diff options
author | Christian Poessinger <christian@poessinger.com> | 2021-09-20 07:38:43 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-09-20 07:38:43 +0200 |
commit | 62fc13d98013d46cf4cc37f4ac5c6f3c864290c2 (patch) | |
tree | deebaed65d2a200a4af9ea60076ef25c5d025f02 /data/templates/ipsec/swanctl | |
parent | e80d0aebd691f1a707ab534b4d1340fa0b793e01 (diff) | |
parent | d768aee9bd93280210980d621ecc7b2da1a8d4af (diff) | |
download | vyos-1x-62fc13d98013d46cf4cc37f4ac5c6f3c864290c2.tar.gz vyos-1x-62fc13d98013d46cf4cc37f4ac5c6f3c864290c2.zip |
Merge pull request #1012 from lucasec/vti-enhancements
ipsec: T1441: Clean up vti-up-down script for XFRM interfaces
Diffstat (limited to 'data/templates/ipsec/swanctl')
-rw-r--r-- | data/templates/ipsec/swanctl/peer.tmpl | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl index e039e98aa..8c3776bf1 100644 --- a/data/templates/ipsec/swanctl/peer.tmpl +++ b/data/templates/ipsec/swanctl/peer.tmpl @@ -60,7 +60,7 @@ life_time = {{ vti_esp.lifetime }}s local_ts = 0.0.0.0/0,::/0 remote_ts = 0.0.0.0/0,::/0 - updown = "/etc/ipsec.d/vti-up-down {{ peer_conf.vti.bind }} {{ peer_conf.dhcp_interface if peer_conf.dhcp_interface is defined else 'no' }}" + updown = "/etc/ipsec.d/vti-up-down {{ peer_conf.vti.bind }}" {# The key defaults to 0 and will match any policies which similarly do not have a lookup key configuration. #} {# Thus we simply shift the key by one to also support a vti0 interface #} {% set if_id = peer_conf.vti.bind | replace('vti', '') | int +1 %} @@ -119,7 +119,7 @@ dpd_action = {{ dpd_translate[ike.dead_peer_detection.action] }} {% endif %} {% if peer_conf.vti is defined and peer_conf.vti.bind is defined %} - updown = "/etc/ipsec.d/vti-up-down {{ peer_conf.vti.bind }} {{ peer_conf.dhcp_interface if peer_conf.dhcp_interface is defined else 'no' }}" + updown = "/etc/ipsec.d/vti-up-down {{ peer_conf.vti.bind }}" {# The key defaults to 0 and will match any policies which similarly do not have a lookup key configuration. #} {# Thus we simply shift the key by one to also support a vti0 interface #} {% set if_id = peer_conf.vti.bind | replace('vti', '') | int +1 %} |