From 3e85333ae7c53fc8b2ceae1d1788e795fd92c939 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Wed, 15 Sep 2021 19:14:37 +0200
Subject: ipsec: T3830: "authentication id|use-x509-id" are mutually exclusive

Manually set peer id and use-x509-id are mutually exclusive!
---
 src/conf_mode/vpn_ipsec.py | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/conf_mode')

diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py
index ff6090e22..99b82ca2d 100755
--- a/src/conf_mode/vpn_ipsec.py
+++ b/src/conf_mode/vpn_ipsec.py
@@ -362,6 +362,9 @@ def verify(ipsec):
             if 'authentication' not in peer_conf or 'mode' not in peer_conf['authentication']:
                 raise ConfigError(f"Missing authentication on site-to-site peer {peer}")
 
+            if {'id', 'use_x509_id'} <= set(peer_conf['authentication']):
+                raise ConfigError(f"Manually set peer id and use-x509-id are mutually exclusive!")
+
             if peer_conf['authentication']['mode'] == 'x509':
                 if 'x509' not in peer_conf['authentication']:
                     raise ConfigError(f"Missing x509 settings on site-to-site peer {peer}")
-- 
cgit v1.2.3