ipsec: T4111: Fix for swanctl configuration IPV6 peers

Peer name must not contain dots and colons, otherwise swanct can't generate correct configuration for swanctl.conf This is used in connection names and child SA names Add filter 'dot_colon_to_dash' which replace dots and colons
author: Viacheslav <v.gletenko@vyos.io> 2021-12-28 11:45:37 +0000
committer: Viacheslav <v.gletenko@vyos.io> 2021-12-28 11:45:37 +0000
commit: 5e05bfe790035f7d53dede8d76bccb089a186864 (patch)
tree: 8643a31cc75b4c0174f06b202205bada3e4b0a90
parent: 5c5e283f8a964f5bbb3d838d1c0aabdee4e2032b (diff)
download: vyos-1x-5e05bfe790035f7d53dede8d76bccb089a186864.tar.gz
vyos-1x-5e05bfe790035f7d53dede8d76bccb089a186864.zip
3 files changed, 12 insertions, 2 deletions
diff --git a/data/templates/ipsec/swanctl.conf.tmpl b/data/templates/ipsec/swanctl.conf.tmpl
index 161f19f95..68b108365 100644
--- a/data/templates/ipsec/swanctl.conf.tmpl
+++ b/data/templates/ipsec/swanctl.conf.tmpl
@@ -57,7 +57,7 @@ secrets {
 {%  endif %}
 {%  if site_to_site is defined and site_to_site.peer is defined %}
 {%    for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not defined %}
-{%      set peer_name = peer.replace(".", "-").replace("@", "") %}
+{%      set peer_name = peer.replace("@", "") | dot_colon_to_dash %}
 {%      if peer_conf.authentication.mode == 'pre-shared-secret' %}
     ike_{{ peer_name }} {
 {%        if peer_conf.local_address is defined %}
diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl
index 8c3776bf1..1b221814e 100644
--- a/data/templates/ipsec/swanctl/peer.tmpl
+++ b/data/templates/ipsec/swanctl/peer.tmpl
@@ -1,5 +1,5 @@
 {% macro conn(peer, peer_conf, ike_group, esp_group) %}
-{%   set name = peer.replace(".", "-").replace("@", "") %}
+{%   set name = peer.replace("@", "") | dot_colon_to_dash %}
 {#   peer needs to reference the global IKE configuration for certain values #}
 {%   set ike = ike_group[peer_conf.ike_group] %}
     peer_{{ name }} {
diff --git a/python/vyos/template.py b/python/vyos/template.py
index b32cafe74..29c6b3882 100644
--- a/python/vyos/template.py
+++ b/python/vyos/template.py
@@ -151,6 +151,16 @@ def bracketize_ipv6(address):
         return f'[{address}]'
     return address
 
+@register_filter('dot_colon_to_dash')
+def dot_colon_to_dash(text):
+    """ Replace dot and colon to dash for string
+    Example:
+    192.0.2.1 => 192-0-2-1, 2001:db8::1 => 2001-db8--1
+    """
+    text = text.replace(":", "-")
+    text = text.replace(".", "-")
+    return text
+
 @register_filter('netmask_from_cidr')
 def netmask_from_cidr(prefix):
     """ Take CIDR prefix and convert the prefix length to a "subnet mask".
author	Viacheslav <v.gletenko@vyos.io>	2021-12-28 11:45:37 +0000
committer	Viacheslav <v.gletenko@vyos.io>	2021-12-28 11:45:37 +0000
commit	5e05bfe790035f7d53dede8d76bccb089a186864 (patch)
tree	8643a31cc75b4c0174f06b202205bada3e4b0a90
parent	5c5e283f8a964f5bbb3d838d1c0aabdee4e2032b (diff)
download	vyos-1x-5e05bfe790035f7d53dede8d76bccb089a186864.tar.gz vyos-1x-5e05bfe790035f7d53dede8d76bccb089a186864.zip