summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xscripts/vpn-config.pl8
-rw-r--r--templates/vpn/ipsec/ike-group/node.tag/close-action/node.def8
-rw-r--r--templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/timeout/node.def6
3 files changed, 19 insertions, 3 deletions
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl
index d68e419..369e568 100755
--- a/scripts/vpn-config.pl
+++ b/scripts/vpn-config.pl
@@ -811,6 +811,14 @@ if ($vcVPN->exists('ipsec')) {
}
#
+ # Check for closeaction
+ #
+ my $close_act = $vcVPN->returnValue("ipsec ike-group $ike_group close-action");
+ if (defined($close_act)) {
+ $genout .= "\tcloseaction=$close_act\n";
+ }
+
+ #
# Allow the user for force UDP encapsulation for the ESP
# payload.
#
diff --git a/templates/vpn/ipsec/ike-group/node.tag/close-action/node.def b/templates/vpn/ipsec/ike-group/node.tag/close-action/node.def
new file mode 100644
index 0000000..0c05c21
--- /dev/null
+++ b/templates/vpn/ipsec/ike-group/node.tag/close-action/node.def
@@ -0,0 +1,8 @@
+help: Action if the remote peer unexpectedly closes a CHILD_SA
+type: txt
+default: "none"
+syntax:expression: $VAR(@) in "none","hold", "clear", "restart"; "must be none, hold clear, or restart"
+val_help: none; Set action to none (default)
+val_help: hold; Set action to hold
+val_help: clear; Set action to clear
+val_help: restart; Set action to restart
diff --git a/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/timeout/node.def b/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/timeout/node.def
index 3378cb5..8a4edee 100644
--- a/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/timeout/node.def
+++ b/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/timeout/node.def
@@ -1,5 +1,5 @@
-help: Keep-alive timeout
+help: Dead-Peer-Detection keep-alive timeout (IKEv1 only)
type: u32
default: 120
-syntax:expression: ($VAR(@) >= 10 && $VAR(@) <= 86400) ; "must be between 10-86400 seconds"
-val_help: u32:10-86400; Keep-alive timeout in seconds (default 120)
+syntax:expression: ($VAR(@) >= 2 && $VAR(@) <= 86400) ; "must be between 2-86400 seconds"
+val_help: u32:2-86400; Keep-alive timeout in seconds (default 120)
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 00:52:33 +0000