From 5e05bfe790035f7d53dede8d76bccb089a186864 Mon Sep 17 00:00:00 2001
From: Viacheslav <v.gletenko@vyos.io>
Date: Tue, 28 Dec 2021 11:45:37 +0000
Subject: ipsec: T4111: Fix for swanctl configuration IPV6 peers Peer name must
 not contain dots and colons, otherwise swanct can't generate correct
 configuration for swanctl.conf This is used in connection names and child SA
 names Add filter 'dot_colon_to_dash' which replace dots and colons

---
 data/templates/ipsec/swanctl.conf.tmpl | 2 +-
 data/templates/ipsec/swanctl/peer.tmpl | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'data')

diff --git a/data/templates/ipsec/swanctl.conf.tmpl b/data/templates/ipsec/swanctl.conf.tmpl
index 161f19f95..68b108365 100644
--- a/data/templates/ipsec/swanctl.conf.tmpl
+++ b/data/templates/ipsec/swanctl.conf.tmpl
@@ -57,7 +57,7 @@ secrets {
 {%  endif %}
 {%  if site_to_site is defined and site_to_site.peer is defined %}
 {%    for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not defined %}
-{%      set peer_name = peer.replace(".", "-").replace("@", "") %}
+{%      set peer_name = peer.replace("@", "") | dot_colon_to_dash %}
 {%      if peer_conf.authentication.mode == 'pre-shared-secret' %}
     ike_{{ peer_name }} {
 {%        if peer_conf.local_address is defined %}
diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl
index 8c3776bf1..1b221814e 100644
--- a/data/templates/ipsec/swanctl/peer.tmpl
+++ b/data/templates/ipsec/swanctl/peer.tmpl
@@ -1,5 +1,5 @@
 {% macro conn(peer, peer_conf, ike_group, esp_group) %}
-{%   set name = peer.replace(".", "-").replace("@", "") %}
+{%   set name = peer.replace("@", "") | dot_colon_to_dash %}
 {#   peer needs to reference the global IKE configuration for certain values #}
 {%   set ike = ike_group[peer_conf.ike_group] %}
     peer_{{ name }} {
-- 
cgit v1.2.3