From ea485aede16c5f8830a7e74449f5be566de9c79b Mon Sep 17 00:00:00 2001
From: mkorobeinikov <92354771+mkorobeinikov@users.noreply.github.com>
Date: Wed, 23 Feb 2022 10:49:37 +1000
Subject: Add cisco_flexvpn and install_virtualip_on options

Ability to set Cisco FlexVPN vendor ID payload:
charon.cisco_flexvpn = yes
charon.install_virtual_ip_on = tunX
swanctl.connections.<conn>.vips = x.x.x.x, z.z.z.z
---
 docs/configuration/vpn/ipsec.rst | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'docs/configuration/vpn')

diff --git a/docs/configuration/vpn/ipsec.rst b/docs/configuration/vpn/ipsec.rst
index e079474f..7ccdb845 100644
--- a/docs/configuration/vpn/ipsec.rst
+++ b/docs/configuration/vpn/ipsec.rst
@@ -162,7 +162,20 @@ VyOS ESP group has the next options:
  * ``encryption`` encryption algorithm (default 128 bit AES-CBC);
 
  * ``hash`` hash algorithm (default sha1).
+ 
+***********************************************
+Options (Global IPsec settings) Attributes
+*********************************************** 
+* ``options`` IPsec settings:
 
+ * ``disable-route-autoinstall`` Do not automatically install routes to remote networks;
+ 
+ * ``flexvpn`` Allow FlexVPN vendor ID payload (IKEv2 only);
+ 
+ * ``interface`` Interface Name to use;
+ 
+ * ``virtual-ip`` Allow install virtual-ip addresses.
+ 
 *************************
 IPsec policy matching GRE
 *************************
-- 
cgit v1.2.3