3 files changed, 12 insertions, 2 deletions
diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl
index f4e28d818..673dc3375 100644
--- a/data/templates/ipsec/swanctl/peer.tmpl
+++ b/data/templates/ipsec/swanctl/peer.tmpl
@@ -77,6 +77,8 @@
                 start_action = start
 {%     elif peer_conf.connection_type == 'respond' %}
                 start_action = trap
+{%     elif peer_conf.connection_type == 'none' %}
+                start_action = none
 {%     endif %}
 {%     if ike.dead_peer_detection is defined %}
 {%       set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'start'} %}
@@ -119,6 +121,8 @@
                 start_action = start
 {%       elif peer_conf.connection_type == 'respond' %}
                 start_action = trap
+{%       elif peer_conf.connection_type == 'none' %}
+                start_action = none
 {%       endif %}
 {%       if ike.dead_peer_detection is defined %}
 {%         set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'start'} %}
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in
index f7297a6e2..7b5074112 100644
--- a/interface-definitions/vpn_ipsec.xml.in
+++ b/interface-definitions/vpn_ipsec.xml.in
@@ -978,7 +978,7 @@
                     <properties>
                       <help>Connection type</help>
                       <completionHelp>
-                        <list>initiate respond</list>
+                        <list>initiate respond none</list>
                       </completionHelp>
                       <valueHelp>
                         <format>initiate</format>
@@ -988,8 +988,12 @@
                         <format>respond</format>
                         <description>Bring the connection up only if traffic is detected</description>
                       </valueHelp>
+                      <valueHelp>
+                        <format>none</format>
+                        <description>Load the connection only</description>
+                      </valueHelp>
                       <constraint>
-                        <regex>^(initiate|respond)$</regex>
+                        <regex>^(initiate|respond|none)$</regex>
                       </constraint>
                     </properties>
                   </leafNode>
diff --git a/smoketest/scripts/cli/test_vpn_ipsec.py b/smoketest/scripts/cli/test_vpn_ipsec.py
index 2c3e55a57..699d854bb 100755
--- a/smoketest/scripts/cli/test_vpn_ipsec.py
+++ b/smoketest/scripts/cli/test_vpn_ipsec.py
@@ -238,6 +238,7 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
         peer_base_path = base_path + ['site-to-site', 'peer', peer_ip]
         self.cli_set(peer_base_path + ['authentication', 'mode', 'pre-shared-secret'])
         self.cli_set(peer_base_path + ['authentication', 'pre-shared-secret', secret])
+        self.cli_set(peer_base_path + ['connection-type', 'none'])
         self.cli_set(peer_base_path + ['ike-group', ike_group])
         self.cli_set(peer_base_path + ['default-esp-group', esp_group])
         self.cli_set(peer_base_path + ['local-address', local_address])
@@ -266,6 +267,7 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
             f'mode = tunnel',
             f'local_ts = 172.16.10.0/24,172.16.11.0/24',
             f'remote_ts = 172.17.10.0/24,172.17.11.0/24',
+            f'start_action = none',
             f'if_id_in = {if_id}', # will be 11 for vti10 - shifted by one
             f'if_id_out = {if_id}',
             f'updown = "/etc/ipsec.d/vti-up-down {vti}"'