summaryrefslogtreecommitdiff
path: root/src/conf_mode/ipsec-settings.py
diff options
context:
space:
mode:
authorDaniil Baturin <daniil@vyos.io>2021-07-24 05:44:51 -0500
committerDaniil Baturin <daniil@vyos.io>2021-07-24 05:44:51 -0500
commitd7ec4e8b33078d0536a8b5da8422234cb7522e4f (patch)
tree1803a8d51b80ff49d4bf99bac72849891012afc1 /src/conf_mode/ipsec-settings.py
parent483e0b3327918719fb38dbdd9b6fb755aecce2eb (diff)
downloadvyos-1x-d7ec4e8b33078d0536a8b5da8422234cb7522e4f.tar.gz
vyos-1x-d7ec4e8b33078d0536a8b5da8422234cb7522e4f.zip
T3697: hopefully complete fix for checking whether IPsec should start.
Diffstat (limited to 'src/conf_mode/ipsec-settings.py')
-rwxr-xr-xsrc/conf_mode/ipsec-settings.py12
1 files changed, 9 insertions, 3 deletions
diff --git a/src/conf_mode/ipsec-settings.py b/src/conf_mode/ipsec-settings.py
index ce313d9a0..fcc19062d 100755
--- a/src/conf_mode/ipsec-settings.py
+++ b/src/conf_mode/ipsec-settings.py
@@ -49,9 +49,9 @@ def get_config(config=None):
# IPsec isn't configured enough to warrant starting StrongSWAN for it,
# it's just some incomplete or leftover options.
- if config.exists("vpn ipsec site-to-site peer") or \
- config.exists("vpn ipsec profile") or \
- config.exists("vpn l2tp remote-access ipsec-settings"):
+ if config.exists_effective("vpn ipsec site-to-site peer") or \
+ config.exists_effective("vpn ipsec profile") or \
+ config.exists_effective("vpn l2tp remote-access ipsec-settings"):
return {}
data = {"install_routes": "yes"}
@@ -148,6 +148,9 @@ def check_cert_file_store(cert_name, file_path, dts_path):
raise ConfigError("L2TP VPN configuration error: Cannot copy "+file_path)
def verify(data):
+ if not data:
+ return
+
# l2tp ipsec check
if data["ipsec_l2tp"]:
# Checking dependecies for "authentication mode pre-shared-secret"
@@ -178,6 +181,9 @@ def verify(data):
raise ConfigError("L2TP VPN configuration error: \"vpn ipsec ipsec-interfaces\" must be specified.")
def generate(data):
+ if not data:
+ return
+
render(charon_conf_file, 'ipsec/charon.tmpl', data)
if data["ipsec_l2tp"]: