diff options
author | Christian Breunig <christian@breunig.cc> | 2024-03-20 20:53:47 +0100 |
---|---|---|
committer | Christian Breunig <christian@breunig.cc> | 2024-03-20 21:00:46 +0100 |
commit | 9eb018c4935235d292d7c693ac15da5761be064a (patch) | |
tree | b2c39197432cb0216b6d3c0ee032266d2cd47cdc /python | |
parent | a33aacf8ab67bab183f2ec84be49966a4c939c3d (diff) | |
download | vyos-1x-9eb018c4935235d292d7c693ac15da5761be064a.tar.gz vyos-1x-9eb018c4935235d292d7c693ac15da5761be064a.zip |
vti: T6085: interface is always down and only enabled by IPSec daemon
When a VTI interface is just created, it is in ADMIN UP state by default, even
if an IPSec peer is not connected. After the peer is disconnected the interface
goes to DOWN state as expected.
This breaks routing logic - for example, static routes through VTI interfaces
will be active even if a peer is not connected.
This changes to logic so ADMIN UP/DOWN state can only be changed by the
vti-up-down helper script.
Error was introduced during the Perl -> Python migration and move to the generic
vyos.ifconfig abstraction during the 1.4 development cycle.
Diffstat (limited to 'python')
-rw-r--r-- | python/vyos/ifconfig/vti.py | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/python/vyos/ifconfig/vti.py b/python/vyos/ifconfig/vti.py index 9ebbeb9ed..9511386f4 100644 --- a/python/vyos/ifconfig/vti.py +++ b/python/vyos/ifconfig/vti.py @@ -1,4 +1,4 @@ -# Copyright 2021-2022 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2021-2024 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -52,8 +52,14 @@ class VTIIf(Interface): cmd += f' {iproute2_key} {tmp}' self._cmd(cmd.format(**self.config)) + + # interface is always A/D down. It needs to be enabled explicitly self.set_interface('admin_state', 'down') + def set_admin_state(self, state): + """ Handled outside by /etc/ipsec.d/vti-up-down """ + pass + def get_mac(self): """ Get a synthetic MAC address. """ return self.get_mac_synthetic() |