summaryrefslogtreecommitdiff
path: root/src/op_mode/vpn_ike_sa.py
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-07-19 19:04:13 +0200
committerChristian Poessinger <christian@poessinger.com>2021-07-19 19:04:13 +0200
commit02043297db68d45b2ca398486cc119d1c103e68c (patch)
tree3aba9dd1d43dd0a7428014886a8b2ed60bacfc15 /src/op_mode/vpn_ike_sa.py
parent9556d78b1d54c7320a0154990c61d23c6197c38f (diff)
downloadvyos-1x-02043297db68d45b2ca398486cc119d1c103e68c.tar.gz
vyos-1x-02043297db68d45b2ca398486cc119d1c103e68c.zip
ipsec: T1210: add "unique" option to specify how to handle multiple connections
Connection uniqueness policy to enforce. To avoid multiple connections from the same user, a uniqueness policy can be enforced. * never: never enforce such a policy, even if a peer included INITIAL_CONTACT notification * keep: reject new connection attempts if the same user already has an active connection * replace: delete any existing connection if a new one for the same user gets established To compare connections for uniqueness, the remote IKE identity is used. If EAP or XAuth authentication is involved, the EAP-Identity or XAuth username is used to enforce the uniqueness policy instead.
Diffstat (limited to 'src/op_mode/vpn_ike_sa.py')
0 files changed, 0 insertions, 0 deletions