summaryrefslogtreecommitdiff
path: root/data
diff options
context:
space:
mode:
authorViacheslav <v.gletenko@vyos.io>2021-12-31 14:52:18 +0000
committerViacheslav <v.gletenko@vyos.io>2021-12-31 14:52:18 +0000
commit78494fe6de5372939e05dd65b01acd3e786b5602 (patch)
treea4a61d2145bfd5f94df3de6d8262ebac59ea4a01 /data
parentb468930a61d46bd33b52768f4c6f8b6ea28eed91 (diff)
downloadvyos-1x-78494fe6de5372939e05dd65b01acd3e786b5602.tar.gz
vyos-1x-78494fe6de5372939e05dd65b01acd3e786b5602.zip
ipsec: T4126: Ability to set priorities for installed policy
Add priority for policy based IPSec VPN tunnels If 2 tunnels have the same pair of local and remote traffic selectors (prefixes) it allows to set more preforable install policy from required peer The lowest priority is more preforable
Diffstat (limited to 'data')
-rw-r--r--data/templates/ipsec/swanctl/peer.tmpl3
1 files changed, 3 insertions, 0 deletions
diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl
index 1b221814e..c6b71f2a1 100644
--- a/data/templates/ipsec/swanctl/peer.tmpl
+++ b/data/templates/ipsec/swanctl/peer.tmpl
@@ -101,6 +101,9 @@
{% set remote_prefix = tunnel_conf.remote.prefix if 'any' not in tunnel_conf.remote.prefix else ['0.0.0.0/0', '::/0'] %}
remote_ts = {{ remote_prefix | join(remote_suffix + ",") }}{{ remote_suffix }}
{% endif %}
+{% if tunnel_conf.priority is defined and tunnel_conf.priority is not none %}
+ priority = {{ tunnel_conf.priority }}
+{% endif %}
{% elif tunnel_esp.mode == 'transport' %}
local_ts = {{ peer_conf.local_address }}{{ local_suffix }}
remote_ts = {{ peer }}{{ remote_suffix }}