diff options
author | Christian Poessinger <christian@poessinger.com> | 2022-11-18 09:45:10 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-11-18 09:45:10 +0100 |
commit | 0094bdfd15b4732a4be417f1777e903a41a8a954 (patch) | |
tree | 65cb07a26a69fe901d09172f5170d57c645876e6 | |
parent | a295c8fd127c02e1af1a8051961ee2b8e2850fd1 (diff) | |
parent | c3be3f0a127819b4b922331f307a89afaaf7cef3 (diff) | |
download | vyos-1x-0094bdfd15b4732a4be417f1777e903a41a8a954.tar.gz vyos-1x-0094bdfd15b4732a4be417f1777e903a41a8a954.zip |
Merge pull request #1645 from aapostoliuk/T4793-sagitta
T4793: Added warning about disable-route-autoinstall
-rwxr-xr-x | src/conf_mode/vpn_ipsec.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py index cfefcfbe8..b79e9847a 100755 --- a/src/conf_mode/vpn_ipsec.py +++ b/src/conf_mode/vpn_ipsec.py @@ -22,6 +22,7 @@ from sys import exit from time import sleep from time import time +from vyos.base import Warning from vyos.config import Config from vyos.configdict import leaf_node_changed from vyos.configverify import verify_interface_exists @@ -438,6 +439,10 @@ def verify(ipsec): if 'local_address' in peer_conf and 'dhcp_interface' in peer_conf: raise ConfigError(f"A single local-address or dhcp-interface is required when using VTI on site-to-site peer {peer}") + if dict_search('options.disable_route_autoinstall', + ipsec) == None: + Warning('It\'s recommended to use ipsec vty with the next command\n[set vpn ipsec option disable-route-autoinstall]') + if 'bind' in peer_conf['vti']: vti_interface = peer_conf['vti']['bind'] if not os.path.exists(f'/sys/class/net/{vti_interface}'): |