summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
authorLucas Christian <lucas@lucasec.com>2024-07-20 19:29:14 -0700
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2024-07-22 10:28:04 +0000
commit4d82c1862172bea03c9be7482b8ed3bbddf5b395 (patch)
tree3150f07f31916a7b7cced1af50440b086b962631 /interface-definitions
parent5ae173c05defa1e230552271018133816ca00467 (diff)
downloadvyos-1x-4d82c1862172bea03c9be7482b8ed3bbddf5b395.tar.gz
vyos-1x-4d82c1862172bea03c9be7482b8ed3bbddf5b395.zip
T6599: ipsec: support disabling rekey of CHILD_SA.
Also adds support for life_bytes, life_packets, and DPD for remote-access connections. Changes behavior of remote-access esp-group lifetime setting to have parity with site-to-site connections. (cherry picked from commit fd5d7ff0b4fd69b248ecb29c6ec1f3cf844c41cf)
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/vpn_ipsec.xml.in6
1 files changed, 6 insertions, 0 deletions
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in
index 7f425d982..4a7fde75b 100644
--- a/interface-definitions/vpn_ipsec.xml.in
+++ b/interface-definitions/vpn_ipsec.xml.in
@@ -99,6 +99,12 @@
</constraint>
</properties>
</leafNode>
+ <leafNode name="disable-rekey">
+ <properties>
+ <help>Do not locally initiate a re-key of the SA, remote peer must re-key before expiration</help>
+ <valueless/>
+ </properties>
+ </leafNode>
<leafNode name="mode">
<properties>
<help>ESP mode</help>