summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-07-22 19:56:19 +0200
committerChristian Poessinger <christian@poessinger.com>2021-07-22 20:01:35 +0200
commit4e4dacee281059fdbca6531ace53f22817a62650 (patch)
treee68e41052c4620c4bf40c5cf73b3891a7ea7e967
parent2495ea2f010474f8eb673d9ccd89429a127c1edc (diff)
downloadvyos-1x-4e4dacee281059fdbca6531ace53f22817a62650.tar.gz
vyos-1x-4e4dacee281059fdbca6531ace53f22817a62650.zip
ipsec: T2816: remove "auto-update" CLI option
Update/refresh of DNS records is now handled internally by Strongswan.
-rw-r--r--interface-definitions/vpn_ipsec.xml.in12
-rw-r--r--smoketest/configs/bgp-azure-ipsec-gateway1
-rwxr-xr-xsrc/conf_mode/vpn_ipsec.py5
-rwxr-xr-xsrc/migration-scripts/ipsec/5-to-65
4 files changed, 7 insertions, 16 deletions
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in
index 3d142ccee..4cd1936a2 100644
--- a/interface-definitions/vpn_ipsec.xml.in
+++ b/interface-definitions/vpn_ipsec.xml.in
@@ -11,18 +11,6 @@
<priority>901</priority>
</properties>
<children>
- <leafNode name="auto-update">
- <properties>
- <help>Set auto-update interval for IPsec daemon</help>
- <valueHelp>
- <format>u32:30-65535</format>
- <description>Auto-update interval (s)</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 30-65535"/>
- </constraint>
- </properties>
- </leafNode>
<leafNode name="disable-uniqreqids">
<properties>
<help>Option to disable requirement for unique IDs in the Security Database</help>
diff --git a/smoketest/configs/bgp-azure-ipsec-gateway b/smoketest/configs/bgp-azure-ipsec-gateway
index 0862531fd..0580f4ddc 100644
--- a/smoketest/configs/bgp-azure-ipsec-gateway
+++ b/smoketest/configs/bgp-azure-ipsec-gateway
@@ -307,6 +307,7 @@ system {
}
vpn {
ipsec {
+ auto-update 120
esp-group ESP-AZURE {
compression disable
lifetime 27000
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py
index c50724592..f1c6b216b 100755
--- a/src/conf_mode/vpn_ipsec.py
+++ b/src/conf_mode/vpn_ipsec.py
@@ -544,10 +544,7 @@ def apply(ipsec):
if not ipsec:
call('sudo ipsec stop')
else:
- args = ''
- if 'auto_update' in ipsec:
- args = '--auto-update ' + ipsec['auto_update']
- call(f'sudo ipsec restart {args}')
+ call('sudo ipsec restart')
call('sudo ipsec rereadall')
call('sudo ipsec reload')
diff --git a/src/migration-scripts/ipsec/5-to-6 b/src/migration-scripts/ipsec/5-to-6
index 76ee9ecba..e9adee01b 100755
--- a/src/migration-scripts/ipsec/5-to-6
+++ b/src/migration-scripts/ipsec/5-to-6
@@ -80,6 +80,11 @@ if config.exists(base_interfaces):
config.copy(base_interfaces, base + ['interface'])
config.delete(base_interfaces)
+# Remove deprecated "auto-update" option
+tmp = base + ['auto-update']
+if config.exists(tmp):
+ config.delete(tmp)
+
try:
with open(file_name, 'w') as f:
f.write(config.to_string())