From 22c3dcbb01d731f0dab0ffefa2e5a0be7009baf1 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 31 Oct 2022 15:09:58 +0100 Subject: ipsec: T4787: add support for road-warrior/remote-access RADIUS timeout This enabled users to also use 2FA/MFA authentication with a radius backend as there is enough time to enter the second factor. --- data/templates/ipsec/charon/eap-radius.conf.j2 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'data') diff --git a/data/templates/ipsec/charon/eap-radius.conf.j2 b/data/templates/ipsec/charon/eap-radius.conf.j2 index 8495011fe..364377473 100644 --- a/data/templates/ipsec/charon/eap-radius.conf.j2 +++ b/data/templates/ipsec/charon/eap-radius.conf.j2 @@ -49,8 +49,10 @@ eap-radius { # Base to use for calculating exponential back off. # retransmit_base = 1.4 +{% if remote_access.radius.timeout is vyos_defined %} # Timeout in seconds before sending first retransmit. - # retransmit_timeout = 2.0 + retransmit_timeout = {{ remote_access.radius.timeout | float }} +{% endif %} # Number of times to retransmit a packet before giving up. # retransmit_tries = 4 -- cgit v1.2.3