: ipsec: T3642: Update migration script to account for file permission issues pki: ipsec: T3642: Migrate IPSec to use PKI configuration pki: T3642: New PKI config and management
Diffstat (limited to 'data')
-rw-r--r--data/configd-include.json1
-rw-r--r--data/templates/ipsec/swanctl.conf.tmpl6
-rw-r--r--data/templates/ipsec/swanctl/peer.tmpl2
3 files changed, 5 insertions, 4 deletions
diff --git a/data/configd-include.json b/data/configd-include.json
index ee939decd..2e6226097 100644
--- a/data/configd-include.json
+++ b/data/configd-include.json
@@ -32,6 +32,7 @@
"nat.py",
"nat66.py",
"ntp.py",
+"pki.py",
"policy.py",
"policy-local-route.py",
"protocols_bfd.py",
diff --git a/data/templates/ipsec/swanctl.conf.tmpl b/data/templates/ipsec/swanctl.conf.tmpl
index d082729cb..0ff08ee15 100644
--- a/data/templates/ipsec/swanctl.conf.tmpl
+++ b/data/templates/ipsec/swanctl.conf.tmpl
@@ -55,9 +55,9 @@ secrets {
}
{% elif peer_conf.authentication.mode == 'x509' %}
private_{{ peer_conn_name }} {
- file = {{ peer_conf.authentication.x509.key.file }}
-{% if "password" in peer_conf.authentication.x509.key and peer_conf.authentication.x509.key.password %}
- secret = "{{ peer_conf.authentication.x509.key.password}}"
+ file = {{ peer_conf.authentication.x509.certificate }}.pem
+{% if peer_conf.authentication.x509.passphrase is defined %}
+ secret = "{{ peer_conf.authentication.x509.passphrase }}"
{% endif %}
}
{% elif peer_conf.authentication.mode == 'rsa' and not ns.local_key_set %}
diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl
index 68284d7d9..c97ac1f67 100644
--- a/data/templates/ipsec/swanctl/peer.tmpl
+++ b/data/templates/ipsec/swanctl/peer.tmpl
@@ -35,7 +35,7 @@
auth = {{ auth_type }}
{% endif %}
{% if peer_conf.authentication.mode == 'x509' %}
- certs = {{ peer_conf.authentication.x509.cert_file }}
+ certs = {{ peer_conf.authentication.x509.certificate }}.pem
{% elif peer_conf.authentication.mode == 'rsa' %}
pubkeys = localhost.pub
{% endif %}