Merge pull request #2934 from vyos/mergify/bp/sagitta/pr-2932

ipsec: T5998: add replay-windows setting (backport #2932)
author: Christian Breunig <christian@breunig.cc> 2024-02-03 22:07:12 +0100
committer: GitHub <noreply@github.com> 2024-02-03 22:07:12 +0100
commit: 22a15d828e1d0052d6690860367ba294d2481a04 (patch)
tree: 9716120b7d0424fb4bcd8fc6acc66418fe6df767 /data/templates/ipsec/swanctl/remote_access.j2
parent: 088dcfd35af200294dcb186cf5529226bfbb46b7 (diff)
parent: 4edc0611ec0ab39147c136d769a9e8a0f50847e6 (diff)
download: vyos-1x-22a15d828e1d0052d6690860367ba294d2481a04.tar.gz
vyos-1x-22a15d828e1d0052d6690860367ba294d2481a04.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/data/templates/ipsec/swanctl/remote_access.j2 b/data/templates/ipsec/swanctl/remote_access.j2
index 01dc8a4a7..bce8684fe 100644
--- a/data/templates/ipsec/swanctl/remote_access.j2
+++ b/data/templates/ipsec/swanctl/remote_access.j2
@@ -43,6 +43,9 @@
                 rand_time = 540s
                 dpd_action = clear
                 inactivity = {{ rw_conf.timeout }}
+{% if rw_conf.replay_window is vyos_defined %}
+                replay_window = {{ rw_conf.replay_window }}
+{% endif %}
 {% set local_prefix = rw_conf.local.prefix if rw_conf.local.prefix is vyos_defined else ['0.0.0.0/0', '::/0'] %}
 {% set local_port = rw_conf.local.port if rw_conf.local.port is vyos_defined else '' %}
 {% set local_suffix = '[%any/{1}]'.format(local_port) if local_port else '' %}
author	Christian Breunig <christian@breunig.cc>	2024-02-03 22:07:12 +0100
committer	GitHub <noreply@github.com>	2024-02-03 22:07:12 +0100
commit	22a15d828e1d0052d6690860367ba294d2481a04 (patch)
tree	9716120b7d0424fb4bcd8fc6acc66418fe6df767 /data/templates/ipsec/swanctl/remote_access.j2
parent	088dcfd35af200294dcb186cf5529226bfbb46b7 (diff)
parent	4edc0611ec0ab39147c136d769a9e8a0f50847e6 (diff)
download	vyos-1x-22a15d828e1d0052d6690860367ba294d2481a04.tar.gz vyos-1x-22a15d828e1d0052d6690860367ba294d2481a04.zip