diff options
author | Viacheslav <v.gletenko@vyos.io> | 2021-12-31 14:52:18 +0000 |
---|---|---|
committer | Viacheslav <v.gletenko@vyos.io> | 2021-12-31 14:52:18 +0000 |
commit | 78494fe6de5372939e05dd65b01acd3e786b5602 (patch) | |
tree | a4a61d2145bfd5f94df3de6d8262ebac59ea4a01 /data | |
parent | b468930a61d46bd33b52768f4c6f8b6ea28eed91 (diff) | |
download | vyos-1x-78494fe6de5372939e05dd65b01acd3e786b5602.tar.gz vyos-1x-78494fe6de5372939e05dd65b01acd3e786b5602.zip |
ipsec: T4126: Ability to set priorities for installed policy
Add priority for policy based IPSec VPN tunnels
If 2 tunnels have the same pair of local and remote traffic
selectors (prefixes) it allows to set more preforable install
policy from required peer
The lowest priority is more preforable
Diffstat (limited to 'data')
-rw-r--r-- | data/templates/ipsec/swanctl/peer.tmpl | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl index 1b221814e..c6b71f2a1 100644 --- a/data/templates/ipsec/swanctl/peer.tmpl +++ b/data/templates/ipsec/swanctl/peer.tmpl @@ -101,6 +101,9 @@ {% set remote_prefix = tunnel_conf.remote.prefix if 'any' not in tunnel_conf.remote.prefix else ['0.0.0.0/0', '::/0'] %} remote_ts = {{ remote_prefix | join(remote_suffix + ",") }}{{ remote_suffix }} {% endif %} +{% if tunnel_conf.priority is defined and tunnel_conf.priority is not none %} + priority = {{ tunnel_conf.priority }} +{% endif %} {% elif tunnel_esp.mode == 'transport' %} local_ts = {{ peer_conf.local_address }}{{ local_suffix }} remote_ts = {{ peer }}{{ remote_suffix }} |