diff options
Diffstat (limited to 'src')
| -rwxr-xr-x | src/conf_mode/vpn_ipsec.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py index a4cd33e64..11ff12e94 100755 --- a/src/conf_mode/vpn_ipsec.py +++ b/src/conf_mode/vpn_ipsec.py @@ -250,6 +250,11 @@ def verify(ipsec): if 'ike_group' in ra_conf: if 'ike_group' not in ipsec or ra_conf['ike_group'] not in ipsec['ike_group']: raise ConfigError(f"Invalid ike-group on {name} remote-access config") + + ike = ra_conf['ike_group'] + if dict_search(f'ike_group.{ike}.key_exchange', ipsec) != 'ikev2': + raise ConfigError('IPSec remote-access connections requires IKEv2!') + else: raise ConfigError(f"Missing ike-group on {name} remote-access config") |