commit e797c95a1b614bfeabcfa06831e8b991ddf032fb
author Hyunsun Moon <hyunsun.moon@gmail.com> Mon Sep 27 11:43:21 2021 -0700
committer Hyunsun Moon <hyunsun.moon@gmail.com> Mon Sep 27 11:43:21 2021 -0700
tree 1930e1526d10cbad59d0959d6d32be6ebfaa5de4
parent 6a19e04653cee30f9b0db6d8b53d2a1956da5f22

AETHER-1588 Update the default IPSec config options

Change-Id: I155f638659a3edc2a3f64847ff50678f38a252ac

defaults/main.yml

diff --git a/defaults/main.yml b/defaults/main.yml
index 617ebf6..4f2458e 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -33,7 +33,8 @@
 
 # What operation should be done automatically at IPsec startup
 # Acceptable values are add, start, or route
-strongswan_conf_auto: "add"
+strongswan_conf_auto: "route"
+strongswan_conf_dpdaction: "clear"
 
 # Whether rekeying of an IKE_SA should also reauthenticate the peer
 strongswan_conf_reauth: "no"

templates/ipsec.conf.j2

diff --git a/templates/ipsec.conf.j2 b/templates/ipsec.conf.j2
index 3f191f9..6a1ad85 100644
--- a/templates/ipsec.conf.j2
+++ b/templates/ipsec.conf.j2
@@ -22,7 +22,7 @@
     auto={{ strongswan_conf_auto }}
     reauth={{ strongswan_conf_reauth }}
     type=tunnel
-    dpdaction=restart
+    dpdaction={{ strongswan_conf_dpdaction }}
 
 {% for conn in strongswan_conf_connections %}
 conn {{ conn.name }}