systemvm: Fix C2S VPN in parallel to S2S VPN (#6907)

GutoVeronezi · GutoVeronezi · web-flow · commit cf32f77e3ded · 2022-11-30T18:29:05.000+05:30
PR #5375, introduced in version 4.15.2.0, removed parameter %any of VPNs client-to-site (C2S) IPSec secrets: structure before PR vr: ipsec/l2tp vpn secret with no ID selectors #5375: <IP> %any : PSK "<PSK>" structure after PR vr: ipsec/l2tp vpn secret with no ID selectors #5375: <IP> : PSK "<PSK>" Because of that, when a VPN site-so-site (S2S) is created in parallel to a VPN C2S in the same network, the C2S will not handle any IP (%any) anymore and, as the network is being tunneled to the other VPN, the connection will be handled by the final peer. This way, when a VPN S2S is created in parallel to a VPN C2S in the same network, it is only possible to connect to the C2S with the S2S PSK. As ACS is only able to implement a single C2S per network (ACS allows setting more than one IP of the network as VPN, however, only the first will be implemented) and every S2S has its own secret file, the secrets structure of C2S was changed to contain only the PSK: : PSK "<PSK>" By doing that, StrongSwan will handle correctly C2S connections from any IP and still will use the correct PSK for S2S. Co-authored-by: GutoVeronezi <daniel@scclouds.com.br>
diff --git a/systemvm/debian/opt/cloud/bin/configure.py b/systemvm/debian/opt/cloud/bin/configure.py
@@ -999,7 +999,7 @@ def configure_l2tpIpsec(self, left, obj):
 
         secret = CsFile(vpnsecretfilte)
         secret.empty()
-        secret.addeq("%s : PSK \"%s\"" % (left, psk))
+        secret.addeq(": PSK \"%s\"" % (psk))
         secret.commit()
 
         xl2tpdconf = CsFile(xl2tpdconffile)
