diff options
| author | Christian Poessinger <christian@poessinger.com> | 2019-12-07 09:46:45 +0100 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2019-12-07 09:46:45 +0100 |
| commit | 2de00855a3a208abfb9ca7451ce41b75cb755007 (patch) | |
| tree | cb9242c889d11f4ef14300b66339bb7a5a4d1ec9 | |
| parent | f3a9ad83ac87263fa3014bbe4678fd2d116c4bfc (diff) | |
| parent | 006beada13e22929b7439a2123f0b434b666d4cc (diff) | |
| download | vyatta-cfg-vpn-2de00855a3a208abfb9ca7451ce41b75cb755007.tar.gz vyatta-cfg-vpn-2de00855a3a208abfb9ca7451ce41b75cb755007.zip | |
Merge branch 'current' of github.com:vyos/vyatta-cfg-vpn into equuleus
* 'current' of github.com:vyos/vyatta-cfg-vpn:
dmvpn: T1784: Run ipsec-settings before DMVPN
T1780 Adding IPSec IKE close-action
Jenkins: import Pipeline from vyos-1x commit bd00ec7
| -rwxr-xr-x | scripts/vpn-config.pl | 8 | ||||
| -rw-r--r-- | templates/vpn/ipsec/ike-group/node.tag/close-action/node.def | 8 | ||||
| -rw-r--r-- | templates/vpn/node.def | 3 |
3 files changed, 17 insertions, 2 deletions
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl index d68e419..369e568 100755 --- a/scripts/vpn-config.pl +++ b/scripts/vpn-config.pl @@ -811,6 +811,14 @@ if ($vcVPN->exists('ipsec')) { } # + # Check for closeaction + # + my $close_act = $vcVPN->returnValue("ipsec ike-group $ike_group close-action"); + if (defined($close_act)) { + $genout .= "\tcloseaction=$close_act\n"; + } + + # # Allow the user for force UDP encapsulation for the ESP # payload. # diff --git a/templates/vpn/ipsec/ike-group/node.tag/close-action/node.def b/templates/vpn/ipsec/ike-group/node.tag/close-action/node.def new file mode 100644 index 0000000..0c05c21 --- /dev/null +++ b/templates/vpn/ipsec/ike-group/node.tag/close-action/node.def @@ -0,0 +1,8 @@ +help: Action if the remote peer unexpectedly closes a CHILD_SA +type: txt +default: "none" +syntax:expression: $VAR(@) in "none","hold", "clear", "restart"; "must be none, hold clear, or restart" +val_help: none; Set action to none (default) +val_help: hold; Set action to hold +val_help: clear; Set action to clear +val_help: restart; Set action to restart diff --git a/templates/vpn/node.def b/templates/vpn/node.def index cfb0e64..311f59d 100644 --- a/templates/vpn/node.def +++ b/templates/vpn/node.def @@ -5,9 +5,8 @@ end: sudo /opt/vyatta/sbin/vyatta-vti-config.pl || exit 1 --config_file='/etc/ipsec.conf' \ --secrets_file='/etc/ipsec.secrets' \ --init_script='/etc/init.d/ipsec' || exit 1 + sudo ${vyos_conf_scripts_dir}/ipsec-settings.py || exit 1 sudo /opt/vyatta/sbin/dmvpn-config.pl \ --config_file='/etc/swanctl/swanctl.conf' \ --init_script='/etc/init.d/ipsec' || exit 1 sudo /opt/vyatta/sbin/vyos-update-nhrp.pl --set_ipsec || exit 1 - sudo ${vyos_conf_scripts_dir}/ipsec-settings.py || exit 1 -# sudo /opt/vyatta/sbin/vyatta-update-l2tp.pl || exit 1 |