IPsec: Allow to create on-demand connections

This will create IPsec VPN connections with auto=route set instead of auto=start which will cause the connection being created, but not brought up yet. As soon as the first packet is received, the connection will be established and data will be passed through it. This allows IPFire to handle more VPN connections on weaker systems and avoids negotiating many connections which are rarely used. Suggested-by: Tom Rymes <tomvend@rymes.com> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Fixes: #10733
2026-04-27 19:23:24 +02:00 · 2017-02-15 10:11:58 +00:00
parent ef784313d1
commit dcb406cc67
11 changed files with 70 additions and 12 deletions
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -2663,6 +2663,9 @@
 'vpn payload compression' => 'Negotiate payload compression',
 'vpn red name' => 'Public IP or FQDN for RED interface or <%defaultroute>',
 'vpn remote id' => 'Remote ID',
+'vpn start action' => 'Start Action',
+'vpn start action route' => 'On Demand',
+'vpn start action start' => 'Always On',
 'vpn statistic n2n' => 'OpenVPN Net-to-Net Statistics',
 'vpn statistic rw' => 'OpenVPN Roadwarrior Statistics',
 'vpn subjectaltname' => 'Subject Alt Name',