diff options
author | Christian Poessinger <christian@poessinger.com> | 2021-06-13 09:00:12 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-06-13 09:00:12 +0200 |
commit | c88d8999873db638aa2c05d479502cedd1afd142 (patch) | |
tree | 8f260e771285efef284eeee54647f54780a25bf0 | |
parent | 97f5e8562f3a49e7b63f0c5a20b46a33c8eb4f89 (diff) | |
parent | 0b1695221657336b436fc27217614b07a34cc132 (diff) | |
download | vyos-1x-c88d8999873db638aa2c05d479502cedd1afd142.tar.gz vyos-1x-c88d8999873db638aa2c05d479502cedd1afd142.zip |
Merge pull request #877 from sarthurdev/disable_peer_tunnel
ipsec: T57: Support disable on peer, peer tunnel and dmvpn profile
-rw-r--r-- | data/templates/ipsec/ipsec.conf.tmpl | 4 | ||||
-rw-r--r-- | data/templates/ipsec/ipsec.secrets.tmpl | 2 | ||||
-rw-r--r-- | data/templates/ipsec/swanctl.conf.tmpl | 4 | ||||
-rw-r--r-- | interface-definitions/vpn_ipsec.xml.in | 2 |
4 files changed, 7 insertions, 5 deletions
diff --git a/data/templates/ipsec/ipsec.conf.tmpl b/data/templates/ipsec/ipsec.conf.tmpl index 53cba44b9..18f6c0988 100644 --- a/data/templates/ipsec/ipsec.conf.tmpl +++ b/data/templates/ipsec/ipsec.conf.tmpl @@ -7,7 +7,7 @@ config setup uniqueids = {{ "no" if disable_uniqreqids is defined else "yes" }} {% if site_to_site is defined and site_to_site.peer is defined %} -{% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address %} +{% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not defined %} {% set peer_index = loop.index %} {% set peer_ike = ike_group[peer_conf.ike_group] %} {% set peer_esp = esp_group[peer_conf.default_esp_group] if peer_conf.default_esp_group is defined else None %} @@ -60,7 +60,7 @@ conn peer-{{ peer }}-vti {% endif %} {% endif %} {% elif peer_conf.tunnel is defined %} -{% for tunnel_id, tunnel_conf in peer_conf.tunnel.items() %} +{% for tunnel_id, tunnel_conf in peer_conf.tunnel.items() if tunnel_conf.disable is not defined %} {% set tunnel_esp_name = tunnel_conf.esp_group if "esp_group" in tunnel_conf else peer_conf.default_esp_group %} {% set tunnel_esp = esp_group[tunnel_esp_name] %} {% set proto = tunnel_conf.protocol if "protocol" in tunnel_conf else '%any' %} diff --git a/data/templates/ipsec/ipsec.secrets.tmpl b/data/templates/ipsec/ipsec.secrets.tmpl index a1432de57..0d2654abc 100644 --- a/data/templates/ipsec/ipsec.secrets.tmpl +++ b/data/templates/ipsec/ipsec.secrets.tmpl @@ -2,7 +2,7 @@ {% if site_to_site is defined and "peer" in site_to_site %} {% set ns = namespace(local_key_set=False) %} -{% for peer, peer_conf in site_to_site.peer.items() %} +{% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not defined %} {% if peer_conf.authentication.mode == 'pre-shared-secret' %} {{ (peer_conf.local_address if "local_address" in peer_conf else "%any") ~ (" " ~ peer) ~ diff --git a/data/templates/ipsec/swanctl.conf.tmpl b/data/templates/ipsec/swanctl.conf.tmpl index 0ce703f20..ce007c1fd 100644 --- a/data/templates/ipsec/swanctl.conf.tmpl +++ b/data/templates/ipsec/swanctl.conf.tmpl @@ -2,7 +2,7 @@ {% if profile is defined %} connections { -{% for name, profile_conf in profile.items() if "bind" in profile_conf and "tunnel" in profile_conf.bind %} +{% for name, profile_conf in profile.items() if profile_conf.disable is not defined and profile_conf.bind is defined and profile_conf.bind.tunnel is defined %} {% set dmvpn_ike = ike_group[profile_conf.ike_group] %} {% set dmvpn_esp = esp_group[profile_conf.esp_group] %} {% for interface in profile_conf.bind.tunnel %} @@ -41,7 +41,7 @@ connections { } secrets { -{% for name, profile_conf in profile.items() if "bind" in profile_conf and "tunnel" in profile_conf.bind %} +{% for name, profile_conf in profile.items() if profile_conf.disable is not defined and profile_conf.bind is defined and profile_conf.bind.tunnel is defined %} {% if profile_conf.authentication.mode == 'pre-shared-secret' %} {% for interface in profile_conf.bind.tunnel %} ike-dmvpn-{{ interface }} { diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in index 604f49cb6..d7435d6df 100644 --- a/interface-definitions/vpn_ipsec.xml.in +++ b/interface-definitions/vpn_ipsec.xml.in @@ -642,6 +642,7 @@ <help>VPN IPSec Profile</help> </properties> <children> + #include <include/generic-disable-node.xml.i> <node name="authentication"> <properties> <help>Authentication [REQUIRED]</help> @@ -731,6 +732,7 @@ </valueHelp> </properties> <children> + #include <include/generic-disable-node.xml.i> <node name="authentication"> <properties> <help>Peer authentication [REQUIRED]</help> |