summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--data/templates/ipsec/swanctl/remote_access.j24
-rwxr-xr-xsrc/migration-scripts/ipsec/9-to-1027
2 files changed, 21 insertions, 10 deletions
diff --git a/data/templates/ipsec/swanctl/remote_access.j2 b/data/templates/ipsec/swanctl/remote_access.j2
index d2760ec1f..60d2d1807 100644
--- a/data/templates/ipsec/swanctl/remote_access.j2
+++ b/data/templates/ipsec/swanctl/remote_access.j2
@@ -17,9 +17,9 @@
pools = {{ rw_conf.pool | join(',') }}
{% endif %}
local {
-{% if rw_conf.authentication.id is vyos_defined and rw_conf.authentication.use_x509_id is not vyos_defined %}
+{% if rw_conf.authentication.local_id is vyos_defined and rw_conf.authentication.use_x509_id is not vyos_defined %}
{# please use " quotes - else Apple iOS goes crazy #}
- id = "{{ rw_conf.authentication.id }}"
+ id = "{{ rw_conf.authentication.local_id }}"
{% endif %}
{% if rw_conf.authentication.server_mode == 'x509' %}
auth = pubkey
diff --git a/src/migration-scripts/ipsec/9-to-10 b/src/migration-scripts/ipsec/9-to-10
index ebf7c4ea9..1254104cb 100755
--- a/src/migration-scripts/ipsec/9-to-10
+++ b/src/migration-scripts/ipsec/9-to-10
@@ -77,24 +77,26 @@ if config.exists(base + ['esp-group']):
# PEER changes
if config.exists(base + ['site-to-site', 'peer']):
for peer in config.list_nodes(base + ['site-to-site', 'peer']):
+ peer_base = base + ['site-to-site', 'peer', peer]
+
# replace: 'peer <tag> id x'
# => 'peer <tag> local-id x'
- if config.exists(base + ['site-to-site', 'peer', peer, 'authentication', 'id']):
- config.rename(base + ['site-to-site', 'peer', peer, 'authentication', 'id'], 'local-id')
+ if config.exists(peer_base + ['authentication', 'id']):
+ config.rename(peer_base + ['authentication', 'id'], 'local-id')
# For the peer '@foo' set remote-id 'foo' if remote-id is not defined
if peer.startswith('@'):
- if not config.exists(base + ['site-to-site', 'peer', peer, 'authentication', 'remote-id']):
+ if not config.exists(peer_base + ['authentication', 'remote-id']):
tmp = peer.replace('@', '')
- config.set(base + ['site-to-site', 'peer', peer, 'authentication', 'remote-id'], value=tmp)
+ config.set(peer_base + ['authentication', 'remote-id'], value=tmp)
# replace: 'peer <tag> force-encapsulation enable'
# => 'peer <tag> force-udp-encapsulation'
- force_enc = base + ['site-to-site', 'peer', peer, 'force-encapsulation']
+ force_enc = peer_base + ['force-encapsulation']
if config.exists(force_enc):
if config.return_value(force_enc) == 'enable':
config.delete(force_enc)
- config.set(base + ['site-to-site', 'peer', peer, 'force-udp-encapsulation'])
+ config.set(peer_base + ['force-udp-encapsulation'])
else:
config.delete(force_enc)
@@ -102,7 +104,7 @@ if config.exists(base + ['site-to-site', 'peer']):
remote_address = peer
if peer.startswith('@'):
remote_address = 'any'
- config.set(base + ['site-to-site', 'peer', peer, 'remote-address'], value=remote_address)
+ config.set(peer_base + ['remote-address'], value=remote_address)
# Peer name it is swanctl connection name and shouldn't contain dots or colons
# rename peer:
# peer 192.0.2.1 => peer peer_192-0-2-1
@@ -113,7 +115,16 @@ if config.exists(base + ['site-to-site', 'peer']):
re_peer_name = re.sub('@', '', re_peer_name)
new_peer_name = f'peer_{re_peer_name}'
- config.rename(base + ['site-to-site', 'peer', peer], new_peer_name)
+ config.rename(peer_base, new_peer_name)
+
+# remote-access/road-warrior changes
+if config.exists(base + ['remote-access', 'connection']):
+ for connection in config.list_nodes(base + ['remote-access', 'connection']):
+ ra_base = base + ['remote-access', 'connection', connection]
+ # replace: 'remote-access connection <tag> authentication id x'
+ # => 'remote-access connection <tag> authentication local-id x'
+ if config.exists(ra_base + ['authentication', 'id']):
+ config.rename(ra_base + ['authentication', 'id'], 'local-id')
try:
with open(file_name, 'w') as f: