Hello, I want to implement an IPSec tunnel via UCI but the official documentation
miss some options that I would like to configure in the /etc/config/ipsec file.
An example of missing options that i found are:
option mode ''
option type ''
Now, I would like to enable Dead Peer Detection and reading the /etc/init.d/ipsec script, the keywords are dpdaction and dpddelay, but can't find the corresponding uci option in /etc/config/ipsec.
I tried to add option dpdaction 'restart' in config remote but doesn't work.
How I can enable Dead Peer Detection in UCI?
Here my /etc/config/ipsec file:
config ipsec
option rtinstall_enabled '0'
option interface 'vlan1 lan'
option debug '0'
config remote 'tunnel'
option p1_proposal 'tunnel_ph1'
option enabled '1'
option authentication_method 'psk'
option pre_shared_key 'test12345'
list tunnel 'tunnel_c'
option local_identifier '10.110.1.2'
option remote_identifier '10.110.1.1'
option gateway '10.110.1.1'
config connection 'tunnel_c'
option p1_proposal 'tunnel_ph2'
option mode 'start'
option type 'tunnel'
list local_subnet '192.168.20.0/24'
list remote_subnet '10.1.2.0/24'
option keyexchange 'ikev2'
option forceencaps 'no'
option local_firewall 'yes'
option remote_firewall 'yes'
config proposal 'tunnel_ph1'
option enctryption_algorithm 'aes128'
option authentication_algorithm 'sha1'
option pfs_group 'modp2048'
config proposal 'tunnel_ph2'
option enctryption_algorithm 'aes128'
option authentication_algorithm 'sha1'
option pfs_group 'modp2048'