From 33474196061993909daf7754c7b44c1e57532017 Mon Sep 17 00:00:00 2001 From: "Alexandr K." Date: Thu, 28 May 2026 13:39:28 +0300 Subject: ipsec: T7555: Documentation of `ikev2-reauth` option for site-to-site peers (#2047) --- docs/configuration/vpn/ipsec/site2site_ipsec.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'docs') diff --git a/docs/configuration/vpn/ipsec/site2site_ipsec.md b/docs/configuration/vpn/ipsec/site2site_ipsec.md index d3b65ae1..989bf145 100644 --- a/docs/configuration/vpn/ipsec/site2site_ipsec.md +++ b/docs/configuration/vpn/ipsec/site2site_ipsec.md @@ -352,6 +352,24 @@ allows passing plain ESP packets between them. Name of IKE group to use for key exchanges. ``` +```{cfgcmd} set vpn ipsec site-to-site peer \ ikev2-reauth \ + +**Configure IKEv2 reauthentication behavior for the specified IPsec +site-to-site peer.** + +The following options are available: + +* ``yes``: The active IKE SA channel between the two peers is terminated and + re-established at each rekeying interval, explicitly re-verifying each + peer's identity. +* ``no`` (default): Reauthentication (identity re-verification) is disabled + for this peer. The active IKE SA channel is seamlessly renewed at each + rekeying interval without termination. +* ``inherit``: The peer inherits reauthentication behavior from the assigned + IKE group. Reauthentication is applied only if it is explicitly enabled in + that group's configuration. +``` + ```{cfgcmd} set vpn ipsec site-to-site peer \ local-address \ Local IP address for IPsec connection with this peer. -- cgit v1.2.3