vti: T3595: error out when adding VTI interface withouth IPSec

1 files changed, 13 insertions, 2 deletions

diff --git a/src/conf_mode/interfaces-vti.py b/src/conf_mode/interfaces-vti.py
index 09fd8f5f9..6ff23ae59 100755
--- a/src/conf_mode/interfaces-vti.py
+++ b/src/conf_mode/interfaces-vti.py
@@ -40,11 +40,11 @@ def get_config(config=None):
     # VTI is more then an interface - we retrieve the "real" configuration from
     # the IPsec peer configuration which binds this VTI
     conf.set_level([])
-    tmp = conf.get_config_dict(['vpn', 'ipsec', 'site-to-site', 'peer'],
+    vti['ipsec'] = conf.get_config_dict(['vpn', 'ipsec', 'site-to-site', 'peer'],
                                key_mangling=('-', '_'), get_first_key=True,
                                no_tag_node_value_mangle=True)
 
-    for peer, peer_config in tmp.items():
+    for peer, peer_config in vti['ipsec'].items():
         if dict_search('vti.bind', peer_config) == vti['ifname']:
             vti['remote'] = peer
             if 'local_address' in peer_config:
@@ -59,6 +59,17 @@ def verify(vti):
     if 'deleted' in vti:
         return None
 
+    ifname = vti['ifname']
+    found = False
+    for peer, peer_config in vti['ipsec'].items():
+        if dict_search('vti.bind', peer_config) == ifname:
+            found = True
+            # we can now stop processing the for loop
+            break
+    if not found:
+        tmp = vti['ifname']
+        raise ConfigError(f'Interface "{ifname}" not referenced in any VPN configuration!')
+
     return None
 
 def generate(vti):