diff options
| author | Christian Poessinger <christian@poessinger.com> | 2021-06-04 19:33:52 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2021-06-04 19:33:52 +0200 |
| commit | 31d58e7d038ddf176c3fa9647e687939f6d02646 (patch) | |
| tree | cc4c0ed644d7b20751b6ee74933b56157aab5bb6 | |
| parent | 77866ccb16194a2446b2faccb52ec852aa882b96 (diff) | |
| download | vyos-1x-31d58e7d038ddf176c3fa9647e687939f6d02646.tar.gz vyos-1x-31d58e7d038ddf176c3fa9647e687939f6d02646.zip | |
vti: T3595: error out when adding VTI interface withouth IPSec
| -rwxr-xr-x | src/conf_mode/interfaces-vti.py | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/src/conf_mode/interfaces-vti.py b/src/conf_mode/interfaces-vti.py index 09fd8f5f9..6ff23ae59 100755 --- a/src/conf_mode/interfaces-vti.py +++ b/src/conf_mode/interfaces-vti.py @@ -40,11 +40,11 @@ def get_config(config=None): # VTI is more then an interface - we retrieve the "real" configuration from # the IPsec peer configuration which binds this VTI conf.set_level([]) - tmp = conf.get_config_dict(['vpn', 'ipsec', 'site-to-site', 'peer'], + vti['ipsec'] = conf.get_config_dict(['vpn', 'ipsec', 'site-to-site', 'peer'], key_mangling=('-', '_'), get_first_key=True, no_tag_node_value_mangle=True) - for peer, peer_config in tmp.items(): + for peer, peer_config in vti['ipsec'].items(): if dict_search('vti.bind', peer_config) == vti['ifname']: vti['remote'] = peer if 'local_address' in peer_config: @@ -59,6 +59,17 @@ def verify(vti): if 'deleted' in vti: return None + ifname = vti['ifname'] + found = False + for peer, peer_config in vti['ipsec'].items(): + if dict_search('vti.bind', peer_config) == ifname: + found = True + # we can now stop processing the for loop + break + if not found: + tmp = vti['ifname'] + raise ConfigError(f'Interface "{ifname}" not referenced in any VPN configuration!') + return None def generate(vti): |