diff options
author | Christian Poessinger <christian@poessinger.com> | 2022-04-26 05:06:02 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-04-26 05:06:02 +0200 |
commit | 4633e5786b7710ba879f610c3371aaa868686d43 (patch) | |
tree | c7b104ffa126fe79f131c04dd2759fbcfafa043a /src/conf_mode | |
parent | a10bf3ba34f034f9fc60ea0070d8c4f3f60586e2 (diff) | |
parent | 408917a0e619286c1cc1e74bde6cd8f257d5aeb9 (diff) | |
download | vyos-1x-4633e5786b7710ba879f610c3371aaa868686d43.tar.gz vyos-1x-4633e5786b7710ba879f610c3371aaa868686d43.zip |
Merge pull request #1302 from sever-sever/T4398
vpn-ipsec: T4398: Fix unexpected passthrough policy for peer
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-x | src/conf_mode/vpn_ipsec.py | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py index 99b82ca2d..dc134fd1f 100755 --- a/src/conf_mode/vpn_ipsec.py +++ b/src/conf_mode/vpn_ipsec.py @@ -553,13 +553,15 @@ def generate(ipsec): if not local_prefixes or not remote_prefixes: continue - passthrough = [] + passthrough = None for local_prefix in local_prefixes: for remote_prefix in remote_prefixes: local_net = ipaddress.ip_network(local_prefix) remote_net = ipaddress.ip_network(remote_prefix) if local_net.overlaps(remote_net): + if passthrough is None: + passthrough = [] passthrough.append(local_prefix) ipsec['site_to_site']['peer'][peer]['tunnel'][tunnel]['passthrough'] = passthrough |