diff options
| author | Daniil Baturin <daniil@baturin.org> | 2014-12-18 04:53:31 +0600 |
|---|---|---|
| committer | Daniil Baturin <daniil@baturin.org> | 2014-12-18 04:53:31 +0600 |
| commit | 7b0e7ce1c46cec565952b18a5044f7bc7be82196 (patch) | |
| tree | ab9b5cc840d6c3ff17e49b09bdd8aa11b63820a3 /scripts | |
| parent | 478615bf9d92e79b66d89c37473b4bd457a76260 (diff) | |
| parent | 259abd0641a999e390d67cb424c9093e1c0f72bf (diff) | |
| download | vyatta-cfg-vpn-7b0e7ce1c46cec565952b18a5044f7bc7be82196.tar.gz vyatta-cfg-vpn-7b0e7ce1c46cec565952b18a5044f7bc7be82196.zip | |
Merge pull request #11 from jhendryUK/ikev2_reauth_option
Ikev2 reauth option
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/vpn-config.pl | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl index e1c3573..2228997 100755 --- a/scripts/vpn-config.pl +++ b/scripts/vpn-config.pl @@ -813,6 +813,25 @@ if ($vcVPN->exists('ipsec')) { } # + # Get ikev2-reauth configuration + # + if ((defined($key_exchange)) && ($key_exchange eq 'ikev2')) { + my $ikev2_tunnel_reauth = $vcVPN->returnValue("ipsec site-to-site peer $peer ikev2-reauth"); + + if ((defined($ikev2_tunnel_reauth)) && ($ikev2_tunnel_reauth ne 'inherit')) { + $genout .= "\treauth=$ikev2_tunnel_reauth\n"; + } else { + my $ikev2_group_reauth = $vcVPN->returnValue("ipsec ike-group $ike_group ikev2-reauth"); + if (defined($ikev2_group_reauth)) { + $genout .= "\treauth=$ikev2_group_reauth\n"; + } else { + $genout .= "\treauth=no\n"; + } + } + + } + + # # Allow the user to disable MOBIKE for IKEv2 connections # my $mob_ike = $vcVPN->returnValue("ipsec ike-group $ike_group mobike"); |