diff options
| author | Christian Poessinger <christian@poessinger.com> | 2022-03-24 18:27:48 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-03-24 18:27:48 +0100 |
| commit | a8f5f36a105594ab9848d009b228726aa6eb4a04 (patch) | |
| tree | a0867b87bcfcf7b8836f15ca36c28c7b353e76da /data | |
| parent | 3a85acc5fa900cabe502529ad57c7fed619c1149 (diff) | |
| parent | 78a4676f787e5e37f67afd5c2453ce06e3f0f9e9 (diff) | |
| download | vyos-1x-a8f5f36a105594ab9848d009b228726aa6eb4a04.tar.gz vyos-1x-a8f5f36a105594ab9848d009b228726aa6eb4a04.zip | |
Merge pull request #1251 from srividya0208/T4288a
ike-group: T4288 : close-action is missing in swanctl.conf
Diffstat (limited to 'data')
| -rw-r--r-- | data/templates/ipsec/swanctl/peer.tmpl | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl index 562e8fdd5..a622cbf74 100644 --- a/data/templates/ipsec/swanctl/peer.tmpl +++ b/data/templates/ipsec/swanctl/peer.tmpl @@ -87,9 +87,10 @@ start_action = none {% endif %} {% if ike.dead_peer_detection is defined %} -{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'start'} %} +{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'restart'} %} dpd_action = {{ dpd_translate[ike.dead_peer_detection.action] }} {% endif %} + close_action = {{ {'none': 'none', 'hold': 'trap', 'restart': 'start'}[ike.close_action] }} } {% elif peer_conf.tunnel is defined %} {% for tunnel_id, tunnel_conf in peer_conf.tunnel.items() if tunnel_conf.disable is not defined %} @@ -137,9 +138,10 @@ start_action = none {% endif %} {% if ike.dead_peer_detection is defined %} -{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'start'} %} +{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'restart'} %} dpd_action = {{ dpd_translate[ike.dead_peer_detection.action] }} {% endif %} + close_action = {{ {'none': 'none', 'hold': 'trap', 'restart': 'start'}[ike.close_action] }} {% if peer_conf.vti is defined and peer_conf.vti.bind is defined %} updown = "/etc/ipsec.d/vti-up-down {{ peer_conf.vti.bind }}" {# The key defaults to 0 and will match any policies which similarly do not have a lookup key configuration. #} |