Exposing ikev2 reauth option in CLI, defaulting to 'no'

2 files changed, 13 insertions, 0 deletions

diff --git a/templates/vpn/ipsec/ike-group/node.tag/ikev2-reauth/node.def b/templates/vpn/ipsec/ike-group/node.tag/ikev2-reauth/node.def
new file mode 100644
index 0000000..2256ecc
--- /dev/null
+++ b/templates/vpn/ipsec/ike-group/node.tag/ikev2-reauth/node.def
@@ -0,0 +1,6 @@
+help: Re-authentication of the remote peer during an IKE re-key.  IKEv2 option only
+type: txt
+default: "no"
+syntax:expression: $VAR(@) in "yes", "no"; "must be yes or no (Default)"
+val_help: yes; Enable remote host re-autentication during an IKE rekey. Currently broken due to a strong swan bug
+val_help: no; Disable remote host re-authenticaton during an IKE rekey. (Default)
diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/ikev2-reauth/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/ikev2-reauth/node.def
new file mode 100644
index 0000000..8aee33e
--- /dev/null
+++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/ikev2-reauth/node.def
@@ -0,0 +1,7 @@
+help: Re-authentication of the remote peer during an IKE re-key.  IKEv2 option only
+type: txt
+default: "inherit"
+syntax:expression: $VAR(@) in "yes", "no"; "must be yes, no or inherit (Default)"
+val_help: yes; Enable remote host re-autentication during an IKE re-key. Currently broken due to a strong swan bug
+val_help: no; Disable remote host re-authenticaton during an IKE re-key.
+val_help: inherit; Inherit the reauth configuration form your IKE-group