diff options
| author | Saurabh Mohan <saurabh.mohan@vyatta.com> | 2013-02-12 16:02:31 -0800 |
|---|---|---|
| committer | Saurabh Mohan <saurabh.mohan@vyatta.com> | 2013-02-12 16:02:31 -0800 |
| commit | be1d9edad43cdab5acc74e905fa271d260937eaa (patch) | |
| tree | d2aa62eab4b244496991590109794fcbac20ade7 /templates | |
| parent | b67ad48c58764d9e83b8dbc856ae408929374a5f (diff) | |
| download | vyatta-cfg-system-be1d9edad43cdab5acc74e905fa271d260937eaa.tar.gz vyatta-cfg-system-be1d9edad43cdab5acc74e905fa271d260937eaa.zip | |
mGRE bug fixes local-ip address changes and v6 check.
VYATTA-129: check for IPv6 addresses was moved to tunnel/node.def
VYATTA-128: added more stronger check to forbid any way of setting remote-ip
VYATTA-118: workaround added to update ipsec settings when tunnel local-ip is modified.
Diffstat (limited to 'templates')
| -rw-r--r-- | templates/interfaces/tunnel/node.def | 17 | ||||
| -rw-r--r-- | templates/interfaces/tunnel/node.tag/encapsulation/node.def | 19 | ||||
| -rw-r--r-- | templates/interfaces/tunnel/node.tag/local-ip/node.def | 7 |
3 files changed, 24 insertions, 19 deletions
diff --git a/templates/interfaces/tunnel/node.def b/templates/interfaces/tunnel/node.def index 7490f336..cc99c1f5 100644 --- a/templates/interfaces/tunnel/node.def +++ b/templates/interfaces/tunnel/node.def @@ -10,6 +10,23 @@ commit:expression: $VAR(./local-ip/) != "" ; \ "Must configure the tunnel local-ip for $VAR(@)" commit:expression: $VAR(./encapsulation/) != "" ; \ "Must configure the tunnel encapsulation for $VAR(@)" +commit:expression: +exec " + if [ $VAR(./encapsulation/@) == gre-multipoint ] && [ -n \"$VAR(./remote-ip/)\" ]; then \ + echo \"Remote-ip shouldn't be set for mGRE mode for $VAR(@)\"; \ + exit 1; \ + fi; \ + if [ $VAR(./encapsulation/@) != gre-multipoint ] && [ ! -n \"$VAR(./remote-ip/)\" ]; then \ + echo \"Must configure the tunnel remote-ip for $VAR(@)\"; \ + exit 1; \ + fi; + + exit 0" +commit:expression: (!(pattern $VAR(./local-ip/@) ".*:.*") && $VAR(./encapsulation/@) == "gre-multipoint") || \ + $VAR(./encapsulation/@) != "gre-multipoint"; "IPv6 local-ip ($VAR(./local-ip/@)) is forbidden for gre-multipoint encapsulation type." + +commit:expression: (!(pattern $VAR(./address/@@) ".*:.*") && $VAR(./encapsulation/@) == "gre-multipoint") || \ + $VAR(./encapsulation/@) != "gre-multipoint"; "IPv6 addresses ($VAR(./address/@@)) are forbidden for gre-multipoint encapsulation type." create: if [ "$VAR(./encapsulation/@)" == "gre-multipoint" ]; then diff --git a/templates/interfaces/tunnel/node.tag/encapsulation/node.def b/templates/interfaces/tunnel/node.tag/encapsulation/node.def index b858147c..54e4f950 100644 --- a/templates/interfaces/tunnel/node.tag/encapsulation/node.def +++ b/templates/interfaces/tunnel/node.tag/encapsulation/node.def @@ -5,25 +5,6 @@ syntax:expression: ((pattern $VAR(@) "^[-a-zA-Z0-9_]+$") && (exec "sudo /opt/vya allowed: sudo /opt/vyatta/sbin/vyatta-encapsulation -commit:expression: (!(pattern $VAR(../local-ip/@) ".*:.*") && $VAR(@) == "gre-multipoint") || \ - $VAR(@) != "gre-multipoint"; "IPv6 local-ip ($VAR(../local-ip/@)) is forbidden for gre-multipoint encapsulation type." - -commit:expression: (!(pattern $VAR(../address/@@) ".*:.*") && $VAR(@) == "gre-multipoint") || \ - $VAR(@) != "gre-multipoint"; "IPv6 addresses ($VAR(../address/@@)) are forbidden for gre-multipoint encapsulation type." - -commit:expression: -exec " - if [ $VAR(@) == gre-multipoint ] && [ -n \"$VAR(../remote-ip/)\" ]; then \ - echo \"Remote-ip shouldn't be set for mGRE mode for $VAR(../@)\"; \ - exit 1; \ - fi; \ - if [ $VAR(@) != gre-multipoint ] && [ ! -n \"$VAR(../remote-ip/)\" ]; then \ - echo \"Must configure the tunnel remote-ip for $VAR(../@)\"; \ - exit 1; \ - fi; - - exit 0" - create:expression: "true" update:expression: "false" ; \ "Encapsulation can only be set at tunnel creation for $VAR(../@)" diff --git a/templates/interfaces/tunnel/node.tag/local-ip/node.def b/templates/interfaces/tunnel/node.tag/local-ip/node.def index 4176fc31..c6a82a03 100644 --- a/templates/interfaces/tunnel/node.tag/local-ip/node.def +++ b/templates/interfaces/tunnel/node.tag/local-ip/node.def @@ -13,6 +13,13 @@ update:if ! /opt/vyatta/sbin/local_ip $VAR(@) ;; "gre" | "gre-multipoint" | "ipip" | "sit") sudo ip tunnel cha $VAR(../@) local $VAR(@) + if [ -e "/opt/vyatta/sbin/dmvpn-config.pl" ]; then + sudo /opt/vyatta/sbin/dmvpn-config.pl \ + --config_file='/etc/dmvpn.conf' \ + --secrets_file='/etc/dmvpn.secrets' \ + --init_script='/etc/init.d/ipsec' \ + --tunnel_context --tun_id=$VAR(../@) || exit 1 + fi ;; "ipip6" | "ip6ip6") if [ -n "$VAR(../parameters/ipv6/encaplimit/@)" ]; then |