diff options
| author | Christian Poessinger <christian@poessinger.com> | 2021-08-27 11:04:36 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2021-08-27 11:05:14 +0200 |
| commit | cfd4d283ff0297372248b4ec57f67fd36dd33fc2 (patch) | |
| tree | eecfcb72e68515b94034b9d18eaa712b3848d5f2 | |
| parent | c2dfb24a0672ea93a4262feeddd6929275eb08cf (diff) | |
| download | vyos-1x-cfd4d283ff0297372248b4ec57f67fd36dd33fc2.tar.gz vyos-1x-cfd4d283ff0297372248b4ec57f67fd36dd33fc2.zip | |
ipsec: T1210: Jinj2 template did not honor inactivity/timeout setting
| -rw-r--r-- | data/templates/ipsec/swanctl/remote_access.tmpl | 3 | ||||
| -rw-r--r-- | interface-definitions/vpn_ipsec.xml.in | 8 |
2 files changed, 8 insertions, 3 deletions
diff --git a/data/templates/ipsec/swanctl/remote_access.tmpl b/data/templates/ipsec/swanctl/remote_access.tmpl index f906836c6..4fdc2a276 100644 --- a/data/templates/ipsec/swanctl/remote_access.tmpl +++ b/data/templates/ipsec/swanctl/remote_access.tmpl @@ -10,7 +10,7 @@ send_certreq = no rekey_time = {{ ike.lifetime }}s keyingtries = 0 -{% if rw_conf.unique is defined and rw_conf.unique is not none %} +{% if rw_conf.unique is defined and rw_conf.unique is not none %} unique = {{ rw_conf.unique }} {% endif %} {% if rw_conf.pool is defined and rw_conf.pool is not none %} @@ -39,6 +39,7 @@ rekey_time = {{ esp.lifetime }}s rand_time = 540s dpd_action = clear + inactivity = {{ rw_conf.timeout }} {% set local_prefix = rw_conf.local.prefix if rw_conf.local is defined and rw_conf.local.prefix is defined else ['0.0.0.0/0', '::/0'] %} {% set local_port = rw_conf.local.port if rw_conf.local is defined and rw_conf.local.port is defined else '' %} {% set local_suffix = '[%any/{1}]'.format(local_port) if local_port else '' %} diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in index b0dba4bce..ed4941efc 100644 --- a/interface-definitions/vpn_ipsec.xml.in +++ b/interface-definitions/vpn_ipsec.xml.in @@ -757,11 +757,15 @@ <properties> <help>Timeout to close connection if no data is transmitted</help> <valueHelp> - <format>u32:10-86400</format> + <format>u32:0</format> + <description>Disable inactivity checks</description> + </valueHelp> + <valueHelp> + <format>u32:1-86400</format> <description>Timeout in seconds (default 28800)</description> </valueHelp> <constraint> - <validator name="numeric" argument="--range 10-86400"/> + <validator name="numeric" argument="--range 0-86400"/> </constraint> </properties> <defaultValue>28800</defaultValue> |