From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 19 Sep 2018 11:46:53 +0000 (+0200)
Subject: ipsec: VTI keys are static now and don't need to be updated
X-Git-Tag: 010~72
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e96c7bae56b454561d61149afa87e0836c8aee31;p=network.git

ipsec: VTI keys are static now and don't need to be updated

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/functions/functions.ip-tunnel b/src/functions/functions.ip-tunnel
index 797a2934..32f7f5a8 100644
--- a/src/functions/functions.ip-tunnel
+++ b/src/functions/functions.ip-tunnel
@@ -250,58 +250,3 @@ ip_tunnel_change() {
 	# Run ip command
 	cmd ip link change dev "${device}" type "${type}" ${cmd_args}
 }
-
-ip_tunnel_change_keys() {
-	local device="${1}"
-	shift
-
-	if ! isset device; then
-		error "No device given"
-		return ${EXIT_ERROR}
-	fi
-
-	local ikey
-	local okey
-
-	while [ $# -gt 0 ]; do
-		case "${1}" in
-			--ikey=*)
-				ikey="$(cli_get_val ${1})"
-				;;
-			--okey=*)
-				okey="$(cli_get_val ${1})"
-				;;
-			*)
-				error "Invalid argument: ${1}"
-				return ${EXIT_ERROR}
-				;;
-		esac
-		shift
-	done
-
-	if ! isset ikey || ! isset okey; then
-		error "You need to set --ikey= and --okey="
-		return ${EXIT_ERROR}
-	fi
-
-	if ! device_exists "${device}"; then
-		error "No such device: ${device}"
-		return ${EXIT_ERROR}
-	fi
-
-	# Determine the device type
-	local type="$(device_tunnel_get_type ${device})"
-
-	if ! isoneof "type" vti vti6; then
-		log ERROR "Device type '${type}' is invalid"
-		return ${EXIT_ERROR}
-	fi
-
-	if ! cmd ip link change dev "${device}" \
-		type "${type}" ikey "${ikey}" okey "${okey}"; then
-		log ERROR "Could not change keys of device ${device}"
-		return ${EXIT_ERROR}
-	fi
-
-	return ${EXIT_OK}
-}
diff --git a/src/helpers/ipsec-updown b/src/helpers/ipsec-updown
index 1e6c6955..41a4daef 100644
--- a/src/helpers/ipsec-updown
+++ b/src/helpers/ipsec-updown
@@ -61,16 +61,10 @@ case "${PLUTO_VERB}" in
 			fi
 
 			# Update peer and local address
-			if ! ip_tunnel_change "${ZONE}" --remote="${PLUTO_PEER}" --local="${PLUTO_ME}"; then
+			if ! ip_tunnel_change "${ZONE}" \
+					--remote="${PLUTO_PEER}" --local="${PLUTO_ME}"; then
 				return ${EXIT_ERROR}
 			fi
-
-			# Set keys for VTI devices
-			if device_is_vti6 "${ZONE}" || device_is_vti "${ZONE}"; then
-				ip_tunnel_change_keys "${ZONE}" \
-					--ikey="${PLUTO_MARK_IN%/*}" \
-					--okey="${PLUTO_MARK_OUT%/*}"
-			fi
 		fi
 
 		#Get sources IP for routes