ipsec: T4787: add support for road-warrior/remote-access RADIUS timeout

This enabled users to also use 2FA/MFA authentication with a radius backend as there is enough time to enter the second factor.
author: Christian Poessinger <christian@poessinger.com> 2022-10-31 15:09:58 +0100
committer: Christian Poessinger <christian@poessinger.com> 2022-10-31 15:10:39 +0100
commit: 22c3dcbb01d731f0dab0ffefa2e5a0be7009baf1 (patch)
tree: c7a5308cd7426c357dde5586e9ead79463475c4b /data
parent: 2291f4c7a967bdc81fb19e89f27fb378b2ecd09b (diff)
download: vyos-1x-22c3dcbb01d731f0dab0ffefa2e5a0be7009baf1.tar.gz
vyos-1x-22c3dcbb01d731f0dab0ffefa2e5a0be7009baf1.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/data/templates/ipsec/charon/eap-radius.conf.j2 b/data/templates/ipsec/charon/eap-radius.conf.j2
index 8495011fe..364377473 100644
--- a/data/templates/ipsec/charon/eap-radius.conf.j2
+++ b/data/templates/ipsec/charon/eap-radius.conf.j2
@@ -49,8 +49,10 @@ eap-radius {
     # Base to use for calculating exponential back off.
     # retransmit_base = 1.4
 
+{% if remote_access.radius.timeout is vyos_defined %}
     # Timeout in seconds before sending first retransmit.
-    # retransmit_timeout = 2.0
+    retransmit_timeout = {{ remote_access.radius.timeout | float }}
+{% endif %}
 
     # Number of times to retransmit a packet before giving up.
     # retransmit_tries = 4
author	Christian Poessinger <christian@poessinger.com>	2022-10-31 15:09:58 +0100
committer	Christian Poessinger <christian@poessinger.com>	2022-10-31 15:10:39 +0100
commit	22c3dcbb01d731f0dab0ffefa2e5a0be7009baf1 (patch)
tree	c7a5308cd7426c357dde5586e9ead79463475c4b /data
parent	2291f4c7a967bdc81fb19e89f27fb378b2ecd09b (diff)
download	vyos-1x-22c3dcbb01d731f0dab0ffefa2e5a0be7009baf1.tar.gz vyos-1x-22c3dcbb01d731f0dab0ffefa2e5a0be7009baf1.zip