summaryrefslogtreecommitdiff
path: root/src/conf_mode/ipsec-settings.py
diff options
context:
space:
mode:
authorzsdc <taras@vyos.io>2019-12-30 16:04:46 +0200
committerzsdc <taras@vyos.io>2019-12-30 16:04:46 +0200
commitf7eda283b6eefbbc349384c22a1e15a1d24ae384 (patch)
treeda4e26a68aeb143045ffa7d38b0ebd9a2ea49fed /src/conf_mode/ipsec-settings.py
parent85b4a87ffe874726a190a42ed2d754946d5dec68 (diff)
parentb9a6dab2d4f162eba59b9eec989b1de1b249f3fd (diff)
downloadvyos-1x-f7eda283b6eefbbc349384c22a1e15a1d24ae384.tar.gz
vyos-1x-f7eda283b6eefbbc349384c22a1e15a1d24ae384.zip
Merge remote-tracking branch 'upstream/current' into T1514
Diffstat (limited to 'src/conf_mode/ipsec-settings.py')
-rwxr-xr-xsrc/conf_mode/ipsec-settings.py41
1 files changed, 24 insertions, 17 deletions
diff --git a/src/conf_mode/ipsec-settings.py b/src/conf_mode/ipsec-settings.py
index 331a62316..aab3e9734 100755
--- a/src/conf_mode/ipsec-settings.py
+++ b/src/conf_mode/ipsec-settings.py
@@ -32,14 +32,15 @@ from vyos import ConfigError
ra_conn_name = "remote-access"
charon_conf_file = "/etc/strongswan.d/charon.conf"
ipsec_secrets_flie = "/etc/ipsec.secrets"
-ipsec_ra_conn_file = "/etc/ipsec.d/tunnels/"+ra_conn_name
+ipsec_ra_conn_dir = "/etc/ipsec.d/tunnels/"
+ipsec_ra_conn_file = ipsec_ra_conn_dir + ra_conn_name
ipsec_conf_flie = "/etc/ipsec.conf"
-ca_cert_path = '/etc/ipsec.d/cacerts'
-server_cert_path = '/etc/ipsec.d/certs'
-server_key_path = '/etc/ipsec.d/private'
+ca_cert_path = "/etc/ipsec.d/cacerts"
+server_cert_path = "/etc/ipsec.d/certs"
+server_key_path = "/etc/ipsec.d/private"
delim_ipsec_l2tp_begin = "### VyOS L2TP VPN Begin ###"
delim_ipsec_l2tp_end = "### VyOS L2TP VPN End ###"
-charon_pidfile = '/var/run/charon.pid'
+charon_pidfile = "/var/run/charon.pid"
l2pt_ipsec_conf = '''
{{delim_ipsec_l2tp_begin}}
@@ -147,21 +148,27 @@ def get_config():
### ipsec secret l2tp
def write_ipsec_secrets(c):
- tmpl = jinja2.Template(l2pt_ipsec_secrets_conf, trim_blocks=True)
- l2pt_ipsec_secrets_txt = tmpl.render(c)
- old_umask = os.umask(0o077)
- open(ipsec_secrets_flie,'w').write(l2pt_ipsec_secrets_txt)
- os.umask(old_umask)
- sl.syslog(sl.LOG_NOTICE, ipsec_secrets_flie + ' written')
+ tmpl = jinja2.Template(l2pt_ipsec_secrets_conf, trim_blocks=True)
+ l2pt_ipsec_secrets_txt = tmpl.render(c)
+ old_umask = os.umask(0o077)
+ open(ipsec_secrets_flie,'w').write(l2pt_ipsec_secrets_txt)
+ os.umask(old_umask)
+ sl.syslog(sl.LOG_NOTICE, ipsec_secrets_flie + ' written')
### ipsec remote access connection config
def write_ipsec_ra_conn(c):
- tmpl = jinja2.Template(l2tp_ipsec_ra_conn_conf, trim_blocks=True)
- ipsec_ra_conn_txt = tmpl.render(c)
- old_umask = os.umask(0o077)
- open(ipsec_ra_conn_file,'w').write(ipsec_ra_conn_txt)
- os.umask(old_umask)
- sl.syslog(sl.LOG_NOTICE, ipsec_ra_conn_file + ' written')
+ tmpl = jinja2.Template(l2tp_ipsec_ra_conn_conf, trim_blocks=True)
+ ipsec_ra_conn_txt = tmpl.render(c)
+ old_umask = os.umask(0o077)
+
+ # Create tunnels directory if does not exist
+ if not os.path.exists(ipsec_ra_conn_dir):
+ os.makedirs(ipsec_ra_conn_dir)
+ sl.syslog(sl.LOG_NOTICE, ipsec_ra_conn_dir + " created")
+
+ open(ipsec_ra_conn_file,'w').write(ipsec_ra_conn_txt)
+ os.umask(old_umask)
+ sl.syslog(sl.LOG_NOTICE, ipsec_ra_conn_file + ' written')
### Remove config from file by delimiter
def remove_confs(delim_begin, delim_end, conf_file):