Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: rename trap_start to trap|start #60

Merged
merged 3 commits into from
Mar 12, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/source/modules/ipsec.rst
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ ansibleguy.opnsense.ipsec_child
"local_net","list","true","\-","local_traffic_selectors, local_cidr, local_ts, local","List of local traffic selectors to include in CHILD_SA. Each selector is a CIDR subnet definition"
"remote_net","list","true","\-","remote_traffic_selectors, remote_cidr, remote_ts, remote","List of remote traffic selectors to include in CHILD_SA. Each selector is a CIDR subnet definition"
"sha256_96","boolean","false","false","sha256","HMAC-SHA-256 is used with 128-bit truncation with IPsec. For compatibility with implementations that incorrectly use 96-bit truncation this option may be enabled to configure the shorter truncation length in the kernel. This is not negotiated, so this only works with peers that use the incorrect truncation length (or have this option enabled)"
"start_action","string","false","start","start","One of: 'none', 'trap_start', 'route', 'start', 'trap'; Action to perform after loading the configuration. The default of none loads the connection only, which then can be manually initiated or used as a responder configuration. The value trap installs a trap policy which triggers the tunnel as soon as matching traffic has been detected. The value start initiates the connection actively. To immediately initiate a connection for which trap policies have been installed, user Trap+start"
"start_action","string","false","start","start","One of: 'none', 'trap|start', 'route', 'start', 'trap'; Action to perform after loading the configuration. The default of none loads the connection only, which then can be manually initiated or used as a responder configuration. The value trap installs a trap policy which triggers the tunnel as soon as matching traffic has been detected. The value start initiates the connection actively. To immediately initiate a connection for which trap policies have been installed, user Trap|start"
"close_action","string","false","none","close","One of: 'none', 'trap', 'start'; Action to perform after a CHILD_SA gets closed by the peer. The default of none does not take any action. trap installs a trap policy for the CHILD_SA (note that this is redundant if start_action includes trap). start tries to immediately re-create the CHILD_SA. close_action does not provide any guarantee that the CHILD_SA is kept alive. It acts on explicit close messages only but not on negotiation failures. Use trap policies to reliably re-create failed CHILD_SAs"
"dpd_action","string","false","clear","dpd","One of: 'clear', 'trap', 'start'; Action to perform for this CHILD_SA on DPD timeout. The default clear closes the CHILD_SA and does not take further action. trap installs a trap policy, which will catch matching traffic and tries to re-negotiate the tunnel on-demand (note that this is redundant if start_action includes trap. restart immediately tries to re-negotiate the CHILD_SA under a fresh IKE_SA"
"policies","boolean","false","true","pols","Whether to install IPsec policies or not. Disabling this can be useful in some scenarios e.g. VTI where policies are not managed by the IKE daemon"
Expand Down
4 changes: 2 additions & 2 deletions plugins/modules/ipsec_child.py
Original file line number Diff line number Diff line change
Expand Up @@ -62,12 +62,12 @@ def run_module():
),
start_action=dict(
type='str', required=False, aliases=['start'], default='start',
choices=['none', 'trap_start', 'route', 'start', 'trap'],
choices=['none', 'trap|start', 'route', 'start', 'trap'],
description='Action to perform after loading the configuration. The default of none loads the connection '
'only, which then can be manually initiated or used as a responder configuration. The value '
'trap installs a trap policy which triggers the tunnel as soon as matching traffic has been '
'detected. The value start initiates the connection actively. To immediately initiate a '
'connection for which trap policies have been installed, user Trap+start',
'connection for which trap policies have been installed, user Trap|start',
),
close_action=dict(
type='str', required=False, aliases=['close'], default='none',
Expand Down
Loading