From 258e6873b60531fe70d868d2e53ce2f921fe7f13 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 2 Aug 2022 11:06:15 +0200 Subject: macsec: T4537: add mussing macsec_csindex option to support GCM-AES-256 --- data/templates/macsec/wpa_supplicant.conf.j2 | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/data/templates/macsec/wpa_supplicant.conf.j2 b/data/templates/macsec/wpa_supplicant.conf.j2 index 0ac7cb860..d2529c50d 100644 --- a/data/templates/macsec/wpa_supplicant.conf.j2 +++ b/data/templates/macsec/wpa_supplicant.conf.j2 @@ -62,6 +62,12 @@ network={ # mka_priority (Priority of MKA Actor) is in 0..255 range with 255 being # default priority mka_priority={{ security.mka.priority }} + + # macsec_csindex: IEEE 802.1X/MACsec cipher suite + # 0 = GCM-AES-128 + # 1 = GCM-AES-256 +{# security.cipher is a mandatory key #} + macsec_csindex={{ '1' if security.cipher is vyos_defined('gcm-aes-256') else '0' }} {% endif %} {% if security.replay_window is vyos_defined %} @@ -83,5 +89,9 @@ network={ # 1..2^32-1: number of packets that could be misordered macsec_replay_window={{ security.replay_window }} {% endif %} + + # macsec_port: IEEE 802.1X/MACsec port - Port component of the SCI + # Range: 1-65534 (default: 1) + macsec_port=1 } -- cgit v1.2.3