AETHER-3110 Make keyingtries configurable Change-Id: Ib18b7590b461126dd7e6bcde3c87336163dc913b

commit: 2c0a0e3d54533349984c3cb94bbaf2c1dcd48f38 [log] [tgz]
author: Hyunsun Moon <hyunsun@opennetworking.org> Tue Feb 08 20:08:16 2022 -0800
committer: Hyunsun Moon <hyunsun@opennetworking.org> Tue Feb 08 20:08:16 2022 -0800
tree: 667c403ad0f05e7bf3b4c7abbe8f59fff7fcd9ac
parent: e797c95a1b614bfeabcfa06831e8b991ddf032fb [diff]
diff --git a/defaults/main.yml b/defaults/main.yml
index 4f2458e..6ca42d9 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml

@@ -35,6 +35,7 @@
 # Acceptable values are add, start, or route
 strongswan_conf_auto: "route"
 strongswan_conf_dpdaction: "clear"
+strongswan_conf_keyingtries: "3"
 
 # Whether rekeying of an IKE_SA should also reauthenticate the peer
 strongswan_conf_reauth: "no"

diff --git a/templates/ipsec.conf.j2 b/templates/ipsec.conf.j2
index 6a1ad85..67f4e6c 100644
--- a/templates/ipsec.conf.j2
+++ b/templates/ipsec.conf.j2

@@ -13,7 +13,7 @@
     keylife={{ strongswan_conf_phase2_lifetime }}
     lifetime={{ strongswan_conf_phase2_lifetime }}
     rekeymargin=3m
-    keyingtries=3
+    keyingtries={{ strongswan_conf_keyingtries }}
     keyexchange={{ strongswan_conf_key_exchange }}
     mobike=no
     ike={{ strongswan_conf_ike_cipher }}
@@ -36,5 +36,7 @@
     right={{ conn.right }}
     rightsubnet={{ conn.right_subnets }}
     rightauth={{ strongswan_conf_auth_type }}
+{% if conn.vti is defined %}
     mark=%unique
+{% endif %}
 {% endfor %}
commit	2c0a0e3d54533349984c3cb94bbaf2c1dcd48f38	[log] [tgz]
author	Hyunsun Moon <hyunsun@opennetworking.org>	Tue Feb 08 20:08:16 2022 -0800
committer	Hyunsun Moon <hyunsun@opennetworking.org>	Tue Feb 08 20:08:16 2022 -0800
tree	667c403ad0f05e7bf3b4c7abbe8f59fff7fcd9ac
parent	e797c95a1b614bfeabcfa06831e8b991ddf032fb [diff]