starlingx/config
Code Issues Proposed changes

Merge "Add IPsec bypass policy for ICMP for IPv4"

Browse Source
This commit is contained in:
Zuul
2024-11-13 17:36:24 +00:00
committed by Gerrit Code Review
parent 5a823d4637 ecbd90a1c5
commit f791795327
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
sysinv/sysinv/sysinv/sysinv/ipsec_auth/client/config.py
View File

@@ -300,6 +300,19 @@ class StrongswanPuppet(object):
}, },
} }
swanctl.add_connection('ndp', conn) swanctl.add_connection('ndp', conn)
# Add bypass connection for ping for IPv4.
else:
conn = {
'children': {
'icmpv4-bypass': {
'mode': 'pass',
'start_action': 'trap',
'local_ts': '\"0.0.0.0/0[icmp]\"',
'remote_ts': '\"0.0.0.0/0[icmp]\"',
},
},
}
swanctl.add_connection('ping', conn)
config = { config = {
'platform::strongswan::params::swanctl': 'platform::strongswan::params::swanctl':