summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-04-26 05:06:02 +0200
committerGitHub <noreply@github.com>2022-04-26 05:06:02 +0200
commit4633e5786b7710ba879f610c3371aaa868686d43 (patch)
treec7b104ffa126fe79f131c04dd2759fbcfafa043a /src/conf_mode
parenta10bf3ba34f034f9fc60ea0070d8c4f3f60586e2 (diff)
parent408917a0e619286c1cc1e74bde6cd8f257d5aeb9 (diff)
downloadvyos-1x-4633e5786b7710ba879f610c3371aaa868686d43.tar.gz
vyos-1x-4633e5786b7710ba879f610c3371aaa868686d43.zip
Merge pull request #1302 from sever-sever/T4398
vpn-ipsec: T4398: Fix unexpected passthrough policy for peer
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/vpn_ipsec.py4
1 files changed, 3 insertions, 1 deletions
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py
index 99b82ca2d..dc134fd1f 100755
--- a/src/conf_mode/vpn_ipsec.py
+++ b/src/conf_mode/vpn_ipsec.py
@@ -553,13 +553,15 @@ def generate(ipsec):
if not local_prefixes or not remote_prefixes:
continue
- passthrough = []
+ passthrough = None
for local_prefix in local_prefixes:
for remote_prefix in remote_prefixes:
local_net = ipaddress.ip_network(local_prefix)
remote_net = ipaddress.ip_network(remote_prefix)
if local_net.overlaps(remote_net):
+ if passthrough is None:
+ passthrough = []
passthrough.append(local_prefix)
ipsec['site_to_site']['peer'][peer]['tunnel'][tunnel]['passthrough'] = passthrough