5 files changed, 61 insertions, 5 deletions
diff --git a/src/conf_mode/interfaces_wireless.py b/src/conf_mode/interfaces_wireless.py
index 02b4a2500..c0a17c0bc 100755
--- a/src/conf_mode/interfaces_wireless.py
+++ b/src/conf_mode/interfaces_wireless.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2019-2020 VyOS maintainers and contributors
+# Copyright (C) 2019-2024 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -31,8 +31,9 @@ from vyos.configverify import verify_vrf
 from vyos.configverify import verify_bond_bridge_member
 from vyos.ifconfig import WiFiIf
 from vyos.template import render
-from vyos.utils.process import call
 from vyos.utils.dict import dict_search
+from vyos.utils.kernel import check_kmod
+from vyos.utils.process import call
 from vyos import ConfigError
 from vyos import airbag
 airbag.enable()
@@ -118,6 +119,10 @@ def verify(wifi):
     if 'physical_device' not in wifi:
         raise ConfigError('You must specify a physical-device "phy"')
 
+    physical_device = wifi['physical_device']
+    if not os.path.exists(f'/sys/class/ieee80211/{physical_device}'):
+        raise ConfigError(f'Wirelss interface PHY "{physical_device}" does not exist!')
+
     if 'type' not in wifi:
         raise ConfigError('You must specify a WiFi mode')
 
@@ -266,6 +271,7 @@ def apply(wifi):
 
 if __name__ == '__main__':
     try:
+        check_kmod('mac80211')
         c = get_config()
         verify(c)
         generate(c)
diff --git a/src/conf_mode/service_ipoe-server.py b/src/conf_mode/service_ipoe-server.py
index 11e950782..28b7fb03c 100755
--- a/src/conf_mode/service_ipoe-server.py
+++ b/src/conf_mode/service_ipoe-server.py
@@ -66,7 +66,7 @@ def verify(ipoe):
         raise ConfigError('No IPoE interface configured')
 
     for interface, iface_config in ipoe['interface'].items():
-        verify_interface_exists(interface)
+        verify_interface_exists(interface, warning_only=True)
         if 'client_subnet' in iface_config and 'vlan' in iface_config:
             raise ConfigError('Option "client-subnet" and "vlan" are mutually exclusive, '
                               'use "client-ip-pool" instead!')
diff --git a/src/conf_mode/service_pppoe-server.py b/src/conf_mode/service_pppoe-server.py
index b9d174933..328487985 100755
--- a/src/conf_mode/service_pppoe-server.py
+++ b/src/conf_mode/service_pppoe-server.py
@@ -105,7 +105,7 @@ def verify(pppoe):
 
     # Check is interface exists in the system
     for interface in pppoe['interface']:
-        verify_interface_exists(interface)
+        verify_interface_exists(interface, warning_only=True)
 
     return None
 
diff --git a/src/migration-scripts/openconnect/2-to-3 b/src/migration-scripts/openconnect/2-to-3
new file mode 100755
index 000000000..e78fc8a91
--- /dev/null
+++ b/src/migration-scripts/openconnect/2-to-3
@@ -0,0 +1,50 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2024 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# T4982: Retain prior default TLS version (v1.0) when upgrading installations with existing openconnect configurations
+
+import sys
+
+from vyos.configtree import ConfigTree
+
+if len(sys.argv) < 2:
+    print("Must specify file name!")
+    sys.exit(1)
+
+file_name = sys.argv[1]
+
+with open(file_name, 'r') as f:
+    config_file = f.read()
+
+
+config = ConfigTree(config_file)
+cfg_base = ['vpn', 'openconnect']
+
+# bail out early if service is unconfigured
+if not config.exists(cfg_base):
+    sys.exit(0)
+
+# new default is TLS 1.2 - set explicit old default value of TLS 1.0 for upgraded configurations to keep compatibility
+tls_min_path = cfg_base + ['tls-version-min']
+if not config.exists(tls_min_path):
+    config.set(tls_min_path, value='1.0')
+
+try:
+    with open(file_name, 'w') as f:
+        f.write(config.to_string())
+except OSError as e:
+    print("Failed to save the modified config: {}".format(e))
+    sys.exit(1)
diff --git a/src/services/vyos-configd b/src/services/vyos-configd
index 648a017d5..c89c486e5 100755
--- a/src/services/vyos-configd
+++ b/src/services/vyos-configd
@@ -236,7 +236,7 @@ def process_node_data(config, data, last: bool = False) -> int:
     with stdout_redirected(session_out, session_mode):
         result = run_script(conf_mode_scripts[script_name], config, args)
 
-    if last:
+    if last and result == R_SUCCESS:
         call_dependents(dependent_func=config.dependent_func)
 
     return result