diff options
author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2021-07-02 10:57:32 +0200 |
---|---|---|
committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2021-07-02 12:32:06 +0200 |
commit | f480346bb8e934b1ce2e0fc3be23f7168273bba1 (patch) | |
tree | 55987b6d51c5fc9ee92689b235176df941a91f95 /src/conf_mode/vpn_ipsec.py | |
parent | c232fdc4c5464858818f1a83c35ed5d0b7fba15a (diff) | |
download | vyos-1x-f480346bb8e934b1ce2e0fc3be23f7168273bba1.tar.gz vyos-1x-f480346bb8e934b1ce2e0fc3be23f7168273bba1.zip |
ipsec: T3656: T3659: Fix pass-through with ipv6. Fix op-mode ipsec commands. Remove python3-crypto dependency.
Diffstat (limited to 'src/conf_mode/vpn_ipsec.py')
-rwxr-xr-x | src/conf_mode/vpn_ipsec.py | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py index bf4aa332a..ce72ee094 100755 --- a/src/conf_mode/vpn_ipsec.py +++ b/src/conf_mode/vpn_ipsec.py @@ -14,6 +14,7 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. +import ipaddress import os from sys import exit @@ -34,7 +35,6 @@ from vyos.util import call from vyos.util import dict_search from vyos.util import process_named_running from vyos.util import run -from vyos.util import cidr_fit from vyos import ConfigError from vyos import airbag airbag.enable() @@ -407,7 +407,9 @@ def generate(ipsec): for local_prefix in local_prefixes: for remote_prefix in remote_prefixes: - if cidr_fit(local_prefix, remote_prefix): + local_net = ipaddress.ip_network(local_prefix) + remote_net = ipaddress.ip_network(remote_prefix) + if local_net.overlaps(remote_net): passthrough.append(local_prefix) data['site_to_site']['peer'][peer]['tunnel'][tunnel]['passthrough'] = passthrough |