diff options
| -rwxr-xr-x | scripts/vpn-config.pl | 13 | ||||
| -rw-r--r-- | templates/vpn/ipsec/site-to-site/peer/node.tag/force-encapsulation/node.def | 6 |
2 files changed, 19 insertions, 0 deletions
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl index ca685bd..0d5a63b 100755 --- a/scripts/vpn-config.pl +++ b/scripts/vpn-config.pl @@ -800,6 +800,19 @@ if ($vcVPN->exists('ipsec')) { $genout .= "\tdpdtimeout=$dpd_timeout" . "s\n"; $genout .= "\tdpdaction=$dpd_action\n"; } + + # + # Allow the user for force UDP encapsulation for the ESP + # payload. + # + my $forceencaps = $vcVPN->returnValue("ipsec site-to-site $peer force-encapsulation"); + if (defined($forceencaps)) { + if ($forceencaps eq 'enable') { + $genout .= "\tforceencaps=yes\n"; + } else { + $genout .= "\tforceencaps=no\n"; + } + } } # diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/force-encapsulation/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/force-encapsulation/node.def new file mode 100644 index 0000000..0015add --- /dev/null +++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/force-encapsulation/node.def @@ -0,0 +1,6 @@ +help: Force UDP Encapsulation for ESP Payloads +type: txt +syntax:expression: $VAR(@) in "enable", "disable"; "Must be enable or disable" +val_help: enable; This endpoint will not force UDP encapsulation for this peer +val_help: disable; This endpoint will force UDP encapsulation for this peer + |