diff options
| author | srividya0208 <a.srividya@vyos.io> | 2022-03-18 08:39:14 -0400 |
|---|---|---|
| committer | srividya0208 <a.srividya@vyos.io> | 2022-03-24 12:00:11 -0400 |
| commit | 78a4676f787e5e37f67afd5c2453ce06e3f0f9e9 (patch) | |
| tree | d3539fbf37e1e8946d103e376b6ced7ccf6dfa26 /data/templates/ipsec | |
| parent | 71805191d1e663af47ac1c2c11f7861d84677525 (diff) | |
| download | vyos-1x-78a4676f787e5e37f67afd5c2453ce06e3f0f9e9.tar.gz vyos-1x-78a4676f787e5e37f67afd5c2453ce06e3f0f9e9.zip | |
ike-group: T4288 : close-action is missing in swanctl.conf
close-action parameter is missing in the swanctl.conf file
Diffstat (limited to 'data/templates/ipsec')
| -rw-r--r-- | data/templates/ipsec/swanctl/peer.tmpl | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl index 562e8fdd5..a622cbf74 100644 --- a/data/templates/ipsec/swanctl/peer.tmpl +++ b/data/templates/ipsec/swanctl/peer.tmpl @@ -87,9 +87,10 @@ start_action = none {% endif %} {% if ike.dead_peer_detection is defined %} -{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'start'} %} +{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'restart'} %} dpd_action = {{ dpd_translate[ike.dead_peer_detection.action] }} {% endif %} + close_action = {{ {'none': 'none', 'hold': 'trap', 'restart': 'start'}[ike.close_action] }} } {% elif peer_conf.tunnel is defined %} {% for tunnel_id, tunnel_conf in peer_conf.tunnel.items() if tunnel_conf.disable is not defined %} @@ -137,9 +138,10 @@ start_action = none {% endif %} {% if ike.dead_peer_detection is defined %} -{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'start'} %} +{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'restart'} %} dpd_action = {{ dpd_translate[ike.dead_peer_detection.action] }} {% endif %} + close_action = {{ {'none': 'none', 'hold': 'trap', 'restart': 'start'}[ike.close_action] }} {% if peer_conf.vti is defined and peer_conf.vti.bind is defined %} updown = "/etc/ipsec.d/vti-up-down {{ peer_conf.vti.bind }}" {# The key defaults to 0 and will match any policies which similarly do not have a lookup key configuration. #} |