diff options
| author | Christian Poessinger <christian@poessinger.com> | 2021-05-29 19:11:35 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2021-05-29 19:11:36 +0200 |
| commit | a31ab24a9d3be2b74c50bd0b506dc981bb0ed6af (patch) | |
| tree | cf9eadfcc65a74ad1b5a3d6d5165d1e6c63c7a47 /src/conf_mode/vpn_ipsec.py | |
| parent | 2d3a2c56a33b89ae08c67a7cc93088b0c8c3647c (diff) | |
| download | vyos-1x-a31ab24a9d3be2b74c50bd0b506dc981bb0ed6af.tar.gz vyos-1x-a31ab24a9d3be2b74c50bd0b506dc981bb0ed6af.zip | |
vpn: ipsec: T3093: test for VTI interface availability the easy way
We do not need to query the actual configuration if the VTI peer is configured
or not. This can be done in a much more simples way by just checking if the
desired interface exists on the running system.
This is safe to do as the VTI priority is less then IPSec.
Diffstat (limited to 'src/conf_mode/vpn_ipsec.py')
| -rwxr-xr-x | src/conf_mode/vpn_ipsec.py | 18 |
1 files changed, 7 insertions, 11 deletions
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py index 2d280a5c6..e59f20a5d 100755 --- a/src/conf_mode/vpn_ipsec.py +++ b/src/conf_mode/vpn_ipsec.py @@ -24,7 +24,11 @@ from time import sleep from vyos.config import Config from vyos.configdiff import ConfigDiff from vyos.template import render -from vyos.util import call, get_interface_address, process_named_running, run, cidr_fit +from vyos.util import call +from vyos.util import get_interface_address +from vyos.util import process_named_running +from vyos.util import run +from vyos.util import cidr_fit from vyos import ConfigError from vyos import airbag airbag.enable() @@ -230,8 +234,8 @@ def verify(ipsec): if 'bind' in peer_conf['vti']: vti_interface = peer_conf['vti']['bind'] - if not get_vti_interface(vti_interface): - raise ConfigError(f'Invalid VTI interface on site-to-site peer {peer}') + if not os.path.exists(f'/sys/class/net/{vti_interface}'): + raise ConfigError(f'VTI interface {vti_interface} for site-to-site peer {peer} does not exist!') if 'vti' not in peer_conf and 'tunnel' not in peer_conf: raise ConfigError(f"No vti or tunnels specified on site-to-site peer {peer}") @@ -380,14 +384,6 @@ def apply(ipsec): resync_l2tp(conf) resync_nhrp(conf) -def get_vti_interface(vti_interface): - global conf - section = conf.get_config_dict(['interfaces', 'vti'], get_first_key=True) - for interface, interface_conf in section.items(): - if interface == vti_interface: - return interface_conf - return None - def get_mark(vti_interface): vti_num = int(vti_interface.lstrip('vti')) return mark_base + vti_num |