diff options
| -rw-r--r-- | data/templates/openvpn/server.conf.j2 | 8 | ||||
| -rw-r--r-- | interface-definitions/interfaces-openvpn.xml.in | 10 |
2 files changed, 18 insertions, 0 deletions
diff --git a/data/templates/openvpn/server.conf.j2 b/data/templates/openvpn/server.conf.j2 index d144529f3..a9bd45370 100644 --- a/data/templates/openvpn/server.conf.j2 +++ b/data/templates/openvpn/server.conf.j2 @@ -200,6 +200,14 @@ tls-client {% elif tls.role is vyos_defined('passive') %} tls-server {% endif %} + +{% if peer_fingerprint is vyos_defined %} +<peer-fingerprint> +{% for fp in peer_fingerprint %} +{{ fp }} +{% endfor %} +</peer-fingerprint> +{% endif %} {% endif %} # Encryption options diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in index 127a8179b..831659250 100644 --- a/interface-definitions/interfaces-openvpn.xml.in +++ b/interface-definitions/interfaces-openvpn.xml.in @@ -752,6 +752,16 @@ </completionHelp> </properties> </leafNode> + <leafNode name="peer-fingerprint"> + <properties> + <multi/> + <help>Peer certificate SHA256 fingerprint</help> + <constraint> + <regex>[0-9a-fA-F]{2}:([0-9a-fA-F]{2}:){30}[0-9a-fA-F]{2}</regex> + </constraint> + <constraintErrorMessage>Peer certificate fingerprint must be a colon-separated SHA256 hex digest</constraintErrorMessage> + </properties> + </leafNode> <leafNode name="tls-version-min"> <properties> <help>Specify the minimum required TLS version</help> |