diff options
author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2021-07-02 10:57:32 +0200 |
---|---|---|
committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2021-07-02 12:32:06 +0200 |
commit | f480346bb8e934b1ce2e0fc3be23f7168273bba1 (patch) | |
tree | 55987b6d51c5fc9ee92689b235176df941a91f95 /src | |
parent | c232fdc4c5464858818f1a83c35ed5d0b7fba15a (diff) | |
download | vyos-1x-f480346bb8e934b1ce2e0fc3be23f7168273bba1.tar.gz vyos-1x-f480346bb8e934b1ce2e0fc3be23f7168273bba1.zip |
ipsec: T3656: T3659: Fix pass-through with ipv6. Fix op-mode ipsec commands. Remove python3-crypto dependency.
Diffstat (limited to 'src')
-rwxr-xr-x | src/conf_mode/vpn_ipsec.py | 6 | ||||
-rwxr-xr-x | src/op_mode/show_ipsec_sa.py | 2 | ||||
-rwxr-xr-x | src/op_mode/vpn_ipsec.py | 2 |
3 files changed, 6 insertions, 4 deletions
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py index bf4aa332a..ce72ee094 100755 --- a/src/conf_mode/vpn_ipsec.py +++ b/src/conf_mode/vpn_ipsec.py @@ -14,6 +14,7 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. +import ipaddress import os from sys import exit @@ -34,7 +35,6 @@ from vyos.util import call from vyos.util import dict_search from vyos.util import process_named_running from vyos.util import run -from vyos.util import cidr_fit from vyos import ConfigError from vyos import airbag airbag.enable() @@ -407,7 +407,9 @@ def generate(ipsec): for local_prefix in local_prefixes: for remote_prefix in remote_prefixes: - if cidr_fit(local_prefix, remote_prefix): + local_net = ipaddress.ip_network(local_prefix) + remote_net = ipaddress.ip_network(remote_prefix) + if local_net.overlaps(remote_net): passthrough.append(local_prefix) data['site_to_site']['peer'][peer]['tunnel'][tunnel]['passthrough'] = passthrough diff --git a/src/op_mode/show_ipsec_sa.py b/src/op_mode/show_ipsec_sa.py index a94c7efc6..e491267fd 100755 --- a/src/op_mode/show_ipsec_sa.py +++ b/src/op_mode/show_ipsec_sa.py @@ -26,7 +26,7 @@ import vyos.util def format_output(conns, sas): sa_data = [] - for peer, parent_conn in conn.items(): + for peer, parent_conn in conns.items(): if peer not in sas: continue diff --git a/src/op_mode/vpn_ipsec.py b/src/op_mode/vpn_ipsec.py index dd5a85ed3..ad7efbf2d 100755 --- a/src/op_mode/vpn_ipsec.py +++ b/src/op_mode/vpn_ipsec.py @@ -23,7 +23,7 @@ import argparse from subprocess import TimeoutExpired from vyos.util import ask_yes_no, call, cmd, process_named_running -from Crypto.PublicKey.RSA import importKey +from Cryptodome.PublicKey.RSA import importKey RSA_LOCAL_KEY_PATH = '/config/ipsec.d/rsa-keys/localhost.key' RSA_LOCAL_PUB_PATH = '/etc/ipsec.d/certs/localhost.pub' |