ipsec: T1210: move DHCP server configuration unter remote-access node

As this is only related to remote-access, keeping it under "options" simply feels wrong.
author: Christian Poessinger <christian@poessinger.com> 2021-07-24 23:04:25 +0200
committer: Christian Poessinger <christian@poessinger.com> 2021-07-25 00:15:08 +0200
commit: 861945045ca04b21e27ad31513b2ff929349ee2e (patch)
tree: 0feedd3bd0307552bbaf701aba99a83571bcecd1
parent: 7273a6a0a05a000680ee549b76dd40762b73c2d0 (diff)
download: vyos-1x-861945045ca04b21e27ad31513b2ff929349ee2e.tar.gz
vyos-1x-861945045ca04b21e27ad31513b2ff929349ee2e.zip
3 files changed, 33 insertions, 40 deletions
diff --git a/data/templates/ipsec/charon/dhcp.conf.tmpl b/data/templates/ipsec/charon/dhcp.conf.tmpl
index 96dfd7633..92774b275 100644
--- a/data/templates/ipsec/charon/dhcp.conf.tmpl
+++ b/data/templates/ipsec/charon/dhcp.conf.tmpl
@@ -1,11 +1,11 @@
 dhcp {
     load = yes
-{% if options is defined and options.remote_access is defined and options.remote_access.dhcp is defined %}
-{%   if options.remote_access.dhcp.interface is defined %}
-    interface = {{ options.remote_access.dhcp.interface }}
+{% if remote_access is defined and remote_access.dhcp is defined %}
+{%   if remote_access.dhcp.interface is defined %}
+    interface = {{ remote_access.dhcp.interface }}
 {%   endif %}
-{%   if options.remote_access.dhcp.server is defined %}
-    server = {{ options.remote_access.dhcp.server }}
+{%   if remote_access.dhcp.server is defined %}
+    server = {{ remote_access.dhcp.server }}
 {%   endif %}
 {% endif %}
 
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in
index 4cd1936a2..858adb13a 100644
--- a/interface-definitions/vpn_ipsec.xml.in
+++ b/interface-definitions/vpn_ipsec.xml.in
@@ -630,40 +630,6 @@
                   <valueless/>
                 </properties>
               </leafNode>
-              <node name="remote-access">
-                <properties>
-                  <help>remote-access global options</help>
-                </properties>
-                <children>
-                  <node name="dhcp">
-                    <properties>
-                      <help>DHCP pool options for remote-access</help>
-                    </properties>
-                    <children>
-                      <leafNode name="interface">
-                        <properties>
-                          <help>Interface with DHCP server to use</help>
-                          <completionHelp>
-                            <script>${vyos_completion_dir}/list_interfaces.py</script>
-                          </completionHelp>
-                        </properties>
-                      </leafNode>
-                      <leafNode name="server">
-                        <properties>
-                          <help>DHCP server address</help>
-                          <valueHelp>
-                            <format>ipv4</format>
-                            <description>DHCP server IPv4 address</description>
-                          </valueHelp>
-                          <constraint>
-                            <validator name="ipv4-address"/>
-                          </constraint>
-                        </properties>
-                      </leafNode>
-                    </children>
-                  </node>
-                </children>
-              </node>
             </children>
           </node>
           <tagNode name="profile">
@@ -835,6 +801,33 @@
                   </leafNode>
                 </children>
               </tagNode>
+              <node name="dhcp">
+                <properties>
+                  <help>DHCP pool options for remote-access</help>
+                </properties>
+                <children>
+                  <leafNode name="interface">
+                    <properties>
+                      <help>Interface with DHCP server to use</help>
+                      <completionHelp>
+                        <script>${vyos_completion_dir}/list_interfaces.py</script>
+                      </completionHelp>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="server">
+                    <properties>
+                      <help>DHCP server address</help>
+                      <valueHelp>
+                        <format>ipv4</format>
+                        <description>DHCP server IPv4 address</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="ipv4-address"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
               <tagNode name="pool">
                 <properties>
                   <help>IP address pool for remote-access users</help>
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py
index f1c6b216b..123380827 100755
--- a/src/conf_mode/vpn_ipsec.py
+++ b/src/conf_mode/vpn_ipsec.py
@@ -269,7 +269,7 @@ def verify(ipsec):
 
                     for pool in ra_conf['pool']:
                         if pool == 'dhcp':
-                            if dict_search('options.remote_access.dhcp.server', ipsec) == None:
+                            if dict_search('remote_access.dhcp.server', ipsec) == None:
                                 raise ConfigError('IPSec DHCP server is not configured!')
 
                         elif 'pool' not in ipsec['remote_access'] or pool not in ipsec['remote_access']['pool']:
author	Christian Poessinger <christian@poessinger.com>	2021-07-24 23:04:25 +0200
committer	Christian Poessinger <christian@poessinger.com>	2021-07-25 00:15:08 +0200
commit	861945045ca04b21e27ad31513b2ff929349ee2e (patch)
tree	0feedd3bd0307552bbaf701aba99a83571bcecd1
parent	7273a6a0a05a000680ee549b76dd40762b73c2d0 (diff)
download	vyos-1x-861945045ca04b21e27ad31513b2ff929349ee2e.tar.gz vyos-1x-861945045ca04b21e27ad31513b2ff929349ee2e.zip