From ce5fe544e4d6c0bd8e6425ec97d0bdfd130630a4 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 28 May 2021 21:52:42 +0200 Subject: vti: ipsec: T2816: interfaces must be created using the vyos.ifconfig library --- src/conf_mode/interfaces-vti.py | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'src/conf_mode/interfaces-vti.py') diff --git a/src/conf_mode/interfaces-vti.py b/src/conf_mode/interfaces-vti.py index 432d113e8..acd4a9790 100755 --- a/src/conf_mode/interfaces-vti.py +++ b/src/conf_mode/interfaces-vti.py @@ -19,6 +19,7 @@ from sys import exit from vyos.config import Config from vyos.configdict import get_interface_dict from vyos.ifconfig import VTIIf +from vyos.util import dict_search from vyos import ConfigError from vyos import airbag airbag.enable() @@ -34,6 +35,23 @@ def get_config(config=None): conf = Config() base = ['interfaces', 'vti'] vti = get_interface_dict(conf, base) + + # VTI is more then an interface - we retrieve the "real" configuration from + # the IPsec peer configuration which binds this VTI + conf.set_level([]) + tmp = conf.get_config_dict(['vpn', 'ipsec', 'site-to-site', 'peer'], + key_mangling=('-', '_'), get_first_key=True, + no_tag_node_value_mangle=True) + + for peer, peer_config in tmp.items(): + if dict_search('vti.bind', peer_config) == vti['ifname']: + vti['remote'] = peer + if 'local_address' in peer_config: + vti['source_address'] = peer_config['local_address'] + # we also need to "calculate" a per vti individual key + base = 0x900000 + vti['key'] = base + int(vti['ifname'].lstrip('vti')) + return vti def verify(vti): @@ -46,6 +64,11 @@ def generate(vti): return None def apply(vti): + tmp = VTIIf(**vti) + tmp.remove() + if 'deleted' not in vti: + tmp.update(vti) + return None if __name__ == '__main__': -- cgit v1.2.3