From 8ccf032ea2f78b293ef11063c2072af0122a86eb Mon Sep 17 00:00:00 2001
From: Stig Thormodsrud <stig@vyatta.com>
Date: Fri, 10 Jul 2009 13:47:27 -0700
Subject: Fix 4623: Removing IPSEC VPN config without removing cluster ipsec
 config drops all interfaces. Don't allow ipsec service if ipsec hasn't been
 configured. (cherry picked from commit
 0ce77b7f7ec5a2203c712d3f7e670f483abc17fd)

---
 lib/Vyatta/Cluster/Config.pm | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'lib/Vyatta/Cluster/Config.pm')

diff --git a/lib/Vyatta/Cluster/Config.pm b/lib/Vyatta/Cluster/Config.pm
index 5756567..57032a8 100644
--- a/lib/Vyatta/Cluster/Config.pm
+++ b/lib/Vyatta/Cluster/Config.pm
@@ -332,6 +332,15 @@ sub haresources {
   foreach (@{$hashref->{_service}}) {
     if (!isValidIPSpec($_)) {
       if (isValidService($_)) {
+	if ($_ eq 'ipsec') {
+	  # check if ipsec is configured
+	  my $config = new Vyatta::Config;
+	  $config->setLevel('vpn');
+	  my @nodes = $config->listOrigPlusComNodes();
+	  if (! grep(/^ipsec$/, @nodes)) {
+	    return (undef, "ipsec is not configured");
+	  }
+	}
         push @init_services, $_;
       } else {
         return (undef, "\"$_\" is not a valid IP address "
-- 
cgit v1.2.3