diff options
| author | Christian Poessinger <christian@poessinger.com> | 2021-05-29 19:11:35 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2021-05-29 19:11:36 +0200 |
| commit | a31ab24a9d3be2b74c50bd0b506dc981bb0ed6af (patch) | |
| tree | cf9eadfcc65a74ad1b5a3d6d5165d1e6c63c7a47 | |
| parent | 2d3a2c56a33b89ae08c67a7cc93088b0c8c3647c (diff) | |
| download | vyos-1x-a31ab24a9d3be2b74c50bd0b506dc981bb0ed6af.tar.gz vyos-1x-a31ab24a9d3be2b74c50bd0b506dc981bb0ed6af.zip | |
vpn: ipsec: T3093: test for VTI interface availability the easy way
We do not need to query the actual configuration if the VTI peer is configured
or not. This can be done in a much more simples way by just checking if the
desired interface exists on the running system.
This is safe to do as the VTI priority is less then IPSec.
| -rwxr-xr-x | src/conf_mode/vpn_ipsec.py | 18 |
1 files changed, 7 insertions, 11 deletions
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py index 2d280a5c6..e59f20a5d 100755 --- a/src/conf_mode/vpn_ipsec.py +++ b/src/conf_mode/vpn_ipsec.py @@ -24,7 +24,11 @@ from time import sleep from vyos.config import Config from vyos.configdiff import ConfigDiff from vyos.template import render -from vyos.util import call, get_interface_address, process_named_running, run, cidr_fit +from vyos.util import call +from vyos.util import get_interface_address +from vyos.util import process_named_running +from vyos.util import run +from vyos.util import cidr_fit from vyos import ConfigError from vyos import airbag airbag.enable() @@ -230,8 +234,8 @@ def verify(ipsec): if 'bind' in peer_conf['vti']: vti_interface = peer_conf['vti']['bind'] - if not get_vti_interface(vti_interface): - raise ConfigError(f'Invalid VTI interface on site-to-site peer {peer}') + if not os.path.exists(f'/sys/class/net/{vti_interface}'): + raise ConfigError(f'VTI interface {vti_interface} for site-to-site peer {peer} does not exist!') if 'vti' not in peer_conf and 'tunnel' not in peer_conf: raise ConfigError(f"No vti or tunnels specified on site-to-site peer {peer}") @@ -380,14 +384,6 @@ def apply(ipsec): resync_l2tp(conf) resync_nhrp(conf) -def get_vti_interface(vti_interface): - global conf - section = conf.get_config_dict(['interfaces', 'vti'], get_first_key=True) - for interface, interface_conf in section.items(): - if interface == vti_interface: - return interface_conf - return None - def get_mark(vti_interface): vti_num = int(vti_interface.lstrip('vti')) return mark_base + vti_num |