From 22c3dcbb01d731f0dab0ffefa2e5a0be7009baf1 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Mon, 31 Oct 2022 15:09:58 +0100
Subject: ipsec: T4787: add support for road-warrior/remote-access RADIUS
 timeout

This enabled users to also use 2FA/MFA authentication with a radius backend as
there is enough time to enter the second factor.
---
 data/templates/ipsec/charon/eap-radius.conf.j2 | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'data/templates')

diff --git a/data/templates/ipsec/charon/eap-radius.conf.j2 b/data/templates/ipsec/charon/eap-radius.conf.j2
index 8495011fe..364377473 100644
--- a/data/templates/ipsec/charon/eap-radius.conf.j2
+++ b/data/templates/ipsec/charon/eap-radius.conf.j2
@@ -49,8 +49,10 @@ eap-radius {
     # Base to use for calculating exponential back off.
     # retransmit_base = 1.4
 
+{% if remote_access.radius.timeout is vyos_defined %}
     # Timeout in seconds before sending first retransmit.
-    # retransmit_timeout = 2.0
+    retransmit_timeout = {{ remote_access.radius.timeout | float }}
+{% endif %}
 
     # Number of times to retransmit a packet before giving up.
     # retransmit_tries = 4
-- 
cgit v1.2.3