summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-11-18 09:45:10 +0100
committerGitHub <noreply@github.com>2022-11-18 09:45:10 +0100
commit0094bdfd15b4732a4be417f1777e903a41a8a954 (patch)
tree65cb07a26a69fe901d09172f5170d57c645876e6
parenta295c8fd127c02e1af1a8051961ee2b8e2850fd1 (diff)
parentc3be3f0a127819b4b922331f307a89afaaf7cef3 (diff)
downloadvyos-1x-0094bdfd15b4732a4be417f1777e903a41a8a954.tar.gz
vyos-1x-0094bdfd15b4732a4be417f1777e903a41a8a954.zip
Merge pull request #1645 from aapostoliuk/T4793-sagitta
T4793: Added warning about disable-route-autoinstall
-rwxr-xr-xsrc/conf_mode/vpn_ipsec.py5
1 files changed, 5 insertions, 0 deletions
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py
index cfefcfbe8..b79e9847a 100755
--- a/src/conf_mode/vpn_ipsec.py
+++ b/src/conf_mode/vpn_ipsec.py
@@ -22,6 +22,7 @@ from sys import exit
from time import sleep
from time import time
+from vyos.base import Warning
from vyos.config import Config
from vyos.configdict import leaf_node_changed
from vyos.configverify import verify_interface_exists
@@ -438,6 +439,10 @@ def verify(ipsec):
if 'local_address' in peer_conf and 'dhcp_interface' in peer_conf:
raise ConfigError(f"A single local-address or dhcp-interface is required when using VTI on site-to-site peer {peer}")
+ if dict_search('options.disable_route_autoinstall',
+ ipsec) == None:
+ Warning('It\'s recommended to use ipsec vty with the next command\n[set vpn ipsec option disable-route-autoinstall]')
+
if 'bind' in peer_conf['vti']:
vti_interface = peer_conf['vti']['bind']
if not os.path.exists(f'/sys/class/net/{vti_interface}'):