diff options
| author | Stig Thormodsrud <stig@vyatta.com> | 2009-07-10 13:47:27 -0700 |
|---|---|---|
| committer | Stig Thormodsrud <stig@vyatta.com> | 2009-07-10 14:13:23 -0700 |
| commit | 8ccf032ea2f78b293ef11063c2072af0122a86eb (patch) | |
| tree | 0e0bafef61f2bbea3bb3ea9d029d6985bd9d940a | |
| parent | 4490f365f89977ea4af60cdfb6a47597ba0561b7 (diff) | |
| download | vyatta-cluster-8ccf032ea2f78b293ef11063c2072af0122a86eb.tar.gz vyatta-cluster-8ccf032ea2f78b293ef11063c2072af0122a86eb.zip | |
Fix 4623: Removing IPSEC VPN config without removing cluster ipsec config drops all interfaces.
Don't allow ipsec service if ipsec hasn't been configured.
(cherry picked from commit 0ce77b7f7ec5a2203c712d3f7e670f483abc17fd)
| -rw-r--r-- | lib/Vyatta/Cluster/Config.pm | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/Vyatta/Cluster/Config.pm b/lib/Vyatta/Cluster/Config.pm index 5756567..57032a8 100644 --- a/lib/Vyatta/Cluster/Config.pm +++ b/lib/Vyatta/Cluster/Config.pm @@ -332,6 +332,15 @@ sub haresources { foreach (@{$hashref->{_service}}) { if (!isValidIPSpec($_)) { if (isValidService($_)) { + if ($_ eq 'ipsec') { + # check if ipsec is configured + my $config = new Vyatta::Config; + $config->setLevel('vpn'); + my @nodes = $config->listOrigPlusComNodes(); + if (! grep(/^ipsec$/, @nodes)) { + return (undef, "ipsec is not configured"); + } + } push @init_services, $_; } else { return (undef, "\"$_\" is not a valid IP address " |