From 4d82c1862172bea03c9be7482b8ed3bbddf5b395 Mon Sep 17 00:00:00 2001 From: Lucas Christian Date: Sat, 20 Jul 2024 19:29:14 -0700 Subject: T6599: ipsec: support disabling rekey of CHILD_SA. Also adds support for life_bytes, life_packets, and DPD for remote-access connections. Changes behavior of remote-access esp-group lifetime setting to have parity with site-to-site connections. (cherry picked from commit fd5d7ff0b4fd69b248ecb29c6ec1f3cf844c41cf) --- interface-definitions/vpn_ipsec.xml.in | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'interface-definitions') diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in index 7f425d982..4a7fde75b 100644 --- a/interface-definitions/vpn_ipsec.xml.in +++ b/interface-definitions/vpn_ipsec.xml.in @@ -99,6 +99,12 @@ + + + Do not locally initiate a re-key of the SA, remote peer must re-key before expiration + + + ESP mode -- cgit v1.2.3