summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
authorViacheslav <v.gletenko@vyos.io>2021-12-31 14:52:18 +0000
committerViacheslav <v.gletenko@vyos.io>2021-12-31 14:52:18 +0000
commit78494fe6de5372939e05dd65b01acd3e786b5602 (patch)
treea4a61d2145bfd5f94df3de6d8262ebac59ea4a01 /interface-definitions
parentb468930a61d46bd33b52768f4c6f8b6ea28eed91 (diff)
downloadvyos-1x-78494fe6de5372939e05dd65b01acd3e786b5602.tar.gz
vyos-1x-78494fe6de5372939e05dd65b01acd3e786b5602.zip
ipsec: T4126: Ability to set priorities for installed policy
Add priority for policy based IPSec VPN tunnels If 2 tunnels have the same pair of local and remote traffic selectors (prefixes) it allows to set more preforable install policy from required peer The lowest priority is more preforable
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/vpn_ipsec.xml.in12
1 files changed, 12 insertions, 0 deletions
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in
index 17ba83bae..0c2205410 100644
--- a/interface-definitions/vpn_ipsec.xml.in
+++ b/interface-definitions/vpn_ipsec.xml.in
@@ -1047,6 +1047,18 @@
#include <include/ipsec/esp-group.xml.i>
#include <include/ipsec/local-traffic-selector.xml.i>
#include <include/ip-protocol.xml.i>
+ <leafNode name="priority">
+ <properties>
+ <help>Priority for IPSec policy (lowest value more preferable)</help>
+ <valueHelp>
+ <format>u32:1-100</format>
+ <description>Priority for IPSec policy (lowest value more preferable)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-100"/>
+ </constraint>
+ </properties>
+ </leafNode>
<node name="remote">
<properties>
<help>Match remote addresses</help>