diff options
| author | Viacheslav <v.gletenko@vyos.io> | 2021-12-28 11:45:37 +0000 |
|---|---|---|
| committer | Viacheslav <v.gletenko@vyos.io> | 2021-12-28 11:45:37 +0000 |
| commit | 5e05bfe790035f7d53dede8d76bccb089a186864 (patch) | |
| tree | 8643a31cc75b4c0174f06b202205bada3e4b0a90 /data/templates/ipsec | |
| parent | 5c5e283f8a964f5bbb3d838d1c0aabdee4e2032b (diff) | |
| download | vyos-1x-5e05bfe790035f7d53dede8d76bccb089a186864.tar.gz vyos-1x-5e05bfe790035f7d53dede8d76bccb089a186864.zip | |
ipsec: T4111: Fix for swanctl configuration IPV6 peers
Peer name must not contain dots and colons, otherwise
swanct can't generate correct configuration for swanctl.conf
This is used in connection names and child SA names
Add filter 'dot_colon_to_dash' which replace dots and colons
Diffstat (limited to 'data/templates/ipsec')
| -rw-r--r-- | data/templates/ipsec/swanctl.conf.tmpl | 2 | ||||
| -rw-r--r-- | data/templates/ipsec/swanctl/peer.tmpl | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/data/templates/ipsec/swanctl.conf.tmpl b/data/templates/ipsec/swanctl.conf.tmpl index 161f19f95..68b108365 100644 --- a/data/templates/ipsec/swanctl.conf.tmpl +++ b/data/templates/ipsec/swanctl.conf.tmpl @@ -57,7 +57,7 @@ secrets { {% endif %} {% if site_to_site is defined and site_to_site.peer is defined %} {% for peer, peer_conf in site_to_site.peer.items() if peer not in dhcp_no_address and peer_conf.disable is not defined %} -{% set peer_name = peer.replace(".", "-").replace("@", "") %} +{% set peer_name = peer.replace("@", "") | dot_colon_to_dash %} {% if peer_conf.authentication.mode == 'pre-shared-secret' %} ike_{{ peer_name }} { {% if peer_conf.local_address is defined %} diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl index 8c3776bf1..1b221814e 100644 --- a/data/templates/ipsec/swanctl/peer.tmpl +++ b/data/templates/ipsec/swanctl/peer.tmpl @@ -1,5 +1,5 @@ {% macro conn(peer, peer_conf, ike_group, esp_group) %} -{% set name = peer.replace(".", "-").replace("@", "") %} +{% set name = peer.replace("@", "") | dot_colon_to_dash %} {# peer needs to reference the global IKE configuration for certain values #} {% set ike = ike_group[peer_conf.ike_group] %} peer_{{ name }} { |