summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-09-20 07:38:43 +0200
committerGitHub <noreply@github.com>2021-09-20 07:38:43 +0200
commit62fc13d98013d46cf4cc37f4ac5c6f3c864290c2 (patch)
treedeebaed65d2a200a4af9ea60076ef25c5d025f02
parente80d0aebd691f1a707ab534b4d1340fa0b793e01 (diff)
parentd768aee9bd93280210980d621ecc7b2da1a8d4af (diff)
downloadvyos-1x-62fc13d98013d46cf4cc37f4ac5c6f3c864290c2.tar.gz
vyos-1x-62fc13d98013d46cf4cc37f4ac5c6f3c864290c2.zip
Merge pull request #1012 from lucasec/vti-enhancements
ipsec: T1441: Clean up vti-up-down script for XFRM interfaces
-rw-r--r--data/templates/ipsec/swanctl/peer.tmpl4
-rwxr-xr-xsrc/etc/ipsec.d/vti-up-down12
2 files changed, 2 insertions, 14 deletions
diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl
index e039e98aa..8c3776bf1 100644
--- a/data/templates/ipsec/swanctl/peer.tmpl
+++ b/data/templates/ipsec/swanctl/peer.tmpl
@@ -60,7 +60,7 @@
life_time = {{ vti_esp.lifetime }}s
local_ts = 0.0.0.0/0,::/0
remote_ts = 0.0.0.0/0,::/0
- updown = "/etc/ipsec.d/vti-up-down {{ peer_conf.vti.bind }} {{ peer_conf.dhcp_interface if peer_conf.dhcp_interface is defined else 'no' }}"
+ updown = "/etc/ipsec.d/vti-up-down {{ peer_conf.vti.bind }}"
{# The key defaults to 0 and will match any policies which similarly do not have a lookup key configuration. #}
{# Thus we simply shift the key by one to also support a vti0 interface #}
{% set if_id = peer_conf.vti.bind | replace('vti', '') | int +1 %}
@@ -119,7 +119,7 @@
dpd_action = {{ dpd_translate[ike.dead_peer_detection.action] }}
{% endif %}
{% if peer_conf.vti is defined and peer_conf.vti.bind is defined %}
- updown = "/etc/ipsec.d/vti-up-down {{ peer_conf.vti.bind }} {{ peer_conf.dhcp_interface if peer_conf.dhcp_interface is defined else 'no' }}"
+ updown = "/etc/ipsec.d/vti-up-down {{ peer_conf.vti.bind }}"
{# The key defaults to 0 and will match any policies which similarly do not have a lookup key configuration. #}
{# Thus we simply shift the key by one to also support a vti0 interface #}
{% set if_id = peer_conf.vti.bind | replace('vti', '') | int +1 %}
diff --git a/src/etc/ipsec.d/vti-up-down b/src/etc/ipsec.d/vti-up-down
index 011013a2e..1ffb32955 100755
--- a/src/etc/ipsec.d/vti-up-down
+++ b/src/etc/ipsec.d/vti-up-down
@@ -29,19 +29,10 @@ from vyos.util import call
from vyos.util import get_interface_config
from vyos.util import get_interface_address
-def get_dhcp_address(interface):
- addr = get_interface_address(interface)
- if not addr:
- return None
- if len(addr['addr_info']) == 0:
- return None
- return addr['addr_info'][0]['local']
-
if __name__ == '__main__':
verb = os.getenv('PLUTO_VERB')
connection = os.getenv('PLUTO_CONNECTION')
interface = sys.argv[1]
- dhcp_interface = sys.argv[2]
openlog(ident=f'vti-up-down', logoption=LOG_PID, facility=LOG_INFO)
syslog(f'Interface {interface} {verb} {connection}')
@@ -63,9 +54,6 @@ if __name__ == '__main__':
if verb in ['up-client', 'up-host']:
if not vti_link_up:
- if dhcp_interface != 'no':
- local_ip = get_dhcp_address(dhcp_interface)
- call(f'sudo ip tunnel change {interface} local {local_ip}')
if 'disable' not in vti_dict:
call(f'sudo ip link set {interface} up')
else: