summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/vpn_ipsec.py23
1 files changed, 9 insertions, 14 deletions
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py
index 6d5d24e52..ff26f875a 100755
--- a/src/conf_mode/vpn_ipsec.py
+++ b/src/conf_mode/vpn_ipsec.py
@@ -41,11 +41,6 @@ from vyos import ConfigError
from vyos import airbag
airbag.enable()
-any_log_modes = [
- 'dmn', 'mgr', 'ike', 'chd','job', 'cfg', 'knl', 'net', 'asn',
- 'enc', 'lib', 'esp', 'tls', 'tnc', 'imc', 'imv', 'pts'
-]
-
dhcp_wait_attempts = 2
dhcp_wait_sleep = 1
@@ -79,6 +74,15 @@ def get_config(config=None):
ipsec = conf.get_config_dict(base, key_mangling=('-', '_'),
get_first_key=True, no_tag_node_value_mangle=True)
+ # We have gathered the dict representation of the CLI, but there are default
+ # options which we need to update into the dictionary retrived.
+ default_values = defaults(base)
+ # XXX: T2665: we must safely remove default values for tag nodes, those are
+ # added in a more fine grained way later on
+ del default_values['esp_group']
+ del default_values['ike_group']
+ ipsec = dict_merge(default_values, ipsec)
+
if 'esp_group' in ipsec:
default_values = defaults(base + ['esp-group'])
for group in ipsec['esp_group']:
@@ -91,7 +95,6 @@ def get_config(config=None):
ipsec['ike_group'][group] = dict_merge(default_values,
ipsec['ike_group'][group])
-
ipsec['dhcp_no_address'] = {}
ipsec['interface_change'] = leaf_node_changed(conf, base + ['ipsec-interfaces',
'interface'])
@@ -356,14 +359,6 @@ def generate(ipsec):
data['site_to_site']['peer'][peer]['tunnel'][tunnel]['passthrough'] = passthrough
- if 'logging' in ipsec and 'log_modes' in ipsec['logging']:
- modes = ipsec['logging']['log_modes']
- level = ipsec['logging']['log_level'] if 'log_level' in ipsec['logging'] else '1'
- if isinstance(modes, str):
- modes = [modes]
- if 'any' in modes:
- modes = any_log_modes
- data['charondebug'] = f' {level}, '.join(modes) + ' ' + level
render(ipsec_conf, 'ipsec/ipsec.conf.tmpl', data)
render(ipsec_secrets, 'ipsec/ipsec.secrets.tmpl', data)