Support close_action option for IPsec tunnelsΒ #1460
Description
Description
In NethSecurity 8, the close_action parameter of IPsec tunnels is currently set to none by default and cannot be managed persistently.
In some scenarios, this behavior prevents the tunnel from being correctly re-established when the remote peer explicitly closes the connection.
It is possible to manually change the value using uci, for example:
uci set ipsec.ns_6496322c_tunnel_1.closeaction='start'
or
uci set ipsec.ns_6496322c_tunnel_1.closeaction='trap'
However, any subsequent modification of the tunnel configuration from the UI causes this value to be lost and reset to the default.
Why
For several site-to-site VPN scenarios, especially when there are multiple SA and the remote peer actively closes the tunnel, the close_action parameter is required to ensure automatic re-establishment.
are
When close_action is set to none, the tunnel may remain down after a remote-initiated close, reducing availability and requiring manual intervention.
Proposed solution
Add support for the close_action parameter in the IPsec tunnel configuration so that values set via uci are preserved across configuration changes.
Supported values should include:
nonestarttrap
Future improvement
Expose the close_action parameter in the UI to allow configuration without using uci. This parameter is important in many real-world deployments to ensure tunnel availability.
Components
NethSecurity 8.7.1