diff options
| author | Christian Poessinger <christian@poessinger.com> | 2022-02-21 19:11:05 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-02-21 19:11:05 +0100 |
| commit | a88cd9b621fcb1696fe529eea48d6977478932ed (patch) | |
| tree | bc01b664933a85987820f388933416059796e52f | |
| parent | 9c66ff6c11cf865d424f3643a3d01bb6362b901d (diff) | |
| parent | 4ec6262629393bd8a88951970c367a5cc3d57a42 (diff) | |
| download | vyos-1x-a88cd9b621fcb1696fe529eea48d6977478932ed.tar.gz vyos-1x-a88cd9b621fcb1696fe529eea48d6977478932ed.zip | |
Merge pull request #1231 from sever-sever/T3948
ipsec: T3948: Add CLI site-to-site peer connection-type none
| -rw-r--r-- | data/templates/ipsec/swanctl/peer.tmpl | 4 | ||||
| -rw-r--r-- | interface-definitions/vpn_ipsec.xml.in | 8 | ||||
| -rwxr-xr-x | smoketest/scripts/cli/test_vpn_ipsec.py | 2 |
3 files changed, 12 insertions, 2 deletions
diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl index f4e28d818..673dc3375 100644 --- a/data/templates/ipsec/swanctl/peer.tmpl +++ b/data/templates/ipsec/swanctl/peer.tmpl @@ -77,6 +77,8 @@ start_action = start {% elif peer_conf.connection_type == 'respond' %} start_action = trap +{% elif peer_conf.connection_type == 'none' %} + start_action = none {% endif %} {% if ike.dead_peer_detection is defined %} {% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'start'} %} @@ -119,6 +121,8 @@ start_action = start {% elif peer_conf.connection_type == 'respond' %} start_action = trap +{% elif peer_conf.connection_type == 'none' %} + start_action = none {% endif %} {% if ike.dead_peer_detection is defined %} {% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'start'} %} diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in index 5ec7480cc..58179b1c3 100644 --- a/interface-definitions/vpn_ipsec.xml.in +++ b/interface-definitions/vpn_ipsec.xml.in @@ -978,7 +978,7 @@ <properties> <help>Connection type</help> <completionHelp> - <list>initiate respond</list> + <list>initiate respond none</list> </completionHelp> <valueHelp> <format>initiate</format> @@ -988,8 +988,12 @@ <format>respond</format> <description>Bring the connection up only if traffic is detected</description> </valueHelp> + <valueHelp> + <format>none</format> + <description>Load the connection only</description> + </valueHelp> <constraint> - <regex>^(initiate|respond)$</regex> + <regex>^(initiate|respond|none)$</regex> </constraint> </properties> </leafNode> diff --git a/smoketest/scripts/cli/test_vpn_ipsec.py b/smoketest/scripts/cli/test_vpn_ipsec.py index 2c3e55a57..699d854bb 100755 --- a/smoketest/scripts/cli/test_vpn_ipsec.py +++ b/smoketest/scripts/cli/test_vpn_ipsec.py @@ -238,6 +238,7 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase): peer_base_path = base_path + ['site-to-site', 'peer', peer_ip] self.cli_set(peer_base_path + ['authentication', 'mode', 'pre-shared-secret']) self.cli_set(peer_base_path + ['authentication', 'pre-shared-secret', secret]) + self.cli_set(peer_base_path + ['connection-type', 'none']) self.cli_set(peer_base_path + ['ike-group', ike_group]) self.cli_set(peer_base_path + ['default-esp-group', esp_group]) self.cli_set(peer_base_path + ['local-address', local_address]) @@ -266,6 +267,7 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase): f'mode = tunnel', f'local_ts = 172.16.10.0/24,172.16.11.0/24', f'remote_ts = 172.17.10.0/24,172.17.11.0/24', + f'start_action = none', f'if_id_in = {if_id}', # will be 11 for vti10 - shifted by one f'if_id_out = {if_id}', f'updown = "/etc/ipsec.d/vti-up-down {vti}"' |