diff options
| author | Christian Poessinger <christian@poessinger.com> | 2021-09-15 19:14:37 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2021-09-15 19:39:22 +0200 |
| commit | 3e85333ae7c53fc8b2ceae1d1788e795fd92c939 (patch) | |
| tree | 874233b4b1426f89c2419ba250b242521a856510 /src/conf_mode | |
| parent | 74878d14157408ef3a4c42f32608dcd5bbf812a1 (diff) | |
| download | vyos-1x-3e85333ae7c53fc8b2ceae1d1788e795fd92c939.tar.gz vyos-1x-3e85333ae7c53fc8b2ceae1d1788e795fd92c939.zip | |
ipsec: T3830: "authentication id|use-x509-id" are mutually exclusive
Manually set peer id and use-x509-id are mutually exclusive!
Diffstat (limited to 'src/conf_mode')
| -rwxr-xr-x | src/conf_mode/vpn_ipsec.py | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py index ff6090e22..99b82ca2d 100755 --- a/src/conf_mode/vpn_ipsec.py +++ b/src/conf_mode/vpn_ipsec.py @@ -362,6 +362,9 @@ def verify(ipsec): if 'authentication' not in peer_conf or 'mode' not in peer_conf['authentication']: raise ConfigError(f"Missing authentication on site-to-site peer {peer}") + if {'id', 'use_x509_id'} <= set(peer_conf['authentication']): + raise ConfigError(f"Manually set peer id and use-x509-id are mutually exclusive!") + if peer_conf['authentication']['mode'] == 'x509': if 'x509' not in peer_conf['authentication']: raise ConfigError(f"Missing x509 settings on site-to-site peer {peer}") |