AETHER-1094 Update strongswan role - Update VTI up/down script - Make reauth option configurable - Make auto option configurable Change-Id: Ibeb65403387fe56445ce3f93f078418522ea60cf

commit: 6a19e04653cee30f9b0db6d8b53d2a1956da5f22 [log] [tgz]
author: Hyunsun Moon <hyunsun.moon@gmail.com> Tue Jan 19 21:30:56 2021 -0800
committer: Hyunsun Moon <hyunsun.moon@gmail.com> Tue Jan 19 22:38:43 2021 -0800
tree: 83e242d4917c8dfdd0b90138ff67bb1967dccf6b
parent: a5c3f64f254b26fafbab5465657851fb946ce159 [diff] [blame]
diff --git a/defaults/main.yml b/defaults/main.yml
index 5261e7a..617ebf6 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml

@@ -31,6 +31,13 @@
 # NOTE: only psk is supported
 strongswan_conf_auth_type: "psk"
 
+# What operation should be done automatically at IPsec startup
+# Acceptable values are add, start, or route
+strongswan_conf_auto: "add"
+
+# Whether rekeying of an IKE_SA should also reauthenticate the peer
+strongswan_conf_reauth: "no"
+
 # Handle routes in strongSwan or not
 # Set no if VPNs are route based
 strongswan_conf_install_routes: false
commit	6a19e04653cee30f9b0db6d8b53d2a1956da5f22	[log] [tgz]
author	Hyunsun Moon <hyunsun.moon@gmail.com>	Tue Jan 19 21:30:56 2021 -0800
committer	Hyunsun Moon <hyunsun.moon@gmail.com>	Tue Jan 19 22:38:43 2021 -0800
tree	83e242d4917c8dfdd0b90138ff67bb1967dccf6b
parent	a5c3f64f254b26fafbab5465657851fb946ce159 [diff] [blame]