From 78ea623df20b44309cc6ac9848ed18e97fc4ed03 Mon Sep 17 00:00:00 2001
From: Alex W <embezzle.dev@proton.me>
Date: Sun, 21 Apr 2024 21:59:56 +0100
Subject: T6237: IPSec remote access VPN: ability to set EAP ID of clients

---
 data/templates/ipsec/swanctl/remote_access.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'data/templates')

diff --git a/data/templates/ipsec/swanctl/remote_access.j2 b/data/templates/ipsec/swanctl/remote_access.j2
index adfa32bde..6bced88c7 100644
--- a/data/templates/ipsec/swanctl/remote_access.j2
+++ b/data/templates/ipsec/swanctl/remote_access.j2
@@ -33,7 +33,7 @@
             auth = pubkey
 {% elif rw_conf.authentication.client_mode.startswith("eap") %}
             auth = {{ rw_conf.authentication.client_mode }}
-            eap_id = %any
+            eap_id = {{ '%any' if rw_conf.authentication.eap_id == 'any' else rw_conf.authentication.eap_id }}
 {% endif %}
 {% if rw_conf.authentication.client_mode is vyos_defined('eap-tls') or rw_conf.authentication.client_mode is vyos_defined('x509') %}
 {#          pass all configured CAs as filenames, separated by commas #}
-- 
cgit v1.2.3