diff options
author | Jeff Leung <jleung@v10networks.ca> | 2014-05-25 01:59:43 -0500 |
---|---|---|
committer | Jeff Leung <jleung@v10networks.ca> | 2014-05-25 02:04:04 -0500 |
commit | 4896020276a93c73276dad073341ab6f9bc9a1ca (patch) | |
tree | 03f9005f613c4f788a4df425e3b36a27d2b85bbf /templates/vpn/ipsec | |
parent | ae7363afce9dccdca2416158a38124d6ffff051c (diff) | |
download | vyatta-cfg-vpn-4896020276a93c73276dad073341ab6f9bc9a1ca.tar.gz vyatta-cfg-vpn-4896020276a93c73276dad073341ab6f9bc9a1ca.zip |
Remove automatic IKE version negoiation.
According to the strongSwan 4.5.x documentation, the keyexchange configuration value "ike" is a synonym to "ikev2".
In strongSwan 5.0.0 however, the configuration value "ike" will try to negoiate IKEv2 connections but will accept IKEv1 connections if the remote peer sends an IKEv1 request.
Diffstat (limited to 'templates/vpn/ipsec')
-rw-r--r-- | templates/vpn/ipsec/ike-group/node.tag/key-exchange/node.def | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/templates/vpn/ipsec/ike-group/node.tag/key-exchange/node.def b/templates/vpn/ipsec/ike-group/node.tag/key-exchange/node.def index e3555d4..f68dc69 100644 --- a/templates/vpn/ipsec/ike-group/node.tag/key-exchange/node.def +++ b/templates/vpn/ipsec/ike-group/node.tag/key-exchange/node.def @@ -1,7 +1,6 @@ help: Key Exchange Version type: txt default: "ikev1" -syntax:expression: $VAR(@) in "ike", "ikev1", "ikev2"; "must be ike, ikev1 or ikev2" -val_help: ike; Automatically negoiatate Key Exchange version -val_help: ikev1; Force IKEv1 for Key Exchange [DEFAULT] -val_help: ikev2; Force IKEv2 for Key Exchange +syntax:expression: $VAR(@) in "ikev1", "ikev2"; "must be ikev1 or ikev2" +val_help: ikev1; Use IKEv1 for Key Exchange [DEFAULT] +val_help: ikev2; Use IKEv2 for Key Exchange |