From 408917a0e619286c1cc1e74bde6cd8f257d5aeb9 Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Mon, 25 Apr 2022 20:59:45 +0000 Subject: vpn-ipsec: T4398: Fix unexpected passthrough policy for peer Set default passtrough list to None to prevent unexpected policy for peers with not overplapped local and remote prefixes --- data/templates/ipsec/swanctl/peer.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'data/templates/ipsec') diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl index b21dce9f0..61af85ed4 100644 --- a/data/templates/ipsec/swanctl/peer.tmpl +++ b/data/templates/ipsec/swanctl/peer.tmpl @@ -152,7 +152,7 @@ {% endif %} } {% if tunnel_conf.passthrough is vyos_defined %} - peer_{{ name }}_tunnel_{{ tunnel_id }}_passthough { + peer_{{ name }}_tunnel_{{ tunnel_id }}_passthrough { local_ts = {{ tunnel_conf.passthrough | join(",") }} remote_ts = {{ tunnel_conf.passthrough | join(",") }} start_action = trap -- cgit v1.2.3