From d7ec4e8b33078d0536a8b5da8422234cb7522e4f Mon Sep 17 00:00:00 2001
From: Daniil Baturin <daniil@vyos.io>
Date: Sat, 24 Jul 2021 05:44:51 -0500
Subject: T3697: hopefully complete fix for checking whether IPsec should
 start.

---
 src/conf_mode/ipsec-settings.py | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

(limited to 'src/conf_mode')

diff --git a/src/conf_mode/ipsec-settings.py b/src/conf_mode/ipsec-settings.py
index ce313d9a0..fcc19062d 100755
--- a/src/conf_mode/ipsec-settings.py
+++ b/src/conf_mode/ipsec-settings.py
@@ -49,9 +49,9 @@ def get_config(config=None):
 
     # IPsec isn't configured enough to warrant starting StrongSWAN for it,
     # it's just some incomplete or leftover options.
-    if config.exists("vpn ipsec site-to-site peer") or \
-       config.exists("vpn ipsec profile") or \
-       config.exists("vpn l2tp remote-access ipsec-settings"):
+    if config.exists_effective("vpn ipsec site-to-site peer") or \
+       config.exists_effective("vpn ipsec profile") or \
+       config.exists_effective("vpn l2tp remote-access ipsec-settings"):
         return {}
 
     data = {"install_routes": "yes"}
@@ -148,6 +148,9 @@ def check_cert_file_store(cert_name, file_path, dts_path):
          raise ConfigError("L2TP VPN configuration error: Cannot copy "+file_path)
 
 def verify(data):
+    if not data:
+        return
+
     # l2tp ipsec check
     if data["ipsec_l2tp"]:
         # Checking dependecies for "authentication mode pre-shared-secret"
@@ -178,6 +181,9 @@ def verify(data):
            raise ConfigError("L2TP VPN configuration error: \"vpn ipsec ipsec-interfaces\" must be specified.")
 
 def generate(data):
+    if not data:
+        return
+
     render(charon_conf_file, 'ipsec/charon.tmpl', data)
 
     if data["ipsec_l2tp"]:
-- 
cgit v1.2.3