summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authoraapostoliuk <a.apostoliuk@vyos.io>2022-11-04 18:11:33 +0200
committeraapostoliuk <a.apostoliuk@vyos.io>2022-11-18 10:39:31 +0200
commitc3be3f0a127819b4b922331f307a89afaaf7cef3 (patch)
tree8b2217bd2cb84f9d8a802940ee57dada068fde23 /src
parent36e54927217d8e1560ddb7d4911542c53c42c71f (diff)
downloadvyos-1x-c3be3f0a127819b4b922331f307a89afaaf7cef3.tar.gz
vyos-1x-c3be3f0a127819b4b922331f307a89afaaf7cef3.zip
T4793: Added warning about disable-route-autoinstall
Added warning message about disable-route-autoinstall when ipsec vti is used.
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/vpn_ipsec.py5
1 files changed, 5 insertions, 0 deletions
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py
index cfefcfbe8..b79e9847a 100755
--- a/src/conf_mode/vpn_ipsec.py
+++ b/src/conf_mode/vpn_ipsec.py
@@ -22,6 +22,7 @@ from sys import exit
from time import sleep
from time import time
+from vyos.base import Warning
from vyos.config import Config
from vyos.configdict import leaf_node_changed
from vyos.configverify import verify_interface_exists
@@ -438,6 +439,10 @@ def verify(ipsec):
if 'local_address' in peer_conf and 'dhcp_interface' in peer_conf:
raise ConfigError(f"A single local-address or dhcp-interface is required when using VTI on site-to-site peer {peer}")
+ if dict_search('options.disable_route_autoinstall',
+ ipsec) == None:
+ Warning('It\'s recommended to use ipsec vty with the next command\n[set vpn ipsec option disable-route-autoinstall]')
+
if 'bind' in peer_conf['vti']:
vti_interface = peer_conf['vti']['bind']
if not os.path.exists(f'/sys/class/net/{vti_interface}'):