summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-02-03 17:21:57 +0100
committerGitHub <noreply@github.com>2024-02-03 17:21:57 +0100
commit630a242cecaefb576513ecdc4e944bfc63515982 (patch)
tree85fd5f4d862d247969b02043a7e0891e81364cf5 /interface-definitions
parent1d23d921deb07d4937bfd36f5c030008ee807cf4 (diff)
parent4d943d8fbf1253154897179b0e3ea2d93b898197 (diff)
downloadvyos-1x-630a242cecaefb576513ecdc4e944bfc63515982.tar.gz
vyos-1x-630a242cecaefb576513ecdc4e944bfc63515982.zip
Merge pull request #2932 from c-po/ipsec-T5998
ipsec: T5998: add replay-windows setting
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/include/ipsec/replay-window.xml.i19
-rw-r--r--interface-definitions/vpn_ipsec.xml.in2
2 files changed, 21 insertions, 0 deletions
diff --git a/interface-definitions/include/ipsec/replay-window.xml.i b/interface-definitions/include/ipsec/replay-window.xml.i
new file mode 100644
index 000000000..f35ed550a
--- /dev/null
+++ b/interface-definitions/include/ipsec/replay-window.xml.i
@@ -0,0 +1,19 @@
+<!-- include start from ipsec/replay-window.xml.i -->
+<leafNode name="replay-window">
+ <properties>
+ <help>IPsec replay window to configure for this CHILD_SA</help>
+ <valueHelp>
+ <format>u32:0</format>
+ <description>Disable IPsec replay protection</description>
+ </valueHelp>
+ <valueHelp>
+ <format>u32:1-2040</format>
+ <description>Replay window size in packets</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-2040"/>
+ </constraint>
+ </properties>
+ <defaultValue>32</defaultValue>
+ </leafNode>
+ <!-- include end -->
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in
index 9d1d5d824..44ca1c7a0 100644
--- a/interface-definitions/vpn_ipsec.xml.in
+++ b/interface-definitions/vpn_ipsec.xml.in
@@ -826,6 +826,7 @@
#include <include/ipsec/ike-group.xml.i>
#include <include/ipsec/local-address.xml.i>
#include <include/ipsec/local-traffic-selector.xml.i>
+ #include <include/ipsec/replay-window.xml.i>
<leafNode name="timeout">
<properties>
<help>Timeout to close connection if no data is transmitted</help>
@@ -1100,6 +1101,7 @@
</leafNode>
#include <include/ipsec/local-address.xml.i>
#include <include/ipsec/remote-address.xml.i>
+ #include <include/ipsec/replay-window.xml.i>
<tagNode name="tunnel">
<properties>
<help>Peer tunnel</help>