Dont insist on IKEv2

For some reason, using IKEv2 causes issues with tunnels that are on the same network going to different hosts. This commit leaves then the usage of IKEv2 only for opportunistic IPSEC configurations. Closes-Bug: #1743693 Change-Id: Ic1b1dfa86fd9fb328a197211b114cd39ee12da3f
2018-01-17 08:16:06 +00:00 · 2018-01-17 08:16:06 +00:00 · 0b10ce8e45
parent 3057b49c61
commit 0b10ce8e45
3 changed files with 0 additions and 4 deletions
--- a/templates/ipsec-node-to-node-private-or-clear.conf.j2
+++ b/templates/ipsec-node-to-node-private-or-clear.conf.j2
@ -14,7 +14,6 @@ conn overcloud-private-node-to-node-{{ network }}-ip-{{ loop.index0 }}
        rightid={{ other_ip }}
        right={{ other_ip }}
        failureshunt=passthrough
-        ikev2=insist
        auto=start
        retransmit-timeout=2s
        phase2alg={{ ipsec_algorithm }}
--- a/templates/ipsec-node-to-node-private.conf.j2
+++ b/templates/ipsec-node-to-node-private.conf.j2
@ -12,7 +12,6 @@ conn overcloud-private-node-to-node-{{ network }}-ip-{{ loop.index0 }}
        rightid={{ other_ip }}
        right={{ other_ip }}
        failureshunt=drop
-        ikev2=insist
        auto=start
        retransmit-timeout=2s
        phase2alg={{ ipsec_algorithm }}
--- a/templates/ipsec-vip-tunnels.conf.j2
+++ b/templates/ipsec-vip-tunnels.conf.j2
@ -13,7 +13,6 @@ conn overcloud-{{ current_vip.name }}-vip-tunnel
    dpdtimeout=15
    phase2alg={{ ipsec_algorithm }}
    failureshunt=drop
-    ikev2=insist

 {% endif %}

@ -29,4 +28,3 @@ conn overcloud-{{ current_vip.name }}-node-to-vip-tunnel
    dpdtimeout=15
    phase2alg={{ ipsec_algorithm }}
    failureshunt=drop
-    ikev2=insist