ikev2: add option to disable NAT traversal

[vpp.git] / src / plugins / ikev2 / ikev2_cli.c

diff --git a/src/plugins/ikev2/ikev2_cli.c b/src/plugins/ikev2/ikev2_cli.c
index b0de940..72f82b4 100644 (file)
--- a/src/plugins/ikev2/ikev2_cli.c
+++ b/src/plugins/ikev2/ikev2_cli.c
@@ -510,6 +510,12 @@ ikev2_profile_add_del_command_fn (vlib_main_t * vm,
            r = clib_error_return (0, "Error: %U", format_vnet_api_errno, rv);
          goto done;
        }
+      else if (unformat (line_input, "set %U disable natt",
+                        unformat_ikev2_token, &name))
+       {
+         r = ikev2_profile_natt_disable (name);
+         goto done;
+       }
       else
        break;
     }
@@ -541,7 +547,8 @@ VLIB_CLI_COMMAND (ikev2_profile_add_del_command, static) = {
     "ikev2 profile set <id> ike-crypto-alg <crypto alg> <key size> ike-integ-alg <integ alg> ike-dh <dh type>\n"
     "ikev2 profile set <id> esp-crypto-alg <crypto alg> <key size> "
       "[esp-integ-alg <integ alg>]\n"
-    "ikev2 profile set <id> sa-lifetime <seconds> <jitter> <handover> <max bytes>",
+    "ikev2 profile set <id> sa-lifetime <seconds> <jitter> <handover> <max bytes>"
+    "ikev2 profile set <id> disable natt\n",
     .function = ikev2_profile_add_del_command_fn,
 };
 /* *INDENT-ON* */
@@ -626,6 +633,9 @@ show_ikev2_profile_command_fn (vlib_main_t * vm,
     if (p->udp_encap)
       vlib_cli_output(vm, "  udp-encap");
 
+    if (p->natt_disabled)
+      vlib_cli_output(vm, "  NAT-T disabled");
+
     if (p->ipsec_over_udp_port != IPSEC_UDP_PORT_NONE)
       vlib_cli_output(vm, "  ipsec-over-udp port %d", p->ipsec_over_udp_port);