Merge pull request #1463 from sever-sever/T4118

ipsec: T4118: Change vpn ipsec syntax for IKE ESP and peer
author: Daniil Baturin <daniil@vyos.io> 2022-09-16 18:16:42 +0100
committer: GitHub <noreply@github.com> 2022-09-16 18:16:42 +0100
commit: 748dab43b87c3993bdd5c697e7b778ed7a8e48a1 (patch)
tree: d10c394a9a836904a408d507505128afe6e505ab /src/conf_mode
parent: 79a96ee241760479c7ddec690ed5b28dca89198c (diff)
parent: bd4588827b563022ce5fb98b1345b787b9194176 (diff)
download: vyos-1x-748dab43b87c3993bdd5c697e7b778ed7a8e48a1.tar.gz
vyos-1x-748dab43b87c3993bdd5c697e7b778ed7a8e48a1.zip
1 files changed, 10 insertions, 1 deletions
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py
index 5ca32d23e..c9061366d 100755
--- a/src/conf_mode/vpn_ipsec.py
+++ b/src/conf_mode/vpn_ipsec.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2021 VyOS maintainers and contributors
+# Copyright (C) 2021-2022 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -16,6 +16,7 @@
 
 import ipaddress
 import os
+import re
 
 from sys import exit
 from time import sleep
@@ -348,6 +349,14 @@ def verify(ipsec):
     if 'site_to_site' in ipsec and 'peer' in ipsec['site_to_site']:
         for peer, peer_conf in ipsec['site_to_site']['peer'].items():
             has_default_esp = False
+            # Peer name it is swanctl connection name and shouldn't contain dots or colons, T4118
+            if bool(re.search(':|\.', peer)):
+                raise ConfigError(f'Incorrect peer name "{peer}" '
+                                  f'Peer name can contain alpha-numeric letters, hyphen and underscore')
+
+            if 'remote_address' not in peer_conf:
+                print(f'You should set correct remote-address "peer {peer} remote-address x.x.x.x"\n')
+
             if 'default_esp_group' in peer_conf:
                 has_default_esp = True
                 if 'esp_group' not in ipsec or peer_conf['default_esp_group'] not in ipsec['esp_group']:
author	Daniil Baturin <daniil@vyos.io>	2022-09-16 18:16:42 +0100
committer	GitHub <noreply@github.com>	2022-09-16 18:16:42 +0100
commit	748dab43b87c3993bdd5c697e7b778ed7a8e48a1 (patch)
tree	d10c394a9a836904a408d507505128afe6e505ab /src/conf_mode
parent	79a96ee241760479c7ddec690ed5b28dca89198c (diff)
parent	bd4588827b563022ce5fb98b1345b787b9194176 (diff)
download	vyos-1x-748dab43b87c3993bdd5c697e7b778ed7a8e48a1.tar.gz vyos-1x-748dab43b87c3993bdd5c697e7b778ed7a8e48a1.zip