diff options
author | Viacheslav Hletenko <v.gletenko@vyos.io> | 2022-10-14 08:04:55 +0000 |
---|---|---|
committer | Viacheslav Hletenko <v.gletenko@vyos.io> | 2022-10-14 08:04:55 +0000 |
commit | f089aa624e0713f117c949b74ec2ad389de2064e (patch) | |
tree | 5fb28f647c19338f2e5da37f7218d123cebc3fdb | |
parent | 02f2535dda08c6e19ba2e1fdb750f1e298b45add (diff) | |
download | vyos-1x-f089aa624e0713f117c949b74ec2ad389de2064e.tar.gz vyos-1x-f089aa624e0713f117c949b74ec2ad389de2064e.zip |
T4725: Fix Regex for correctly reset IPsec peers
As IPsec site-so-site was rewritten we do not need replace
':' => '-' as ':' can not be in the connection name
So connection name can not use IP(v6) address as peer name
And current peers/connections not required prefix 'peer_'
Fix template that search correctly connection name of the peers
that allow to reset them again (reset ipsec peer was broken)
-rwxr-xr-x | src/op_mode/ipsec.py | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/src/op_mode/ipsec.py b/src/op_mode/ipsec.py index a4d1b4cb1..7ec35d7bd 100755 --- a/src/op_mode/ipsec.py +++ b/src/op_mode/ipsec.py @@ -133,14 +133,13 @@ def _get_formatted_output_sas(sas): def get_peer_connections(peer, tunnel, return_all = False): - peer = peer.replace(':', '-') - search = rf'^[\s]*(peer_{peer}_(tunnel_[\d]+|vti)).*' + search = rf'^[\s]*({peer}-(tunnel-[\d]+|vti)).*' matches = [] with open(SWANCTL_CONF, 'r') as f: for line in f.readlines(): result = re.match(search, line) if result: - suffix = f'tunnel_{tunnel}' if tunnel.isnumeric() else tunnel + suffix = f'tunnel-{tunnel}' if tunnel.isnumeric() else tunnel if return_all or (result[2] == suffix): matches.append(result[1]) return matches |