From 5a7c46016a23387312b2c9e18528ad7bb20e8366 Mon Sep 17 00:00:00 2001
From: sarthurdev <965089+sarthurdev@users.noreply.github.com>
Date: Tue, 6 Jul 2021 23:19:48 +0200
Subject: pki: T3642: Migrate rsa-keys to PKI configuration

---
 data/templates/ipsec/swanctl.conf.tmpl | 11 ++++++-----
 data/templates/ipsec/swanctl/peer.tmpl |  4 ++--
 2 files changed, 8 insertions(+), 7 deletions(-)

(limited to 'data/templates/ipsec')

diff --git a/data/templates/ipsec/swanctl.conf.tmpl b/data/templates/ipsec/swanctl.conf.tmpl
index 00251d44d..a6ab73cc2 100644
--- a/data/templates/ipsec/swanctl.conf.tmpl
+++ b/data/templates/ipsec/swanctl.conf.tmpl
@@ -48,7 +48,6 @@ secrets {
 {%    endfor %}
 {%  endif %}
 {%  if site_to_site is defined and site_to_site.peer is defined %}
-{%    set ns = namespace(local_key_set=False) %}
 {%    for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not defined %}
 {%      set peer_name = peer.replace(".", "-").replace("@", "") %}
 {%      if peer_conf.authentication.mode == 'pre-shared-secret' %}
@@ -72,10 +71,12 @@ secrets {
         secret = "{{ peer_conf.authentication.x509.passphrase }}"
 {%        endif %}
     }
-{%      elif peer_conf.authentication.mode == 'rsa' and not ns.local_key_set %}
-{%        set ns.local_key_set = True %}
-    rsa_local {
-        file = {{ rsa_local_key }}
+{%      elif peer_conf.authentication.mode == 'rsa' %}
+    rsa_{{ peer_name }}_local {
+        file = {{ peer_conf.authentication.rsa.local_key }}.pem
+{%        if peer_conf.authentication.rsa.passphrase is defined %}
+        secret = "{{ peer_conf.authentication.rsa.passphrase }}"
+{%        endif %}
     }
 {%      endif %}
 {%    endfor %}
diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl
index 4ace06701..8e46e8892 100644
--- a/data/templates/ipsec/swanctl/peer.tmpl
+++ b/data/templates/ipsec/swanctl/peer.tmpl
@@ -38,7 +38,7 @@
 {%   if peer_conf.authentication.mode == 'x509' %}
             certs = {{ peer_conf.authentication.x509.certificate }}.pem
 {%   elif peer_conf.authentication.mode == 'rsa' %}
-            pubkeys = localhost.pub
+            pubkeys = {{ peer_conf.authentication.rsa.local_key }}.pem
 {%   endif %}
         }
         remote {
@@ -49,7 +49,7 @@
 {%   endif %}
             auth = {{ 'psk' if peer_conf.authentication.mode == 'pre-shared-secret' else 'pubkey' }}
 {%   if peer_conf.authentication.mode == 'rsa' %}
-            pubkeys = {{ peer_conf.authentication.rsa_key_name }}.pub
+            pubkeys = {{ peer_conf.authentication.rsa.remote_key }}.pem
 {%   endif %}
         }
         children {
-- 
cgit v1.2.3