[Swan-dev] testing: swan-prep break on conflicting config files
Antony Antony
antony at phenome.org
Thu Sep 24 16:55:57 UTC 2020
On Mon, Sep 21, 2020 at 05:07:27PM -0400, Andrew Cagney wrote:
>
>
> On Mon, 21 Sep 2020 at 15:32, Antony Antony <antony at phenome.org> wrote:
>
> Andrew,
>
> after a closer look I see l2tp and ppp configuration file could be in the
> form 'hostname + "." + config_file' in the test directory.
>
> ikev1-l2tp-01/north.xl2tpd.conf
>
> they are not copied using the function that got fixed in 1e0b14ec0b.
> Now I am confused why this commit added 'hostname + "." + config_file'
> That seems wrong to me. Why do we need it?
>
>
> Because northxl2tpd.conf is something I'd never guess. There should be only
> two choices:
> north.xl2tpd.conf
> xl2tpd.conf
It is a good logic, however, historically there is west.conf instead of
west.ipsec.conf now 1e0b14ec0b20c3 makeing it messy by allowing
west.ipsec.conf.
I noticed after 1e0b14ec0b west.ipsec.conf has a higher priority without
checking for conflicting west.conf or ipsec.conf. If more than one exist
swan-prep should detect a conflict and bail out. Before 1e0b14ec0b
west.ipsec.conf would never get copied and there was conflict check between
west.conf and ipsec.conf
I checked with v3.32. 1e0b14ec0b introduce a clear regression which should
be fixed.
It is too dangerous to allow both west.conf and west.ipsec.conf coexist in
test case.
Either propose a plan to migrate all conf files new format, host.<conffile>
or revert supporting west.ipsec.conf.
off the top of my head we will have to move
west.conf => west.ipsec.conf
west.secrets => west.ipsec.secrets
weststrongswan.conf => weststrongswan.conf
westswanctl.conf => west.swanctl.conf
then we have exceptions like
certoe-03-poc-whack/road-ikev2-oe.conf
ikev1-l2tp-01/east.xl2tpd.conf
quick look also show more ood balls popping up.
addconn-04/bomb.conf
openbsde.conf
openbsdw.conf
./ikev2-ddns-02/west-unbound.conf
More information about the Swan-dev
mailing list