From 947f8290ea7094dbd2c4e72df42f54e763c7ec62 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Wed, 4 Aug 2021 20:48:09 +0200 Subject: ipsec: T3718: fix default processing of ike dh-group proposals IKE dh-group defaults to 2 (modp1024). --- src/conf_mode/vpn_ipsec.py | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'src/conf_mode/vpn_ipsec.py') diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py index 11ff12e94..329d84528 100755 --- a/src/conf_mode/vpn_ipsec.py +++ b/src/conf_mode/vpn_ipsec.py @@ -102,9 +102,20 @@ def get_config(config=None): ipsec['esp_group'][group]) if 'ike_group' in ipsec: default_values = defaults(base + ['ike-group']) + # proposal is a tag node which may come with individual defaults per node + if 'proposal' in default_values: + del default_values['proposal'] + for group in ipsec['ike_group']: ipsec['ike_group'][group] = dict_merge(default_values, ipsec['ike_group'][group]) + + if 'proposal' in ipsec['ike_group'][group]: + default_values = defaults(base + ['ike-group', 'proposal']) + for proposal in ipsec['ike_group'][group]['proposal']: + ipsec['ike_group'][group]['proposal'][proposal] = dict_merge(default_values, + ipsec['ike_group'][group]['proposal'][proposal]) + if 'remote_access' in ipsec and 'connection' in ipsec['remote_access']: default_values = defaults(base + ['remote-access', 'connection']) for rw in ipsec['remote_access']['connection']: -- cgit v1.2.3