diff options
author | aapostoliuk <a.apostoliuk@vyos.io> | 2022-11-04 18:11:33 +0200 |
---|---|---|
committer | aapostoliuk <a.apostoliuk@vyos.io> | 2022-11-18 10:39:31 +0200 |
commit | c3be3f0a127819b4b922331f307a89afaaf7cef3 (patch) | |
tree | 8b2217bd2cb84f9d8a802940ee57dada068fde23 /src | |
parent | 36e54927217d8e1560ddb7d4911542c53c42c71f (diff) | |
download | vyos-1x-c3be3f0a127819b4b922331f307a89afaaf7cef3.tar.gz vyos-1x-c3be3f0a127819b4b922331f307a89afaaf7cef3.zip |
T4793: Added warning about disable-route-autoinstall
Added warning message about disable-route-autoinstall
when ipsec vti is used.
Diffstat (limited to 'src')
-rwxr-xr-x | src/conf_mode/vpn_ipsec.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py index cfefcfbe8..b79e9847a 100755 --- a/src/conf_mode/vpn_ipsec.py +++ b/src/conf_mode/vpn_ipsec.py @@ -22,6 +22,7 @@ from sys import exit from time import sleep from time import time +from vyos.base import Warning from vyos.config import Config from vyos.configdict import leaf_node_changed from vyos.configverify import verify_interface_exists @@ -438,6 +439,10 @@ def verify(ipsec): if 'local_address' in peer_conf and 'dhcp_interface' in peer_conf: raise ConfigError(f"A single local-address or dhcp-interface is required when using VTI on site-to-site peer {peer}") + if dict_search('options.disable_route_autoinstall', + ipsec) == None: + Warning('It\'s recommended to use ipsec vty with the next command\n[set vpn ipsec option disable-route-autoinstall]') + if 'bind' in peer_conf['vti']: vti_interface = peer_conf['vti']['bind'] if not os.path.exists(f'/sys/class/net/{vti_interface}'): |