summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
authorLucas Christian <lucas@lucasec.com>2024-07-20 19:29:14 -0700
committerLucas Christian <lucas@lucasec.com>2024-07-22 02:15:36 -0700
commitfd5d7ff0b4fd69b248ecb29c6ec1f3cf844c41cf (patch)
treefe9326d7944a2cbca0987f70ff1bee58f5739b50 /interface-definitions
parentda3d9415542d57a64322665efd16024ce92330dd (diff)
downloadvyos-1x-fd5d7ff0b4fd69b248ecb29c6ec1f3cf844c41cf.tar.gz
vyos-1x-fd5d7ff0b4fd69b248ecb29c6ec1f3cf844c41cf.zip
T6599: ipsec: support disabling rekey of CHILD_SA.
Also adds support for life_bytes, life_packets, and DPD for remote-access connections. Changes behavior of remote-access esp-group lifetime setting to have parity with site-to-site connections.
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/vpn_ipsec.xml.in6
1 files changed, 6 insertions, 0 deletions
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in
index 7f425d982..4a7fde75b 100644
--- a/interface-definitions/vpn_ipsec.xml.in
+++ b/interface-definitions/vpn_ipsec.xml.in
@@ -99,6 +99,12 @@
</constraint>
</properties>
</leafNode>
+ <leafNode name="disable-rekey">
+ <properties>
+ <help>Do not locally initiate a re-key of the SA, remote peer must re-key before expiration</help>
+ <valueless/>
+ </properties>
+ </leafNode>
<leafNode name="mode">
<properties>
<help>ESP mode</help>