diff options
| -rw-r--r-- | interface-definitions/vpn_ipsec.xml.in | 1 | ||||
| -rw-r--r-- | interface-definitions/vpn_pptp.xml.in | 1 | ||||
| -rw-r--r-- | interface-definitions/vpn_rsa-keys.xml.in | 1 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces-vti.py | 15 | ||||
| -rwxr-xr-x | src/conf_mode/vpn_ipsec.py | 4 |
5 files changed, 17 insertions, 5 deletions
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in index 5bf0ef9ba..6b20bc20a 100644 --- a/interface-definitions/vpn_ipsec.xml.in +++ b/interface-definitions/vpn_ipsec.xml.in @@ -3,7 +3,6 @@ <node name="vpn"> <properties> <help>Virtual Private Network (VPN)</help> - <priority>900</priority> </properties> <children> <node name="ipsec" owner="${vyos_conf_scripts_dir}/vpn_ipsec.py"> diff --git a/interface-definitions/vpn_pptp.xml.in b/interface-definitions/vpn_pptp.xml.in index 91c8cd76f..dab317f68 100644 --- a/interface-definitions/vpn_pptp.xml.in +++ b/interface-definitions/vpn_pptp.xml.in @@ -5,6 +5,7 @@ <node name="pptp" owner="${vyos_conf_scripts_dir}/vpn_pptp.py"> <properties> <help>Point to Point Tunneling Protocol (PPTP) Virtual Private Network (VPN)</help> + <priority>901</priority> </properties> <children> <node name="remote-access"> diff --git a/interface-definitions/vpn_rsa-keys.xml.in b/interface-definitions/vpn_rsa-keys.xml.in index f65ae4b5a..2d8e97f4f 100644 --- a/interface-definitions/vpn_rsa-keys.xml.in +++ b/interface-definitions/vpn_rsa-keys.xml.in @@ -5,6 +5,7 @@ <node name="rsa-keys" owner="${vyos_conf_scripts_dir}/vpn_rsa-keys.py"> <properties> <help>RSA keys</help> + <priority>900</priority> </properties> <children> <node name="local-key"> diff --git a/src/conf_mode/interfaces-vti.py b/src/conf_mode/interfaces-vti.py index 09fd8f5f9..6ff23ae59 100755 --- a/src/conf_mode/interfaces-vti.py +++ b/src/conf_mode/interfaces-vti.py @@ -40,11 +40,11 @@ def get_config(config=None): # VTI is more then an interface - we retrieve the "real" configuration from # the IPsec peer configuration which binds this VTI conf.set_level([]) - tmp = conf.get_config_dict(['vpn', 'ipsec', 'site-to-site', 'peer'], + vti['ipsec'] = conf.get_config_dict(['vpn', 'ipsec', 'site-to-site', 'peer'], key_mangling=('-', '_'), get_first_key=True, no_tag_node_value_mangle=True) - for peer, peer_config in tmp.items(): + for peer, peer_config in vti['ipsec'].items(): if dict_search('vti.bind', peer_config) == vti['ifname']: vti['remote'] = peer if 'local_address' in peer_config: @@ -59,6 +59,17 @@ def verify(vti): if 'deleted' in vti: return None + ifname = vti['ifname'] + found = False + for peer, peer_config in vti['ipsec'].items(): + if dict_search('vti.bind', peer_config) == ifname: + found = True + # we can now stop processing the for loop + break + if not found: + tmp = vti['ifname'] + raise ConfigError(f'Interface "{ifname}" not referenced in any VPN configuration!') + return None def generate(vti): diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py index eedb9098c..4efedd995 100755 --- a/src/conf_mode/vpn_ipsec.py +++ b/src/conf_mode/vpn_ipsec.py @@ -321,8 +321,8 @@ def generate(ipsec): data['marks'][vti_interface] = get_mark(vti_interface) else: for tunnel, tunnel_conf in peer_conf['tunnel'].items(): - local_prefix = dict_search('local.prefix', tunnel_conf['local']['prefix']) - remote_prefix = dict_search('remote.prefix', tunnel_conf['remote']['prefix']) + local_prefix = dict_search('local.prefix', tunnel_conf) + remote_prefix = dict_search('remote.prefix', tunnel_conf) if not local_prefix or not remote_prefix: continue |