From 7ae0b404ad9fdefa856c7e450b224b47d854a4eb Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Tue, 17 Jan 2023 11:04:08 +0000 Subject: T4916: Rewrite IPsec peer authentication and psk migration Rewrite strongswan IPsec authentication to reflect structure from swanctl.conf The most important change is that more than one local/remote ID in the same auth entry should be allowed replace: 'ipsec site-to-site peer authentication pre-shared-secret xxx' => 'ipsec authentication psk secret xxx' set vpn ipsec authentication psk id '192.0.2.1' set vpn ipsec authentication psk id '192.0.2.2' set vpn ipsec authentication psk secret 'xxx' set vpn ipsec site-to-site peer authentication local-id '192.0.2.1' set vpn ipsec site-to-site peer authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer authentication remote-id '192.0.2.2' Add template filter for Jinja2 'generate_uuid4' --- interface-definitions/vpn-ipsec.xml.in | 35 +++++++++++++++++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) (limited to 'interface-definitions/vpn-ipsec.xml.in') diff --git a/interface-definitions/vpn-ipsec.xml.in b/interface-definitions/vpn-ipsec.xml.in index fd74a51d7..835f27ca1 100644 --- a/interface-definitions/vpn-ipsec.xml.in +++ b/interface-definitions/vpn-ipsec.xml.in @@ -11,6 +11,40 @@ 901 + + + Authentication + + + + + Pre-shared key name + + + #include + + + ID for authentication + + txt + ID used for authentication + + + + + + + IKE pre-shared secret key + + txt + IKE pre-shared secret key + + + + + + + Disable requirement for unique IDs in the Security Database @@ -948,7 +982,6 @@ - #include ID for remote authentication -- cgit v1.2.3