From 02043297db68d45b2ca398486cc119d1c103e68c Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 19 Jul 2021 19:04:13 +0200 Subject: ipsec: T1210: add "unique" option to specify how to handle multiple connections Connection uniqueness policy to enforce. To avoid multiple connections from the same user, a uniqueness policy can be enforced. * never: never enforce such a policy, even if a peer included INITIAL_CONTACT notification * keep: reject new connection attempts if the same user already has an active connection * replace: delete any existing connection if a new one for the same user gets established To compare connections for uniqueness, the remote IKE identity is used. If EAP or XAuth authentication is involved, the EAP-Identity or XAuth username is used to enforce the uniqueness policy instead. --- interface-definitions/vpn_ipsec.xml.in | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'interface-definitions') diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in index 5272b57cc..093a677e9 100644 --- a/interface-definitions/vpn_ipsec.xml.in +++ b/interface-definitions/vpn_ipsec.xml.in @@ -841,6 +841,29 @@ + + + Connection uniqueness policy to enforce + + never keep replace + + + never + Never enforce connection uniqueness policy + + + keep + Rejects new connection attempts if the same user already has an active connection + + + replace + Delete any existing connection if a new one for the same user gets established + + + ^(never|keep|replace)$ + + + -- cgit v1.2.3