First thank you very much for the constant improvements! I love that it gets better and better 👍🏽
I stumbled over 3 issue, if couldn't find a solution within 0.16.0 yet.
crypto ikev2 profile AWSTunnel1Profile
match fvrf AWS
match address local interface Loopback3999 <===== Its not possible to use a Loopback-Interface directly as local Interface
match identity remote address 172.27.255.72
authentication remote pre-share
authentication local pre-share
keyring local AWSTunnel1KeyRing
lifetime 28800 <===== Its not possible to set the lifetime
dpd 10 10 on-demand
!
crypto ipsec profile IPSecAWSTunnel1Profile
set security-association lifetime seconds 3600 <====== Its not possible yet to set this lifetime either
set transform-set AWSTunnel1
set ikev2-profile AWSTunnel1Profile
set pfs group20
Are there plans to implement this in the near future? My plan would be to use the AWS TF Output to Terraform my OnPremise Router with the least amount of manual input and preferably without any nasty workarounds, or Ansible, if possible ;)
Thank you so much for your help!
First thank you very much for the constant improvements! I love that it gets better and better 👍🏽
I stumbled over 3 issue, if couldn't find a solution within 0.16.0 yet.
crypto ikev2 profile AWSTunnel1Profile
match fvrf AWS
match address local interface Loopback3999 <===== Its not possible to use a Loopback-Interface directly as local Interface
match identity remote address 172.27.255.72
authentication remote pre-share
authentication local pre-share
keyring local AWSTunnel1KeyRing
lifetime 28800 <===== Its not possible to set the lifetime
dpd 10 10 on-demand
!
crypto ipsec profile IPSecAWSTunnel1Profile
set security-association lifetime seconds 3600 <====== Its not possible yet to set this lifetime either
set transform-set AWSTunnel1
set ikev2-profile AWSTunnel1Profile
set pfs group20
Are there plans to implement this in the near future? My plan would be to use the AWS TF Output to Terraform my OnPremise Router with the least amount of manual input and preferably without any nasty workarounds, or Ansible, if possible ;)
Thank you so much for your help!