From 01386606982352de7eb51f55acc11c6a58ed4cef Mon Sep 17 00:00:00 2001
From: Viacheslav Hletenko <v.gletenko@vyos.io>
Date: Thu, 12 Jan 2023 13:00:05 +0000
Subject: T4118: Add default value any for connection remote-id

If IPsec "peer <tag> authentication remote-id" is not set
it should be "%any" by default
https://docs.strongswan.org/docs/5.9/swanctl/swanctlConf.html#_connections_conn_remote

Set XML default value in use it in the python vpn_ipsec.py script
---
 src/conf_mode/vpn_ipsec.py | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'src/conf_mode')

diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py
index b79e9847a..3af2af4d9 100755
--- a/src/conf_mode/vpn_ipsec.py
+++ b/src/conf_mode/vpn_ipsec.py
@@ -95,6 +95,7 @@ def get_config(config=None):
     del default_values['esp_group']
     del default_values['ike_group']
     del default_values['remote_access']
+    del default_values['site_to_site']
     ipsec = dict_merge(default_values, ipsec)
 
     if 'esp_group' in ipsec:
@@ -143,6 +144,14 @@ def get_config(config=None):
             ipsec['remote_access']['radius']['server'][server] = dict_merge(default_values,
                 ipsec['remote_access']['radius']['server'][server])
 
+    # XXX: T2665: we can not safely rely on the defaults() when there are
+    # tagNodes in place, it is better to blend in the defaults manually.
+    if dict_search('site_to_site.peer', ipsec):
+        default_values = defaults(base + ['site-to-site', 'peer'])
+        for peer in ipsec['site_to_site']['peer']:
+            ipsec['site_to_site']['peer'][peer] = dict_merge(default_values,
+              ipsec['site_to_site']['peer'][peer])
+
     ipsec['dhcp_no_address'] = {}
     ipsec['install_routes'] = 'no' if conf.exists(base + ["options", "disable-route-autoinstall"]) else default_install_routes
     ipsec['interface_change'] = leaf_node_changed(conf, base + ['interface'])
-- 
cgit v1.2.3