summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-01-11 16:17:33 +0100
committerGitHub <noreply@github.com>2024-01-11 16:17:33 +0100
commitebf8c8d750357122023a0c96b41072065f755c2e (patch)
tree9d8ce1ce1d6a64466114feeba21c3def5b31a7b8 /src/conf_mode
parentf5b19352a4bc641fe773c09ec84a361404881458 (diff)
parent8c941e316035e56757d77b782cf39702c73546e0 (diff)
downloadvyos-1x-ebf8c8d750357122023a0c96b41072065f755c2e.tar.gz
vyos-1x-ebf8c8d750357122023a0c96b41072065f755c2e.zip
Merge pull request #2798 from c-po/ipsec-T5918
T5791: T5918: use genetic pattern to detect dynamic interfaces for ipsec and dynamic dns
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/service_dns_dynamic.py14
-rwxr-xr-xsrc/conf_mode/vpn_ipsec.py12
2 files changed, 17 insertions, 9 deletions
diff --git a/src/conf_mode/service_dns_dynamic.py b/src/conf_mode/service_dns_dynamic.py
index 99fa8feee..845aaa1b5 100755
--- a/src/conf_mode/service_dns_dynamic.py
+++ b/src/conf_mode/service_dns_dynamic.py
@@ -21,8 +21,10 @@ from sys import exit
from vyos.base import Warning
from vyos.config import Config
from vyos.configverify import verify_interface_exists
+from vyos.configverify import dynamic_interface_pattern
from vyos.template import render
from vyos.utils.process import call
+from vyos.utils.network import interface_exists
from vyos import ConfigError
from vyos import airbag
airbag.enable()
@@ -30,9 +32,6 @@ airbag.enable()
config_file = r'/run/ddclient/ddclient.conf'
systemd_override = r'/run/systemd/system/ddclient.service.d/override.conf'
-# Dynamic interfaces that might not exist when the configuration is loaded
-dynamic_interfaces = ('pppoe', 'sstpc')
-
# Protocols that require zone
zone_necessary = ['cloudflare', 'digitalocean', 'godaddy', 'hetzner', 'gandi',
'nfsn', 'nsupdate']
@@ -81,7 +80,6 @@ def verify(dyndns):
# Dynamic DNS service provider - configuration validation
for service, config in dyndns['name'].items():
-
error_msg_req = f'is required for Dynamic DNS service "{service}"'
error_msg_uns = f'is not supported for Dynamic DNS service "{service}"'
@@ -93,10 +91,12 @@ def verify(dyndns):
# that the interface exists (or just warn if dynamic interface)
# and that web-options are not set
if config['address'] != 'web':
+ tmp = re.compile(dynamic_interface_pattern)
# exclude check interface for dynamic interfaces
- if config['address'].startswith(dynamic_interfaces):
- Warning(f'Interface "{config["address"]}" does not exist yet and cannot '
- f'be used for Dynamic DNS service "{service}" until it is up!')
+ if tmp.match(config["address"]):
+ if not interface_exists(config["address"]):
+ Warning(f'Interface "{config["address"]}" does not exist yet and cannot '
+ f'be used for Dynamic DNS service "{service}" until it is up!')
else:
verify_interface_exists(config['address'])
if 'web_options' in config:
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py
index adbac0405..d074ed159 100755
--- a/src/conf_mode/vpn_ipsec.py
+++ b/src/conf_mode/vpn_ipsec.py
@@ -27,6 +27,7 @@ from vyos.base import Warning
from vyos.config import Config
from vyos.configdict import leaf_node_changed
from vyos.configverify import verify_interface_exists
+from vyos.configverify import dynamic_interface_pattern
from vyos.defaults import directories
from vyos.ifconfig import Interface
from vyos.pki import encode_certificate
@@ -160,8 +161,15 @@ def verify(ipsec):
raise ConfigError(f'Authentication psk "{psk}" missing "id" or "secret"')
if 'interface' in ipsec:
- for ifname in ipsec['interface']:
- verify_interface_exists(ifname)
+ tmp = re.compile(dynamic_interface_pattern)
+ for interface in ipsec['interface']:
+ # exclude check interface for dynamic interfaces
+ if tmp.match(interface):
+ if not interface_exists(interface):
+ Warning(f'Interface "{interface}" does not exist yet and cannot be used '
+ f'for IPsec until it is up!')
+ else:
+ verify_interface_exists(interface)
if 'l2tp' in ipsec:
if 'esp_group' in ipsec['l2tp']: