T4916: Rewrite IPsec peer authentication and psk migration - vyos-1x.git - VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git)

diff options

author	Viacheslav Hletenko <v.gletenko@vyos.io>	2023-01-17 11:04:08 +0000
committer	Viacheslav Hletenko <v.gletenko@vyos.io>	2023-01-26 11:28:03 +0000
commit	7ae0b404ad9fdefa856c7e450b224b47d854a4eb (patch)
tree	aa8fca32cc1f6a83cc8d5bfaccde866338bf3b6c /interface-definitions/pki.xml.in
parent	fc1c93a141bd095884088a8fa6f935d642bf6528 (diff)
download	vyos-1x-7ae0b404ad9fdefa856c7e450b224b47d854a4eb.tar.gz vyos-1x-7ae0b404ad9fdefa856c7e450b224b47d854a4eb.zip

T4916: Rewrite IPsec peer authentication and psk migration

Rewrite strongswan IPsec authentication to reflect structure from swanctl.conf The most important change is that more than one local/remote ID in the same auth entry should be allowed replace: 'ipsec site-to-site peer <tag> authentication pre-shared-secret xxx' => 'ipsec authentication psk <tag> secret xxx' set vpn ipsec authentication psk <tag> id '192.0.2.1' set vpn ipsec authentication psk <tag> id '192.0.2.2' set vpn ipsec authentication psk <tag> secret 'xxx' set vpn ipsec site-to-site peer <tag> authentication local-id '192.0.2.1' set vpn ipsec site-to-site peer <tag> authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer <tag> authentication remote-id '192.0.2.2' Add template filter for Jinja2 'generate_uuid4'

Diffstat (limited to 'interface-definitions/pki.xml.in')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: