summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormkorobeinikov <92354771+mkorobeinikov@users.noreply.github.com>2022-02-23 10:49:37 +1000
committerGitHub <noreply@github.com>2022-02-23 10:49:37 +1000
commitea485aede16c5f8830a7e74449f5be566de9c79b (patch)
treee3e07ac3d7f2a45196f09b82ae52a1c67ab7b0e8
parent5d3bffe651678e9fcbf2dad90cea7e66a110ce53 (diff)
downloadvyos-documentation-ea485aede16c5f8830a7e74449f5be566de9c79b.tar.gz
vyos-documentation-ea485aede16c5f8830a7e74449f5be566de9c79b.zip
Add cisco_flexvpn and install_virtualip_on options
Ability to set Cisco FlexVPN vendor ID payload: charon.cisco_flexvpn = yes charon.install_virtual_ip_on = tunX swanctl.connections.<conn>.vips = x.x.x.x, z.z.z.z
-rw-r--r--docs/configuration/vpn/ipsec.rst13
1 files changed, 13 insertions, 0 deletions
diff --git a/docs/configuration/vpn/ipsec.rst b/docs/configuration/vpn/ipsec.rst
index e079474f..7ccdb845 100644
--- a/docs/configuration/vpn/ipsec.rst
+++ b/docs/configuration/vpn/ipsec.rst
@@ -162,7 +162,20 @@ VyOS ESP group has the next options:
* ``encryption`` encryption algorithm (default 128 bit AES-CBC);
* ``hash`` hash algorithm (default sha1).
+
+***********************************************
+Options (Global IPsec settings) Attributes
+***********************************************
+* ``options`` IPsec settings:
+ * ``disable-route-autoinstall`` Do not automatically install routes to remote networks;
+
+ * ``flexvpn`` Allow FlexVPN vendor ID payload (IKEv2 only);
+
+ * ``interface`` Interface Name to use;
+
+ * ``virtual-ip`` Allow install virtual-ip addresses.
+
*************************
IPsec policy matching GRE
*************************