diff options
| author | Daniil Baturin <daniil@vyos.io> | 2024-01-11 15:19:59 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-01-11 15:19:59 +0000 |
| commit | 50c3debc90a6bee413338ad657c3f5194a893cd7 (patch) | |
| tree | 7f88df99cc1f1a5ac54ee1d17bdb486099407c78 /src/conf_mode/vpn_ipsec.py | |
| parent | 3a0ca18360391a7fac6f19f7cb97000842b40637 (diff) | |
| parent | 7e9d465dc23e7395b24b088e4f107c6ef1a0a8fd (diff) | |
| download | vyos-1x-50c3debc90a6bee413338ad657c3f5194a893cd7.tar.gz vyos-1x-50c3debc90a6bee413338ad657c3f5194a893cd7.zip | |
Merge pull request #2804 from vyos/mergify/bp/sagitta/pr-2798
T5791: T5918: use generic pattern to detect dynamic interfaces for ipsec and dynamic dns (backport #2798)
Diffstat (limited to 'src/conf_mode/vpn_ipsec.py')
| -rwxr-xr-x | src/conf_mode/vpn_ipsec.py | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py index adbac0405..d074ed159 100755 --- a/src/conf_mode/vpn_ipsec.py +++ b/src/conf_mode/vpn_ipsec.py @@ -27,6 +27,7 @@ from vyos.base import Warning from vyos.config import Config from vyos.configdict import leaf_node_changed from vyos.configverify import verify_interface_exists +from vyos.configverify import dynamic_interface_pattern from vyos.defaults import directories from vyos.ifconfig import Interface from vyos.pki import encode_certificate @@ -160,8 +161,15 @@ def verify(ipsec): raise ConfigError(f'Authentication psk "{psk}" missing "id" or "secret"') if 'interface' in ipsec: - for ifname in ipsec['interface']: - verify_interface_exists(ifname) + tmp = re.compile(dynamic_interface_pattern) + for interface in ipsec['interface']: + # exclude check interface for dynamic interfaces + if tmp.match(interface): + if not interface_exists(interface): + Warning(f'Interface "{interface}" does not exist yet and cannot be used ' + f'for IPsec until it is up!') + else: + verify_interface_exists(interface) if 'l2tp' in ipsec: if 'esp_group' in ipsec['l2tp']: |