lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-13 08:09:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

ipsec: settings: Add make_before_break option (#7855)

Browse Source
This commit is contained in:
Monviech 2024-09-26 11:35:22 +02:00 committed by GitHub
parent de8210ba12
commit db0232d643
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/opnsense/mvc/app/controllers/OPNsense/IPsec/forms/settings.xml
View File

@ -78,6 +78,12 @@
<type>text</type>
<help>Limit new connections based on the current number of half open IKE_SAs.</help>
</field>
<field>
<id>ipsec.charon.make_before_break</id>
<label>Make Before Break</label>
<type>checkbox</type>
<help>Initiate IKEv2 reauthentication with a make-before-break instead of a break-before-make scheme. Make-before-break uses overlapping IKE and CHILD SA during reauthentication by first recreating all new SAs before deleting the old ones. This behavior can be beneficial to avoid connectivity gaps during reauthentication, but requires support for overlapping SAs by the peer.</help>
</field>
<field>
<type>header</type>
<label>Retransmission</label>

1
src/opnsense/mvc/app/models/OPNsense/IPsec/IPsec.xml
View File

@ -55,6 +55,7 @@
<Default>1</Default>
<Required>Y</Required>
</ignore_acquire_ts>
<make_before_break type="BooleanField"/>
<retransmit_tries type="IntegerField"/>
<retransmit_timeout type="NumericField"/>
<retransmit_base type="NumericField"/>