diff options
| author | Jeff Leung <jleung@v10networks.ca> | 2015-02-10 01:05:30 +0000 |
|---|---|---|
| committer | Jeff Leung <jleung@v10networks.ca> | 2015-02-10 09:58:36 +0000 |
| commit | c6864b6ca7c18ab4ec248186e1310e46b7a97676 (patch) | |
| tree | dd974eb5714199e348e6a4b1206e5af11acd9882 /scripts/vpn-config.pl | |
| parent | a69985d6853537d296027be5d2d1c44d73fbeccc (diff) | |
| download | vyatta-cfg-vpn-c6864b6ca7c18ab4ec248186e1310e46b7a97676.tar.gz vyatta-cfg-vpn-c6864b6ca7c18ab4ec248186e1310e46b7a97676.zip | |
Allow the user to force UDP encapsulation for a named peer
This might help with strongSwan traversing through firewalls that
filter proto 51, but not UDP traffic.
Diffstat (limited to 'scripts/vpn-config.pl')
| -rwxr-xr-x | scripts/vpn-config.pl | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl index ca685bd..0d5a63b 100755 --- a/scripts/vpn-config.pl +++ b/scripts/vpn-config.pl @@ -800,6 +800,19 @@ if ($vcVPN->exists('ipsec')) { $genout .= "\tdpdtimeout=$dpd_timeout" . "s\n"; $genout .= "\tdpdaction=$dpd_action\n"; } + + # + # Allow the user for force UDP encapsulation for the ESP + # payload. + # + my $forceencaps = $vcVPN->returnValue("ipsec site-to-site $peer force-encapsulation"); + if (defined($forceencaps)) { + if ($forceencaps eq 'enable') { + $genout .= "\tforceencaps=yes\n"; + } else { + $genout .= "\tforceencaps=no\n"; + } + } } # |