IPsec and uniqueid

Started by christian.roeser, October 05, 2020, 06:04:46 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 05, 2020, 06:04:46 PM
Hello,

I have the requirement that my users want to establish IkeV2/IPsec VPNs from multiple devices. In the default configuration the last established connection replaces the already existing connection, so I have to change in the ipsec.conf the value uniqueids from "yes" to "never. There is no option for this in the GUI,  so it is only possible via a manual configuration file in the ipsec.opensense.d directory.

What would this file look like to overwrite only this one option? Currently I have a copy of the ipsec.conf in this directory.

With
Code Select
uniqueids = yes
or
Code Select
config setup   
uniqueids = yes

the service will not start anymore.

Kind regards
Christian
October 06, 2020, 01:17:29 PM #1
Hi,

since version 19.1.7 include files are supported. Have a look on the CLI at /usr/local/etc/ipsec.conf at the last line.

You should be able to add
Code Select

config setup
  uniqueids = yes

into a include file. See also https://github.com/opnsense/core/issues/3300 .

Best regards
Rainer
Print
Go Up Pages1
User actions