From 7ae0b404ad9fdefa856c7e450b224b47d854a4eb Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Tue, 17 Jan 2023 11:04:08 +0000 Subject: T4916: Rewrite IPsec peer authentication and psk migration Rewrite strongswan IPsec authentication to reflect structure from swanctl.conf The most important change is that more than one local/remote ID in the same auth entry should be allowed replace: 'ipsec site-to-site peer authentication pre-shared-secret xxx' => 'ipsec authentication psk secret xxx' set vpn ipsec authentication psk id '192.0.2.1' set vpn ipsec authentication psk id '192.0.2.2' set vpn ipsec authentication psk secret 'xxx' set vpn ipsec site-to-site peer authentication local-id '192.0.2.1' set vpn ipsec site-to-site peer authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer authentication remote-id '192.0.2.2' Add template filter for Jinja2 'generate_uuid4' --- interface-definitions/include/version/ipsec-version.xml.i | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'interface-definitions/include/version') diff --git a/interface-definitions/include/version/ipsec-version.xml.i b/interface-definitions/include/version/ipsec-version.xml.i index 1c978e8e6..8d019b466 100644 --- a/interface-definitions/include/version/ipsec-version.xml.i +++ b/interface-definitions/include/version/ipsec-version.xml.i @@ -1,3 +1,3 @@ - + -- cgit v1.2.3