1 files changed, 37 insertions, 3 deletions

diff --git a/scripts/vyatta-vti-config.pl b/scripts/vyatta-vti-config.pl
index 81abf97..0886202 100755
--- a/scripts/vyatta-vti-config.pl
+++ b/scripts/vyatta-vti-config.pl
@@ -129,9 +129,12 @@ foreach my $peer (@peers) {
     my $change = 0;
 
     # Check local address is valid.
-    if (!defined($lip)) {
-        print STDERR "$vti_cfg_err local-address not defined.\n";
-        exit -1;
+    my $dhcp_iface = $vcVPN->returnValue("ipsec site-to-site peer $peer dhcp-interface");
+    if (defined($lip) && defined($dhcp_iface)){
+        vti_die(["vpn","ipsec","site-to-site","peer",$peer],"$vti_cfg_err Only one of local-address or dhcp-interface may be defined");
+    }
+    if (defined($dhcp_iface)){
+        $lip = get_dhcp_addr($dhcp_iface, $peer);
     }
 
     if (!(validateType('ipv4', $lip, 'quiet') || validateType('ipv6', $lip, 'quiet')) || ($lip eq '0.0.0.0')) {
@@ -232,9 +235,25 @@ sub vti_handle_updown {
     $vcIntf->setLevel('interfaces');
     my $disabled = $vcIntf->existsOrig("vti $intfName disabled");
     if (!defined($disabled) || !$disabled) {
+        my $vcVPN = new Vyatta::Config();
+        $vcVPN->setLevel('vpn ipsec site-to-site');
+        my @peers = $vcVPN->listOrigNodes('peer');
         my $vtiInterface = new Vyatta::Interface($intfName);
         my $state = $vtiInterface->up();
         if (!($state && ($action eq "up"))) {
+            if ($action eq "up") {
+                foreach my $peer (@peers) {
+                    if (!$vcVPN->existsOrig("peer $peer vti bind $intfName")) {
+                        next;
+                    }
+
+                    my $dhcp_iface = $vcVPN->returnOrigValue("peer $peer dhcp-interface");
+                    if (defined($dhcp_iface)) {
+                        my $lip = get_dhcp_addr($dhcp_iface, $peer);
+                        system("sudo /sbin/ip tunnel change $intfName local $lip\n");
+                    }
+                }
+            }
             system("sudo /sbin/ip link set $intfName $action\n");
         }
     }
@@ -315,3 +334,18 @@ sub checkUnrefIntfVti {
         }
     }
 }
+
+sub get_dhcp_addr {
+    my ($dhcp_iface, $peer) = @_;
+    vti_die(["vpn","ipsec","site-to-site","peer",$peer,"dhcp-interface"],"$vti_cfg_err The specified interface is not configured for dhcp.")
+        if (!(Vyatta::Misc::is_dhcp_enabled($dhcp_iface,0)));
+    my @dhcp_addr = Vyatta::Misc::getIP($dhcp_iface,4);
+    my $addr = pop(@dhcp_addr);
+    if (!defined($addr)){
+        $addr = '';
+        return $addr;
+    }
+    @dhcp_addr = split(/\//, $addr);
+    $addr = $dhcp_addr[0];
+    return $addr;
+}