summaryrefslogtreecommitdiff
path: root/interface-definitions/vpn_ipsec.xml.in
diff options
context:
space:
mode:
authorViacheslav <v.gletenko@vyos.io>2021-12-31 14:52:18 +0000
committerViacheslav <v.gletenko@vyos.io>2021-12-31 14:52:18 +0000
commit78494fe6de5372939e05dd65b01acd3e786b5602 (patch)
treea4a61d2145bfd5f94df3de6d8262ebac59ea4a01 /interface-definitions/vpn_ipsec.xml.in
parentb468930a61d46bd33b52768f4c6f8b6ea28eed91 (diff)
downloadvyos-1x-78494fe6de5372939e05dd65b01acd3e786b5602.tar.gz
vyos-1x-78494fe6de5372939e05dd65b01acd3e786b5602.zip
ipsec: T4126: Ability to set priorities for installed policy
Add priority for policy based IPSec VPN tunnels If 2 tunnels have the same pair of local and remote traffic selectors (prefixes) it allows to set more preforable install policy from required peer The lowest priority is more preforable
Diffstat (limited to 'interface-definitions/vpn_ipsec.xml.in')
-rw-r--r--interface-definitions/vpn_ipsec.xml.in12
1 files changed, 12 insertions, 0 deletions
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in
index 17ba83bae..0c2205410 100644
--- a/interface-definitions/vpn_ipsec.xml.in
+++ b/interface-definitions/vpn_ipsec.xml.in
@@ -1047,6 +1047,18 @@
#include <include/ipsec/esp-group.xml.i>
#include <include/ipsec/local-traffic-selector.xml.i>
#include <include/ip-protocol.xml.i>
+ <leafNode name="priority">
+ <properties>
+ <help>Priority for IPSec policy (lowest value more preferable)</help>
+ <valueHelp>
+ <format>u32:1-100</format>
+ <description>Priority for IPSec policy (lowest value more preferable)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-100"/>
+ </constraint>
+ </properties>
+ </leafNode>
<node name="remote">
<properties>
<help>Match remote addresses</help>
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 13:17:09 +0000