ipsec: T3705: bugfix for VTI interfaces no honoring default-esp-group

author: Christian Poessinger <christian@poessinger.com> 2021-07-27 07:01:12 +0200
committer: Christian Poessinger <christian@poessinger.com> 2021-07-27 07:01:12 +0200
commit: 9e18f625dfddefa6fec7362e7e6758821389152a (patch)
tree: 3dbe2b72376e57c0c5060c6cb2b6c2d1d8476c30 /data/templates/ipsec
parent: 57fa30de709afe31aeddb5fedf565ce44c5ba937 (diff)
download: vyos-1x-9e18f625dfddefa6fec7362e7e6758821389152a.tar.gz
vyos-1x-9e18f625dfddefa6fec7362e7e6758821389152a.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl
index 8e46e8892..32ead9e60 100644
--- a/data/templates/ipsec/swanctl/peer.tmpl
+++ b/data/templates/ipsec/swanctl/peer.tmpl
@@ -54,7 +54,7 @@
         }
         children {
 {%   if peer_conf.vti is defined and peer_conf.vti.bind is defined and peer_conf.tunnel is not defined %}
-{%     set vti_esp = esp_group[peer_conf.vti.esp_group] if peer_conf.vti.esp_group is defined else None %}
+{%     set vti_esp = esp_group[ peer_conf.vti.esp_group ] if peer_conf.vti.esp_group is defined else esp_group[ peer_conf.default_esp_group ] %}
             peer_{{ name }}_vti {
                 esp_proposals = {{ vti_esp | get_esp_ike_cipher | join(',') }}
                 local_ts = 0.0.0.0/0,::/0
author	Christian Poessinger <christian@poessinger.com>	2021-07-27 07:01:12 +0200
committer	Christian Poessinger <christian@poessinger.com>	2021-07-27 07:01:12 +0200
commit	9e18f625dfddefa6fec7362e7e6758821389152a (patch)
tree	3dbe2b72376e57c0c5060c6cb2b6c2d1d8476c30 /data/templates/ipsec
parent	57fa30de709afe31aeddb5fedf565ce44c5ba937 (diff)
download	vyos-1x-9e18f625dfddefa6fec7362e7e6758821389152a.tar.gz vyos-1x-9e18f625dfddefa6fec7362e7e6758821389152a.zip