From 9e18f625dfddefa6fec7362e7e6758821389152a Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 27 Jul 2021 07:01:12 +0200 Subject: ipsec: T3705: bugfix for VTI interfaces no honoring default-esp-group --- data/templates/ipsec/swanctl/peer.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'data/templates/ipsec/swanctl') diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl index 8e46e8892..32ead9e60 100644 --- a/data/templates/ipsec/swanctl/peer.tmpl +++ b/data/templates/ipsec/swanctl/peer.tmpl @@ -54,7 +54,7 @@ } children { {% if peer_conf.vti is defined and peer_conf.vti.bind is defined and peer_conf.tunnel is not defined %} -{% set vti_esp = esp_group[peer_conf.vti.esp_group] if peer_conf.vti.esp_group is defined else None %} +{% set vti_esp = esp_group[ peer_conf.vti.esp_group ] if peer_conf.vti.esp_group is defined else esp_group[ peer_conf.default_esp_group ] %} peer_{{ name }}_vti { esp_proposals = {{ vti_esp | get_esp_ike_cipher | join(',') }} local_ts = 0.0.0.0/0,::/0 -- cgit v1.2.3