From f480346bb8e934b1ce2e0fc3be23f7168273bba1 Mon Sep 17 00:00:00 2001
From: sarthurdev <965089+sarthurdev@users.noreply.github.com>
Date: Fri, 2 Jul 2021 10:57:32 +0200
Subject: ipsec: T3656: T3659: Fix pass-through with ipv6. Fix op-mode ipsec
 commands. Remove python3-crypto dependency.

---
 src/conf_mode/vpn_ipsec.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'src/conf_mode')

diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py
index bf4aa332a..ce72ee094 100755
--- a/src/conf_mode/vpn_ipsec.py
+++ b/src/conf_mode/vpn_ipsec.py
@@ -14,6 +14,7 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+import ipaddress
 import os
 
 from sys import exit
@@ -34,7 +35,6 @@ from vyos.util import call
 from vyos.util import dict_search
 from vyos.util import process_named_running
 from vyos.util import run
-from vyos.util import cidr_fit
 from vyos import ConfigError
 from vyos import airbag
 airbag.enable()
@@ -407,7 +407,9 @@ def generate(ipsec):
 
                         for local_prefix in local_prefixes:
                             for remote_prefix in remote_prefixes:
-                                if cidr_fit(local_prefix, remote_prefix):
+                                local_net = ipaddress.ip_network(local_prefix)
+                                remote_net = ipaddress.ip_network(remote_prefix)
+                                if local_net.overlaps(remote_net):
                                     passthrough.append(local_prefix)
 
                         data['site_to_site']['peer'][peer]['tunnel'][tunnel]['passthrough'] = passthrough
-- 
cgit v1.2.3