summaryrefslogtreecommitdiff
path: root/interface-definitions/include/conntrack/timeout-common-protocols.xml.i
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-09-17 20:36:22 +0200
committerChristian Poessinger <christian@poessinger.com>2022-09-17 20:36:22 +0200
commita4feb96af9ac45aff41ded1744cf302b5c5a9e7e (patch)
tree360c1585b2033d80a5341b068bc63314e41d85c3 /interface-definitions/include/conntrack/timeout-common-protocols.xml.i
parent1fe8d3b4b92409beace926b6d0913b5001b46f42 (diff)
downloadvyos-1x-a4feb96af9ac45aff41ded1744cf302b5c5a9e7e.tar.gz
vyos-1x-a4feb96af9ac45aff41ded1744cf302b5c5a9e7e.zip
wireguard: T4702: actively revoke peer if it gets disabled
When any configured peer is set to `disable` while the Wireguard tunnel is up and running it does not get actively revoked and removed. This poses a security risk as connections keep beeing alive. Whenever any parameter of a peer changes we actively remove the peer and fully recreate it on the fly.
Diffstat (limited to 'interface-definitions/include/conntrack/timeout-common-protocols.xml.i')
0 files changed, 0 insertions, 0 deletions