diff options
author | Christian Poessinger <christian@poessinger.com> | 2021-07-22 19:56:19 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2021-07-22 20:01:35 +0200 |
commit | 4e4dacee281059fdbca6531ace53f22817a62650 (patch) | |
tree | e68e41052c4620c4bf40c5cf73b3891a7ea7e967 | |
parent | 2495ea2f010474f8eb673d9ccd89429a127c1edc (diff) | |
download | vyos-1x-4e4dacee281059fdbca6531ace53f22817a62650.tar.gz vyos-1x-4e4dacee281059fdbca6531ace53f22817a62650.zip |
ipsec: T2816: remove "auto-update" CLI option
Update/refresh of DNS records is now handled internally by Strongswan.
-rw-r--r-- | interface-definitions/vpn_ipsec.xml.in | 12 | ||||
-rw-r--r-- | smoketest/configs/bgp-azure-ipsec-gateway | 1 | ||||
-rwxr-xr-x | src/conf_mode/vpn_ipsec.py | 5 | ||||
-rwxr-xr-x | src/migration-scripts/ipsec/5-to-6 | 5 |
4 files changed, 7 insertions, 16 deletions
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in index 3d142ccee..4cd1936a2 100644 --- a/interface-definitions/vpn_ipsec.xml.in +++ b/interface-definitions/vpn_ipsec.xml.in @@ -11,18 +11,6 @@ <priority>901</priority> </properties> <children> - <leafNode name="auto-update"> - <properties> - <help>Set auto-update interval for IPsec daemon</help> - <valueHelp> - <format>u32:30-65535</format> - <description>Auto-update interval (s)</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 30-65535"/> - </constraint> - </properties> - </leafNode> <leafNode name="disable-uniqreqids"> <properties> <help>Option to disable requirement for unique IDs in the Security Database</help> diff --git a/smoketest/configs/bgp-azure-ipsec-gateway b/smoketest/configs/bgp-azure-ipsec-gateway index 0862531fd..0580f4ddc 100644 --- a/smoketest/configs/bgp-azure-ipsec-gateway +++ b/smoketest/configs/bgp-azure-ipsec-gateway @@ -307,6 +307,7 @@ system { } vpn { ipsec { + auto-update 120 esp-group ESP-AZURE { compression disable lifetime 27000 diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py index c50724592..f1c6b216b 100755 --- a/src/conf_mode/vpn_ipsec.py +++ b/src/conf_mode/vpn_ipsec.py @@ -544,10 +544,7 @@ def apply(ipsec): if not ipsec: call('sudo ipsec stop') else: - args = '' - if 'auto_update' in ipsec: - args = '--auto-update ' + ipsec['auto_update'] - call(f'sudo ipsec restart {args}') + call('sudo ipsec restart') call('sudo ipsec rereadall') call('sudo ipsec reload') diff --git a/src/migration-scripts/ipsec/5-to-6 b/src/migration-scripts/ipsec/5-to-6 index 76ee9ecba..e9adee01b 100755 --- a/src/migration-scripts/ipsec/5-to-6 +++ b/src/migration-scripts/ipsec/5-to-6 @@ -80,6 +80,11 @@ if config.exists(base_interfaces): config.copy(base_interfaces, base + ['interface']) config.delete(base_interfaces) +# Remove deprecated "auto-update" option +tmp = base + ['auto-update'] +if config.exists(tmp): + config.delete(tmp) + try: with open(file_name, 'w') as f: f.write(config.to_string()) |