summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorsarthurdev <965089+sarthurdev@users.noreply.github.com>2021-07-02 10:57:32 +0200
committersarthurdev <965089+sarthurdev@users.noreply.github.com>2021-07-02 12:32:06 +0200
commitf480346bb8e934b1ce2e0fc3be23f7168273bba1 (patch)
tree55987b6d51c5fc9ee92689b235176df941a91f95 /src
parentc232fdc4c5464858818f1a83c35ed5d0b7fba15a (diff)
downloadvyos-1x-f480346bb8e934b1ce2e0fc3be23f7168273bba1.tar.gz
vyos-1x-f480346bb8e934b1ce2e0fc3be23f7168273bba1.zip
ipsec: T3656: T3659: Fix pass-through with ipv6. Fix op-mode ipsec commands. Remove python3-crypto dependency.
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/vpn_ipsec.py6
-rwxr-xr-xsrc/op_mode/show_ipsec_sa.py2
-rwxr-xr-xsrc/op_mode/vpn_ipsec.py2
3 files changed, 6 insertions, 4 deletions
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py
index bf4aa332a..ce72ee094 100755
--- a/src/conf_mode/vpn_ipsec.py
+++ b/src/conf_mode/vpn_ipsec.py
@@ -14,6 +14,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
+import ipaddress
import os
from sys import exit
@@ -34,7 +35,6 @@ from vyos.util import call
from vyos.util import dict_search
from vyos.util import process_named_running
from vyos.util import run
-from vyos.util import cidr_fit
from vyos import ConfigError
from vyos import airbag
airbag.enable()
@@ -407,7 +407,9 @@ def generate(ipsec):
for local_prefix in local_prefixes:
for remote_prefix in remote_prefixes:
- if cidr_fit(local_prefix, remote_prefix):
+ local_net = ipaddress.ip_network(local_prefix)
+ remote_net = ipaddress.ip_network(remote_prefix)
+ if local_net.overlaps(remote_net):
passthrough.append(local_prefix)
data['site_to_site']['peer'][peer]['tunnel'][tunnel]['passthrough'] = passthrough
diff --git a/src/op_mode/show_ipsec_sa.py b/src/op_mode/show_ipsec_sa.py
index a94c7efc6..e491267fd 100755
--- a/src/op_mode/show_ipsec_sa.py
+++ b/src/op_mode/show_ipsec_sa.py
@@ -26,7 +26,7 @@ import vyos.util
def format_output(conns, sas):
sa_data = []
- for peer, parent_conn in conn.items():
+ for peer, parent_conn in conns.items():
if peer not in sas:
continue
diff --git a/src/op_mode/vpn_ipsec.py b/src/op_mode/vpn_ipsec.py
index dd5a85ed3..ad7efbf2d 100755
--- a/src/op_mode/vpn_ipsec.py
+++ b/src/op_mode/vpn_ipsec.py
@@ -23,7 +23,7 @@ import argparse
from subprocess import TimeoutExpired
from vyos.util import ask_yes_no, call, cmd, process_named_running
-from Crypto.PublicKey.RSA import importKey
+from Cryptodome.PublicKey.RSA import importKey
RSA_LOCAL_KEY_PATH = '/config/ipsec.d/rsa-keys/localhost.key'
RSA_LOCAL_PUB_PATH = '/etc/ipsec.d/certs/localhost.pub'