From cfd4d283ff0297372248b4ec57f67fd36dd33fc2 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 27 Aug 2021 11:04:36 +0200 Subject: ipsec: T1210: Jinj2 template did not honor inactivity/timeout setting --- data/templates/ipsec/swanctl/remote_access.tmpl | 3 ++- interface-definitions/vpn_ipsec.xml.in | 8 ++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/data/templates/ipsec/swanctl/remote_access.tmpl b/data/templates/ipsec/swanctl/remote_access.tmpl index f906836c6..4fdc2a276 100644 --- a/data/templates/ipsec/swanctl/remote_access.tmpl +++ b/data/templates/ipsec/swanctl/remote_access.tmpl @@ -10,7 +10,7 @@ send_certreq = no rekey_time = {{ ike.lifetime }}s keyingtries = 0 -{% if rw_conf.unique is defined and rw_conf.unique is not none %} +{% if rw_conf.unique is defined and rw_conf.unique is not none %} unique = {{ rw_conf.unique }} {% endif %} {% if rw_conf.pool is defined and rw_conf.pool is not none %} @@ -39,6 +39,7 @@ rekey_time = {{ esp.lifetime }}s rand_time = 540s dpd_action = clear + inactivity = {{ rw_conf.timeout }} {% set local_prefix = rw_conf.local.prefix if rw_conf.local is defined and rw_conf.local.prefix is defined else ['0.0.0.0/0', '::/0'] %} {% set local_port = rw_conf.local.port if rw_conf.local is defined and rw_conf.local.port is defined else '' %} {% set local_suffix = '[%any/{1}]'.format(local_port) if local_port else '' %} diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in index b0dba4bce..ed4941efc 100644 --- a/interface-definitions/vpn_ipsec.xml.in +++ b/interface-definitions/vpn_ipsec.xml.in @@ -757,11 +757,15 @@ Timeout to close connection if no data is transmitted - u32:10-86400 + u32:0 + Disable inactivity checks + + + u32:1-86400 Timeout in seconds (default 28800) - + 28800 -- cgit v1.2.3