From 38efe9d9d69c837498240a4f696aa60751a4627b Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Thu, 14 Oct 2021 10:56:42 +0200 Subject: [PATCH] IPSec - VTI, ignore tunnel devices if local or remote endpoint can't be found. --- src/etc/inc/plugins.inc.d/ipsec.inc | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/etc/inc/plugins.inc.d/ipsec.inc b/src/etc/inc/plugins.inc.d/ipsec.inc index 29ef23395..890eb5632 100644 --- a/src/etc/inc/plugins.inc.d/ipsec.inc +++ b/src/etc/inc/plugins.inc.d/ipsec.inc @@ -1939,6 +1939,13 @@ function ipsec_configure_vti($verbose = false) foreach ($configured_intf as $intf => $intf_details) { // create required interfaces $inet = is_ipaddrv6($intf_details['local']) ? 'inet6' : 'inet'; + if (empty($intf_details['local'])) { + log_error(sprintf("Unable to construct VTI interface, local tunnel endpoint for %s not found", $intf)); + continue; + } elseif (empty($intf_details['remote'])) { + log_error(sprintf("Unable to construct VTI interface, remote tunnel endpoint for %s not found", $intf)); + continue; + } if (empty($current_interfaces[$intf])) { // prevent ipsec vti interface to hit 32768 limit (create numbered, rename and attach afterwards) if (legacy_interface_create("ipsec", $intf) != null) {