diff options
author | Jeff Leung <jleung@v10networks.ca> | 2015-02-10 01:05:30 +0000 |
---|---|---|
committer | Jeff Leung <jleung@v10networks.ca> | 2015-02-10 09:58:36 +0000 |
commit | c6864b6ca7c18ab4ec248186e1310e46b7a97676 (patch) | |
tree | dd974eb5714199e348e6a4b1206e5af11acd9882 | |
parent | a69985d6853537d296027be5d2d1c44d73fbeccc (diff) | |
download | vyatta-cfg-vpn-c6864b6ca7c18ab4ec248186e1310e46b7a97676.tar.gz vyatta-cfg-vpn-c6864b6ca7c18ab4ec248186e1310e46b7a97676.zip |
Allow the user to force UDP encapsulation for a named peer
This might help with strongSwan traversing through firewalls that
filter proto 51, but not UDP traffic.
-rwxr-xr-x | scripts/vpn-config.pl | 13 | ||||
-rw-r--r-- | templates/vpn/ipsec/site-to-site/peer/node.tag/force-encapsulation/node.def | 6 |
2 files changed, 19 insertions, 0 deletions
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl index ca685bd..0d5a63b 100755 --- a/scripts/vpn-config.pl +++ b/scripts/vpn-config.pl @@ -800,6 +800,19 @@ if ($vcVPN->exists('ipsec')) { $genout .= "\tdpdtimeout=$dpd_timeout" . "s\n"; $genout .= "\tdpdaction=$dpd_action\n"; } + + # + # Allow the user for force UDP encapsulation for the ESP + # payload. + # + my $forceencaps = $vcVPN->returnValue("ipsec site-to-site $peer force-encapsulation"); + if (defined($forceencaps)) { + if ($forceencaps eq 'enable') { + $genout .= "\tforceencaps=yes\n"; + } else { + $genout .= "\tforceencaps=no\n"; + } + } } # diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/force-encapsulation/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/force-encapsulation/node.def new file mode 100644 index 0000000..0015add --- /dev/null +++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/force-encapsulation/node.def @@ -0,0 +1,6 @@ +help: Force UDP Encapsulation for ESP Payloads +type: txt +syntax:expression: $VAR(@) in "enable", "disable"; "Must be enable or disable" +val_help: enable; This endpoint will not force UDP encapsulation for this peer +val_help: disable; This endpoint will force UDP encapsulation for this peer + |