trap|start

docs/source/modules/ipsec.rst

@@ -87,7 +87,7 @@ ansibleguy.opnsense.ipsec_child
     "local_net","list","true","\-","local_traffic_selectors, local_cidr, local_ts, local","List of local traffic selectors to include in CHILD_SA. Each selector is a CIDR subnet definition"
     "remote_net","list","true","\-","remote_traffic_selectors, remote_cidr, remote_ts, remote","List of remote traffic selectors to include in CHILD_SA. Each selector is a CIDR subnet definition"
     "sha256_96","boolean","false","false","sha256","HMAC-SHA-256 is used with 128-bit truncation with IPsec. For compatibility with implementations that incorrectly use 96-bit truncation this option may be enabled to configure the shorter truncation length in the kernel. This is not negotiated, so this only works with peers that use the incorrect truncation length (or have this option enabled)"
-    "start_action","string","false","start","start","One of: 'none', 'trap+start', 'route', 'start', 'trap'; Action to perform after loading the configuration. The default of none loads the connection only, which then can be manually initiated or used as a responder configuration. The value trap installs a trap policy which triggers the tunnel as soon as matching traffic has been detected. The value start initiates the connection actively. To immediately initiate a connection for which trap policies have been installed, user Trap+start"
+    "start_action","string","false","start","start","One of: 'none', 'trap|start', 'route', 'start', 'trap'; Action to perform after loading the configuration. The default of none loads the connection only, which then can be manually initiated or used as a responder configuration. The value trap installs a trap policy which triggers the tunnel as soon as matching traffic has been detected. The value start initiates the connection actively. To immediately initiate a connection for which trap policies have been installed, user Trap|start"
     "close_action","string","false","none","close","One of: 'none', 'trap', 'start'; Action to perform after a CHILD_SA gets closed by the peer. The default of none does not take any action. trap installs a trap policy for the CHILD_SA (note that this is redundant if start_action includes trap). start tries to immediately re-create the CHILD_SA. close_action does not provide any guarantee that the CHILD_SA is kept alive. It acts on explicit close messages only but not on negotiation failures. Use trap policies to reliably re-create failed CHILD_SAs"
     "dpd_action","string","false","clear","dpd","One of: 'clear', 'trap', 'start'; Action to perform for this CHILD_SA on DPD timeout. The default clear closes the CHILD_SA and does not take further action. trap installs a trap policy, which will catch matching traffic and tries to re-negotiate the tunnel on-demand (note that this is redundant if start_action includes trap. restart immediately tries to re-negotiate the CHILD_SA under a fresh IKE_SA"
     "policies","boolean","false","true","pols","Whether to install IPsec policies or not. Disabling this can be useful in some scenarios e.g. VTI where policies are not managed by the IKE daemon"

plugins/modules/ipsec_child.py

@@ -62,7 +62,7 @@ def run_module():
         ),
         start_action=dict(
             type='str', required=False, aliases=['start'], default='start',
-            choices=['none', 'trap+start', 'route', 'start', 'trap'],
+            choices=['none', 'trap|start', 'route', 'start', 'trap'],
             description='Action to perform after loading the configuration. The default of none loads the connection '
                         'only, which then can be manually initiated or used as a responder configuration. The value '
                         'trap installs a trap policy which triggers the tunnel as soon as matching traffic has been '