diff options
| author | Daniil Baturin <daniil@vyos.io> | 2021-07-24 05:44:51 -0500 |
|---|---|---|
| committer | Daniil Baturin <daniil@vyos.io> | 2021-07-24 05:44:51 -0500 |
| commit | d7ec4e8b33078d0536a8b5da8422234cb7522e4f (patch) | |
| tree | 1803a8d51b80ff49d4bf99bac72849891012afc1 | |
| parent | 483e0b3327918719fb38dbdd9b6fb755aecce2eb (diff) | |
| download | vyos-1x-d7ec4e8b33078d0536a8b5da8422234cb7522e4f.tar.gz vyos-1x-d7ec4e8b33078d0536a8b5da8422234cb7522e4f.zip | |
T3697: hopefully complete fix for checking whether IPsec should start.
| -rwxr-xr-x | src/conf_mode/ipsec-settings.py | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/src/conf_mode/ipsec-settings.py b/src/conf_mode/ipsec-settings.py index ce313d9a0..fcc19062d 100755 --- a/src/conf_mode/ipsec-settings.py +++ b/src/conf_mode/ipsec-settings.py @@ -49,9 +49,9 @@ def get_config(config=None): # IPsec isn't configured enough to warrant starting StrongSWAN for it, # it's just some incomplete or leftover options. - if config.exists("vpn ipsec site-to-site peer") or \ - config.exists("vpn ipsec profile") or \ - config.exists("vpn l2tp remote-access ipsec-settings"): + if config.exists_effective("vpn ipsec site-to-site peer") or \ + config.exists_effective("vpn ipsec profile") or \ + config.exists_effective("vpn l2tp remote-access ipsec-settings"): return {} data = {"install_routes": "yes"} @@ -148,6 +148,9 @@ def check_cert_file_store(cert_name, file_path, dts_path): raise ConfigError("L2TP VPN configuration error: Cannot copy "+file_path) def verify(data): + if not data: + return + # l2tp ipsec check if data["ipsec_l2tp"]: # Checking dependecies for "authentication mode pre-shared-secret" @@ -178,6 +181,9 @@ def verify(data): raise ConfigError("L2TP VPN configuration error: \"vpn ipsec ipsec-interfaces\" must be specified.") def generate(data): + if not data: + return + render(charon_conf_file, 'ipsec/charon.tmpl', data) if data["ipsec_l2tp"]: |