diff options
author | Christian Breunig <christian@breunig.cc> | 2024-02-02 20:44:29 +0100 |
---|---|---|
committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2024-02-03 20:05:04 +0000 |
commit | 4edc0611ec0ab39147c136d769a9e8a0f50847e6 (patch) | |
tree | 9716120b7d0424fb4bcd8fc6acc66418fe6df767 /interface-definitions/include/ipsec | |
parent | 088dcfd35af200294dcb186cf5529226bfbb46b7 (diff) | |
download | vyos-1x-4edc0611ec0ab39147c136d769a9e8a0f50847e6.tar.gz vyos-1x-4edc0611ec0ab39147c136d769a9e8a0f50847e6.zip |
ipsec: T5998: add replay-windows setting
The replay_window for child SA will always be 32 (hence enabled). Add a CLI node
to explicitly change this.
* set vpn ipsec site-to-site peer <name> replay-window <0-2040>
(cherry picked from commit 4d943d8fbf1253154897179b0e3ea2d93b898197)
Diffstat (limited to 'interface-definitions/include/ipsec')
-rw-r--r-- | interface-definitions/include/ipsec/replay-window.xml.i | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/interface-definitions/include/ipsec/replay-window.xml.i b/interface-definitions/include/ipsec/replay-window.xml.i new file mode 100644 index 000000000..f35ed550a --- /dev/null +++ b/interface-definitions/include/ipsec/replay-window.xml.i @@ -0,0 +1,19 @@ +<!-- include start from ipsec/replay-window.xml.i --> +<leafNode name="replay-window"> + <properties> + <help>IPsec replay window to configure for this CHILD_SA</help> + <valueHelp> + <format>u32:0</format> + <description>Disable IPsec replay protection</description> + </valueHelp> + <valueHelp> + <format>u32:1-2040</format> + <description>Replay window size in packets</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-2040"/> + </constraint> + </properties> + <defaultValue>32</defaultValue> + </leafNode> + <!-- include end --> |