diff --git a/docs/models/vpn/ikepolicy.md b/docs/models/vpn/ikepolicy.md index 7b739072b..d2da28d16 100644 --- a/docs/models/vpn/ikepolicy.md +++ b/docs/models/vpn/ikepolicy.md @@ -14,7 +14,7 @@ The IKE version employed (v1 or v2). ### Mode -The IKE mode employed (main or aggressive). +The mode employed (main or aggressive) when IKEv1 is in use. This setting is not supported for IKEv2. ### Proposals diff --git a/netbox/vpn/forms/bulk_edit.py b/netbox/vpn/forms/bulk_edit.py index a976c5659..c3e8eb3ca 100644 --- a/netbox/vpn/forms/bulk_edit.py +++ b/netbox/vpn/forms/bulk_edit.py @@ -164,7 +164,7 @@ class IKEPolicyBulkEditForm(NetBoxModelBulkEditForm): )), ) nullable_fields = ( - 'preshared_key', 'description', 'comments', + 'mode', 'preshared_key', 'description', 'comments', ) diff --git a/netbox/vpn/forms/bulk_import.py b/netbox/vpn/forms/bulk_import.py index 0f8f43944..b8d19bb38 100644 --- a/netbox/vpn/forms/bulk_import.py +++ b/netbox/vpn/forms/bulk_import.py @@ -174,7 +174,8 @@ class IKEPolicyImportForm(NetBoxModelImportForm): ) mode = CSVChoiceField( label=_('Mode'), - choices=IKEModeChoices + choices=IKEModeChoices, + required=False ) proposals = CSVModelMultipleChoiceField( queryset=IKEProposal.objects.all(), diff --git a/netbox/vpn/migrations/0004_alter_ikepolicy_mode.py b/netbox/vpn/migrations/0004_alter_ikepolicy_mode.py new file mode 100644 index 000000000..40dd4f99e --- /dev/null +++ b/netbox/vpn/migrations/0004_alter_ikepolicy_mode.py @@ -0,0 +1,18 @@ +# Generated by Django 4.2.9 on 2024-01-20 09:37 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('vpn', '0003_ipaddress_multiple_tunnel_terminations'), + ] + + operations = [ + migrations.AlterField( + model_name='ikepolicy', + name='mode', + field=models.CharField(blank=True), + ), + ] diff --git a/netbox/vpn/models/crypto.py b/netbox/vpn/models/crypto.py index f89c555e4..2769430fd 100644 --- a/netbox/vpn/models/crypto.py +++ b/netbox/vpn/models/crypto.py @@ -79,7 +79,8 @@ class IKEPolicy(PrimaryModel): ) mode = models.CharField( verbose_name=_('mode'), - choices=IKEModeChoices + choices=IKEModeChoices, + blank=True ) proposals = models.ManyToManyField( to='vpn.IKEProposal', @@ -109,6 +110,17 @@ class IKEPolicy(PrimaryModel): def get_absolute_url(self): return reverse('vpn:ikepolicy', args=[self.pk]) + def clean(self): + super().clean() + + # Mode is required + if self.version == IKEVersionChoices.VERSION_1 and not self.mode: + raise ValidationError(_("Mode is required for selected IKE version")) + + # Mode cannot be used + if self.version == IKEVersionChoices.VERSION_2 and self.mode: + raise ValidationError(_("Mode cannot be used for selected IKE version")) + # # IPSec diff --git a/netbox/vpn/tests/test_views.py b/netbox/vpn/tests/test_views.py index ab797d9fd..105ca0b6f 100644 --- a/netbox/vpn/tests/test_views.py +++ b/netbox/vpn/tests/test_views.py @@ -305,7 +305,6 @@ class IKEPolicyTestCase(ViewTestCases.PrimaryObjectViewTestCase): cls.form_data = { 'name': 'IKE Policy X', 'version': IKEVersionChoices.VERSION_2, - 'mode': IKEModeChoices.AGGRESSIVE, 'proposals': [p.pk for p in ike_proposals], 'tags': [t.pk for t in tags], } @@ -313,9 +312,9 @@ class IKEPolicyTestCase(ViewTestCases.PrimaryObjectViewTestCase): ike_proposal_names = ','.join([p.name for p in ike_proposals]) cls.csv_data = ( "name,version,mode,proposals", - f"IKE Proposal 4,2,aggressive,\"{ike_proposal_names}\"", - f"IKE Proposal 5,2,aggressive,\"{ike_proposal_names}\"", - f"IKE Proposal 6,2,aggressive,\"{ike_proposal_names}\"", + f"IKE Proposal 4,1,main,\"{ike_proposal_names}\"", + f"IKE Proposal 5,1,aggressive,\"{ike_proposal_names}\"", + f"IKE Proposal 6,2,,\"{ike_proposal_names}\"", ) cls.csv_update_data = ( @@ -327,7 +326,7 @@ class IKEPolicyTestCase(ViewTestCases.PrimaryObjectViewTestCase): cls.bulk_edit_data = { 'description': 'New description', - 'version': IKEVersionChoices.VERSION_2, + 'version': IKEVersionChoices.VERSION_1, 'mode': IKEModeChoices.AGGRESSIVE, }