From c31488f0e3206c4477692065781e49f2fbd7c9ed Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Mon, 26 Jul 2021 21:54:54 +0200
Subject: ipsec: T1210: extend support for iOS profile generation

$ generate ipsec mac-ios-profile <connection> remote <ip>
---
 data/templates/ipsec/ios_profile.tmpl | 20 +++++++-------------
 1 file changed, 7 insertions(+), 13 deletions(-)

(limited to 'data')

diff --git a/data/templates/ipsec/ios_profile.tmpl b/data/templates/ipsec/ios_profile.tmpl
index 49e8b0992..af6c79d6e 100644
--- a/data/templates/ipsec/ios_profile.tmpl
+++ b/data/templates/ipsec/ios_profile.tmpl
@@ -58,35 +58,29 @@
                 <!-- The client uses EAP to authenticate -->
                 <key>ExtendedAuthEnabled</key>
                 <integer>1</integer>
-{% if ike_proposal is defined and ike_proposal is not none %}
                 <!-- The next two dictionaries are optional (as are the keys in them), but it is recommended to specify them as the default is to use 3DES.
                      IMPORTANT: Because only one proposal is sent (even if nothing is configured here) it must match the server configuration -->
                 <key>IKESecurityAssociationParameters</key>
-{%   for ike, ike_config in ike_proposal.items() %}
                 <dict>
                     <!-- @see https://developer.apple.com/documentation/networkextension/nevpnikev2encryptionalgorithm -->
                     <key>EncryptionAlgorithm</key>
-                    <string>{{ ike_config.encryption | upper }}</string>
+                    <string>{{ ike_encryption.encryption }}</string>
                     <!-- @see https://developer.apple.com/documentation/networkextension/nevpnikev2integrityalgorithm -->
                     <key>IntegrityAlgorithm</key>
-                    <string>{{ ike_config.hash | upper }}</string>
+                    <string>{{ ike_encryption.hash }}</string>
                     <!-- @see https://developer.apple.com/documentation/networkextension/nevpnikev2diffiehellmangroup -->
                     <key>DiffieHellmanGroup</key>
-                    <integer>{{ ike_config.dh_group | upper }}
+                    <integer>{{ ike_encryption.dh_group }}</integer>
                 </dict>
-{%   endfor %}
-{% endif %}
-{% if esp_proposal is defined and esp_proposal is not none %}
                 <key>ChildSecurityAssociationParameters</key>
-{%   for esp, esp_config in esp_proposal.items() %}
                 <dict>
                     <key>EncryptionAlgorithm</key>
-                    <string>{{ esp_config.encryption | upper }}</string>
+                    <string>{{ esp_encryption.encryption }}</string>
                     <key>IntegrityAlgorithm</key>
-                    <string>{{ esp_config.hash | upper }}</string>
+                    <string>{{ esp_encryption.hash }}</string>
+                    <key>DiffieHellmanGroup</key>
+                    <integer>{{ ike_encryption.dh_group }}</integer>
                 </dict>
-{%   endfor %}
-{% endif %}
             </dict>
         </dict>
         <!-- This payload is optional but it provides an easy way to install the CA certificate together with the configuration -->
-- 
cgit v1.2.3