summaryrefslogtreecommitdiff
path: root/data/templates/ipsec/swanctl
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-03-24 18:27:48 +0100
committerGitHub <noreply@github.com>2022-03-24 18:27:48 +0100
commita8f5f36a105594ab9848d009b228726aa6eb4a04 (patch)
treea0867b87bcfcf7b8836f15ca36c28c7b353e76da /data/templates/ipsec/swanctl
parent3a85acc5fa900cabe502529ad57c7fed619c1149 (diff)
parent78a4676f787e5e37f67afd5c2453ce06e3f0f9e9 (diff)
downloadvyos-1x-a8f5f36a105594ab9848d009b228726aa6eb4a04.tar.gz
vyos-1x-a8f5f36a105594ab9848d009b228726aa6eb4a04.zip
Merge pull request #1251 from srividya0208/T4288a
ike-group: T4288 : close-action is missing in swanctl.conf
Diffstat (limited to 'data/templates/ipsec/swanctl')
-rw-r--r--data/templates/ipsec/swanctl/peer.tmpl6
1 files changed, 4 insertions, 2 deletions
diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl
index 562e8fdd5..a622cbf74 100644
--- a/data/templates/ipsec/swanctl/peer.tmpl
+++ b/data/templates/ipsec/swanctl/peer.tmpl
@@ -87,9 +87,10 @@
start_action = none
{% endif %}
{% if ike.dead_peer_detection is defined %}
-{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'start'} %}
+{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'restart'} %}
dpd_action = {{ dpd_translate[ike.dead_peer_detection.action] }}
{% endif %}
+ close_action = {{ {'none': 'none', 'hold': 'trap', 'restart': 'start'}[ike.close_action] }}
}
{% elif peer_conf.tunnel is defined %}
{% for tunnel_id, tunnel_conf in peer_conf.tunnel.items() if tunnel_conf.disable is not defined %}
@@ -137,9 +138,10 @@
start_action = none
{% endif %}
{% if ike.dead_peer_detection is defined %}
-{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'start'} %}
+{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'restart'} %}
dpd_action = {{ dpd_translate[ike.dead_peer_detection.action] }}
{% endif %}
+ close_action = {{ {'none': 'none', 'hold': 'trap', 'restart': 'start'}[ike.close_action] }}
{% if peer_conf.vti is defined and peer_conf.vti.bind is defined %}
updown = "/etc/ipsec.d/vti-up-down {{ peer_conf.vti.bind }}"
{# The key defaults to 0 and will match any policies which similarly do not have a lookup key configuration. #}