diff options
author | aapostoliuk <a.apostoliuk@vyos.io> | 2023-03-30 18:28:56 +0300 |
---|---|---|
committer | aapostoliuk <a.apostoliuk@vyos.io> | 2023-03-30 18:28:56 +0300 |
commit | a78982625a8a18069bd5a13744734873698fd0f9 (patch) | |
tree | 348121f92740f466357de2ac111b6d2d13981340 /python/vyos/ipsec.py | |
parent | 623dfc9d87d513bd69e5e6eef9664056dc1a45f1 (diff) | |
download | vyos-1x-a78982625a8a18069bd5a13744734873698fd0f9.tar.gz vyos-1x-a78982625a8a18069bd5a13744734873698fd0f9.zip |
ipsec: T5093: Fixed 'reset vpn ipsec profile' command
Fixed 'reset vpn ipsec profile' command
using vici library and new op-mode style.
Added ability to use 'reset vpn ipsec profile' command
with 'remote-host' option.
Diffstat (limited to 'python/vyos/ipsec.py')
-rw-r--r-- | python/vyos/ipsec.py | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/python/vyos/ipsec.py b/python/vyos/ipsec.py index cb7c39ff6..bb5611025 100644 --- a/python/vyos/ipsec.py +++ b/python/vyos/ipsec.py @@ -139,3 +139,41 @@ def terminate_vici_by_name(ike_name: str, child_name: str) -> None: else: raise ViciCommandError( f'Failed to terminate SA for IKE {ike_name}') + + +def vici_initiate(ike_sa_name: str, child_sa_name: str, src_addr: str, + dst_addr: str) -> bool: + """Initiate IKE SA connection with specific peer + + Args: + ike_sa_name (str): an IKE SA connection name + child_sa_name (str): a child SA profile name + src_addr (str): source address + dst_addr (str): remote address + + Returns: + bool: a result of initiation command + """ + from vici import Session as vici_session + + try: + session = vici_session() + except Exception: + raise ViciInitiateError("IPsec not initialized") + + try: + session_generator = session.initiate({ + 'ike': ike_sa_name, + 'child': child_sa_name, + 'timeout': '-1', + 'my-host': src_addr, + 'other-host': dst_addr + }) + # a dummy `for` loop is required because of requirements + # from vici. Without a full iteration on the output, the + # command to vici may not be executed completely + for _ in session_generator: + pass + return True + except Exception: + raise ViciCommandError(f'Failed to initiate SA for IKE {ike_sa_name}')
\ No newline at end of file |