Page MenuHomeVyOS Platform
Create Task
Maniphest T5998

replay_window setting under vpn in config
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

The replay_window for child SA will always be 32 (hence enabled), there should be a setting in configure mode to set it to 0 instead of manually changing swanctl.conf on vyos 1.4 or ipsec.conf on 1.3, or using a start-up script

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Behavior change
Issue type
Improvement (missing useful functionality)

Event Timeline

stoicopa created this task.Jan 29 2024, 6:31 AM
Viacheslav triaged this task as Normal priority.Jan 29 2024, 8:48 AM
Viacheslav added a project: VyOS 1.5 Circinus.
Viacheslav added a subscriber: Viacheslav.

@stoicopa Do you have any ideas for CLI?

stoicopa added a comment.Jan 29 2024, 9:23 AM
In T5998#174912, @Viacheslav wrote:

@stoicopa Do you have any ideas for CLI?

Probably under vpn ipsec site-to-site peer to have an option for replay_window enable or disable

c-po claimed this task.Jan 29 2024, 10:25 AM
pasik added a subscriber: pasik.Jan 29 2024, 8:21 PM
c-po added a comment.Feb 2 2024, 7:47 PM

PR https://github.com/vyos/vyos-1x/pull/2932

c-po moved this task from Need Triage to Finished on the VyOS 1.5 Circinus board.Feb 2 2024, 7:49 PM
c-po closed this task as Resolved.Feb 7 2024, 9:04 PM
c-po moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.