summaryrefslogtreecommitdiff
path: root/interface-definitions/vpn_ipsec.xml.in
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-02-02 20:44:29 +0100
committerChristian Breunig <christian@breunig.cc>2024-02-03 13:01:02 +0100
commit4d943d8fbf1253154897179b0e3ea2d93b898197 (patch)
tree9067a3e6b59ce2aa5d1be2872a59ff9debaf3008 /interface-definitions/vpn_ipsec.xml.in
parent84b17f0e666b7fb48e2e9cde12ce2e84b59dd5b2 (diff)
downloadvyos-1x-4d943d8fbf1253154897179b0e3ea2d93b898197.tar.gz
vyos-1x-4d943d8fbf1253154897179b0e3ea2d93b898197.zip
ipsec: T5998: add replay-windows setting
The replay_window for child SA will always be 32 (hence enabled). Add a CLI node to explicitly change this. * set vpn ipsec site-to-site peer <name> replay-window <0-2040>
Diffstat (limited to 'interface-definitions/vpn_ipsec.xml.in')
-rw-r--r--interface-definitions/vpn_ipsec.xml.in2
1 files changed, 2 insertions, 0 deletions
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in
index 9d1d5d824..44ca1c7a0 100644
--- a/interface-definitions/vpn_ipsec.xml.in
+++ b/interface-definitions/vpn_ipsec.xml.in
@@ -826,6 +826,7 @@
#include <include/ipsec/ike-group.xml.i>
#include <include/ipsec/local-address.xml.i>
#include <include/ipsec/local-traffic-selector.xml.i>
+ #include <include/ipsec/replay-window.xml.i>
<leafNode name="timeout">
<properties>
<help>Timeout to close connection if no data is transmitted</help>
@@ -1100,6 +1101,7 @@
</leafNode>
#include <include/ipsec/local-address.xml.i>
#include <include/ipsec/remote-address.xml.i>
+ #include <include/ipsec/replay-window.xml.i>
<tagNode name="tunnel">
<properties>
<help>Peer tunnel</help>
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-05 13:50:53 +0000