1 files changed, 13 insertions, 4 deletions

diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py
index 5ca32d23e..77a425f8b 100755
--- a/src/conf_mode/vpn_ipsec.py
+++ b/src/conf_mode/vpn_ipsec.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2021 VyOS maintainers and contributors
+# Copyright (C) 2021-2022 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -16,6 +16,7 @@
 
 import ipaddress
 import os
+import re
 
 from sys import exit
 from time import sleep
@@ -264,7 +265,7 @@ def verify(ipsec):
 
                     ike = ra_conf['ike_group']
                     if dict_search(f'ike_group.{ike}.key_exchange', ipsec) != 'ikev2':
-                        raise ConfigError('IPSec remote-access connections requires IKEv2!')
+                        raise ConfigError('IPsec remote-access connections requires IKEv2!')
 
                 else:
                     raise ConfigError(f"Missing ike-group on {name} remote-access config")
@@ -307,10 +308,10 @@ def verify(ipsec):
                     for pool in ra_conf['pool']:
                         if pool == 'dhcp':
                             if dict_search('remote_access.dhcp.server', ipsec) == None:
-                                raise ConfigError('IPSec DHCP server is not configured!')
+                                raise ConfigError('IPsec DHCP server is not configured!')
                         elif pool == 'radius':
                             if dict_search('remote_access.radius.server', ipsec) == None:
-                                raise ConfigError('IPSec RADIUS server is not configured!')
+                                raise ConfigError('IPsec RADIUS server is not configured!')
 
                             if dict_search('authentication.client_mode', ra_conf) != 'eap-radius':
                                 raise ConfigError('RADIUS IP pool requires eap-radius client authentication!')
@@ -348,6 +349,14 @@ def verify(ipsec):
     if 'site_to_site' in ipsec and 'peer' in ipsec['site_to_site']:
         for peer, peer_conf in ipsec['site_to_site']['peer'].items():
             has_default_esp = False
+            # Peer name it is swanctl connection name and shouldn't contain dots or colons, T4118
+            if bool(re.search(':|\.', peer)):
+                raise ConfigError(f'Incorrect peer name "{peer}" '
+                                  f'Peer name can contain alpha-numeric letters, hyphen and underscore')
+
+            if 'remote_address' not in peer_conf:
+                print(f'You should set correct remote-address "peer {peer} remote-address x.x.x.x"\n')
+
             if 'default_esp_group' in peer_conf:
                 has_default_esp = True
                 if 'esp_group' not in ipsec or peer_conf['default_esp_group'] not in ipsec['esp_group']: