ipsec: Support Dead Peer Detection

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/functions/functions.ipsec b/src/functions/functions.ipsec
index db9e5f0d6b7041ecf94089e924062062db1168ae..1c05f571a119614d62514a7a08580c68bd477a76 100644 (file)
--- a/src/functions/functions.ipsec
+++ b/src/functions/functions.ipsec
@@ -810,7 +810,19 @@ _ipsec_connection_to_strongswan_connection() {
        print_indent 2 "proposals = $(vpn_security_policies_make_ah_proposal ${SECURITY_POLICY})"
        print
 
-       # XXX DPD Settings
+       # DPD Settings
+       if isset DPD_DELAY && isinteger DPD_DELAY && [ ${DPD_DELAY} -gt 0 ]; then
+               print_indent 2 "# Dead Peer Detection"
+
+               print_indent 2 "dpd_action = ${DPD_ACTION}"
+               print_indent 2 "dpd_delay = ${DPD_DELAY}"
+
+               if isset DPD_TIMEOUT; then
+                       print_indent 2 "dpd_timeout = ${DPD_TIMEOUT}"
+               fi
+
+               print
+       fi
 
        # Fragmentation
        print_indent 2 "# Fragmentation"