Merge pull request #1129 from sever-sever/T4126

ipsec: T4126: Ability to set priorities for installed policy
author: Christian Poessinger <christian@poessinger.com> 2021-12-31 16:29:08 +0100
committer: GitHub <noreply@github.com> 2021-12-31 16:29:08 +0100
commit: dcf8baa5b3040acad6a19d7c9325fbecd9f942ca (patch)
tree: a4a61d2145bfd5f94df3de6d8262ebac59ea4a01
parent: b468930a61d46bd33b52768f4c6f8b6ea28eed91 (diff)
parent: 78494fe6de5372939e05dd65b01acd3e786b5602 (diff)
download: vyos-1x-dcf8baa5b3040acad6a19d7c9325fbecd9f942ca.tar.gz
vyos-1x-dcf8baa5b3040acad6a19d7c9325fbecd9f942ca.zip
2 files changed, 15 insertions, 0 deletions
diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl
index 1b221814e..c6b71f2a1 100644
--- a/data/templates/ipsec/swanctl/peer.tmpl
+++ b/data/templates/ipsec/swanctl/peer.tmpl
@@ -101,6 +101,9 @@
 {%           set remote_prefix = tunnel_conf.remote.prefix if 'any' not in tunnel_conf.remote.prefix else ['0.0.0.0/0', '::/0'] %}
                 remote_ts = {{ remote_prefix | join(remote_suffix + ",") }}{{ remote_suffix }}
 {%         endif %}
+{%         if tunnel_conf.priority is defined and tunnel_conf.priority is not none %}
+                priority = {{ tunnel_conf.priority }}
+{%         endif %}
 {%       elif tunnel_esp.mode == 'transport' %}
                 local_ts = {{ peer_conf.local_address }}{{ local_suffix }}
                 remote_ts = {{ peer }}{{ remote_suffix }}
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in
index 17ba83bae..0c2205410 100644
--- a/interface-definitions/vpn_ipsec.xml.in
+++ b/interface-definitions/vpn_ipsec.xml.in
@@ -1047,6 +1047,18 @@
                       #include <include/ipsec/esp-group.xml.i>
                       #include <include/ipsec/local-traffic-selector.xml.i>
                       #include <include/ip-protocol.xml.i>
+                      <leafNode name="priority">
+                        <properties>
+                          <help>Priority for IPSec policy (lowest value more preferable)</help>
+                          <valueHelp>
+                            <format>u32:1-100</format>
+                            <description>Priority for IPSec policy (lowest value more preferable)</description>
+                          </valueHelp>
+                          <constraint>
+                            <validator name="numeric" argument="--range 1-100"/>
+                          </constraint>
+                        </properties>
+                      </leafNode>
                       <node name="remote">
                         <properties>
                           <help>Match remote addresses</help>
author	Christian Poessinger <christian@poessinger.com>	2021-12-31 16:29:08 +0100
committer	GitHub <noreply@github.com>	2021-12-31 16:29:08 +0100
commit	dcf8baa5b3040acad6a19d7c9325fbecd9f942ca (patch)
tree	a4a61d2145bfd5f94df3de6d8262ebac59ea4a01
parent	b468930a61d46bd33b52768f4c6f8b6ea28eed91 (diff)
parent	78494fe6de5372939e05dd65b01acd3e786b5602 (diff)
download	vyos-1x-dcf8baa5b3040acad6a19d7c9325fbecd9f942ca.tar.gz vyos-1x-dcf8baa5b3040acad6a19d7c9325fbecd9f942ca.zip