Merge pull request #4509 from sever-sever/T7458

T7458: Fix VPN IPsec unexpected passthrough logic bug
author: Daniil Baturin <daniil@vyos.io> 2025-05-19 14:42:57 +0100
committer: GitHub <noreply@github.com> 2025-05-19 14:42:57 +0100
commit: 0801bc6c2dd155f40fd22c64f873a01e8be25c9f (patch)
tree: 8cc8d82556a01cb70c0498fcb84876327e986a8b /src/conf_mode/vpn_ipsec.py
parent: a99174d0e4a39ec1cbc66fcf90829ab36f7534f0 (diff)
parent: 2f8c013b537b6eed12b95c81e9098b240ce1eaa5 (diff)
download: vyos-1x-0801bc6c2dd155f40fd22c64f873a01e8be25c9f.tar.gz
vyos-1x-0801bc6c2dd155f40fd22c64f873a01e8be25c9f.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py
index 2754314f7..ac25cd671 100755
--- a/src/conf_mode/vpn_ipsec.py
+++ b/src/conf_mode/vpn_ipsec.py
@@ -727,7 +727,7 @@ def generate(ipsec):
                         for remote_prefix in remote_prefixes:
                             local_net = ipaddress.ip_network(local_prefix)
                             remote_net = ipaddress.ip_network(remote_prefix)
-                            if local_net.overlaps(remote_net):
+                            if local_net.subnet_of(remote_net):
                                 if passthrough is None:
                                     passthrough = []
                                 passthrough.append(local_prefix)
author	Daniil Baturin <daniil@vyos.io>	2025-05-19 14:42:57 +0100
committer	GitHub <noreply@github.com>	2025-05-19 14:42:57 +0100
commit	0801bc6c2dd155f40fd22c64f873a01e8be25c9f (patch)
tree	8cc8d82556a01cb70c0498fcb84876327e986a8b /src/conf_mode/vpn_ipsec.py
parent	a99174d0e4a39ec1cbc66fcf90829ab36f7534f0 (diff)
parent	2f8c013b537b6eed12b95c81e9098b240ce1eaa5 (diff)
download	vyos-1x-0801bc6c2dd155f40fd22c64f873a01e8be25c9f.tar.gz vyos-1x-0801bc6c2dd155f40fd22c64f873a01e8be25c9f.zip