summaryrefslogtreecommitdiff
path: root/interface-definitions/vpn_ipsec.xml.in
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-02-02 20:44:29 +0100
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2024-02-03 20:05:04 +0000
commit4edc0611ec0ab39147c136d769a9e8a0f50847e6 (patch)
tree9716120b7d0424fb4bcd8fc6acc66418fe6df767 /interface-definitions/vpn_ipsec.xml.in
parent088dcfd35af200294dcb186cf5529226bfbb46b7 (diff)
downloadvyos-1x-4edc0611ec0ab39147c136d769a9e8a0f50847e6.tar.gz
vyos-1x-4edc0611ec0ab39147c136d769a9e8a0f50847e6.zip
ipsec: T5998: add replay-windows setting
The replay_window for child SA will always be 32 (hence enabled). Add a CLI node to explicitly change this. * set vpn ipsec site-to-site peer <name> replay-window <0-2040> (cherry picked from commit 4d943d8fbf1253154897179b0e3ea2d93b898197)
Diffstat (limited to 'interface-definitions/vpn_ipsec.xml.in')
-rw-r--r--interface-definitions/vpn_ipsec.xml.in2
1 files changed, 2 insertions, 0 deletions
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in
index 9d1d5d824..44ca1c7a0 100644
--- a/interface-definitions/vpn_ipsec.xml.in
+++ b/interface-definitions/vpn_ipsec.xml.in
@@ -826,6 +826,7 @@
#include <include/ipsec/ike-group.xml.i>
#include <include/ipsec/local-address.xml.i>
#include <include/ipsec/local-traffic-selector.xml.i>
+ #include <include/ipsec/replay-window.xml.i>
<leafNode name="timeout">
<properties>
<help>Timeout to close connection if no data is transmitted</help>
@@ -1100,6 +1101,7 @@
</leafNode>
#include <include/ipsec/local-address.xml.i>
#include <include/ipsec/remote-address.xml.i>
+ #include <include/ipsec/replay-window.xml.i>
<tagNode name="tunnel">
<properties>
<help>Peer tunnel</help>
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 15:41:34 +0000