diff options
Diffstat (limited to 'src/etc')
| -rwxr-xr-x[-rw-r--r--] | src/etc/dhcp/dhclient-exit-hooks.d/ipsec-dhclient-hook | 44 | ||||
| -rw-r--r-- | src/etc/systemd/system/ModemManager.service.d/override.conf | 7 | ||||
| -rw-r--r-- | src/etc/udev/rules.d/99-vyos-wwan.rules | 11 |
3 files changed, 44 insertions, 18 deletions
diff --git a/src/etc/dhcp/dhclient-exit-hooks.d/ipsec-dhclient-hook b/src/etc/dhcp/dhclient-exit-hooks.d/ipsec-dhclient-hook index 36edf04f3..e00e5fe6e 100644..100755 --- a/src/etc/dhcp/dhclient-exit-hooks.d/ipsec-dhclient-hook +++ b/src/etc/dhcp/dhclient-exit-hooks.d/ipsec-dhclient-hook @@ -1,9 +1,28 @@ -#!/usr/bin/env python3 +#!/bin/bash -import os -import sys +if [ "$reason" == "REBOOT" ] || [ "$reason" == "EXPIRE" ]; then + exit 0 +fi + +DHCP_HOOK_IFLIST="/tmp/ipsec_dhcp_waiting" + +if [ -f $DHCP_HOOK_IFLIST ] && [ "$reason" == "BOUND" ]; then + if grep -qw $interface $DHCP_HOOK_IFLIST; then + sudo rm $DHCP_HOOK_IFLIST + sudo python3 /usr/libexec/vyos/conf_mode/vpn_ipsec.py + exit 0 + fi +fi + +if [ "$old_ip_address" == "$new_ip_address" ] && [ "$reason" == "BOUND" ]; then + exit 0 +fi +python3 - <<PYEND +import os +import re from vyos.util import call +from vyos.util import cmd IPSEC_CONF="/etc/ipsec.conf" IPSEC_SECRETS="/etc/ipsec.secrets" @@ -16,14 +35,23 @@ def writelines(file, lines): with open(file, 'w') as f: f.writelines(lines) +def ipsec_down(ip_address): + # This prevents the need to restart ipsec and kill all active connections, only the stale connection is closed + status = cmd('sudo ipsec statusall') + connection_name = None + for line in status.split("\n"): + if line.find(ip_address) > 0: + regex_match = re.search(r'(peer-[^:\[]+)', line) + if regex_match: + connection_name = regex_match[1] + break + if connection_name: + call(f'sudo ipsec down {connection_name}') + if __name__ == '__main__': interface = os.getenv('interface') new_ip = os.getenv('new_ip_address') old_ip = os.getenv('old_ip_address') - reason = os.getenv('reason') - - if (old_ip == new_ip and reason != 'BOUND') or reason in ['REBOOT', 'EXPIRE']: - sys.exit(0) conf_lines = getlines(IPSEC_CONF) secrets_lines = getlines(IPSEC_SECRETS) @@ -42,5 +70,7 @@ if __name__ == '__main__': if found: writelines(IPSEC_CONF, conf_lines) writelines(IPSEC_SECRETS, secrets_lines) + ipsec_down(old_ip) call('sudo /usr/sbin/ipsec rereadall') call('sudo /usr/sbin/ipsec reload') +PYEND
\ No newline at end of file diff --git a/src/etc/systemd/system/ModemManager.service.d/override.conf b/src/etc/systemd/system/ModemManager.service.d/override.conf new file mode 100644 index 000000000..07a18460e --- /dev/null +++ b/src/etc/systemd/system/ModemManager.service.d/override.conf @@ -0,0 +1,7 @@ +[Unit] +After= +After=vyos-router.service + +[Service] +ExecStart= +ExecStart=/usr/sbin/ModemManager --filter-policy=strict --log-level=INFO --log-timestamps --log-journal diff --git a/src/etc/udev/rules.d/99-vyos-wwan.rules b/src/etc/udev/rules.d/99-vyos-wwan.rules deleted file mode 100644 index 67f30a3dd..000000000 --- a/src/etc/udev/rules.d/99-vyos-wwan.rules +++ /dev/null @@ -1,11 +0,0 @@ -ACTION!="add|change", GOTO="mbim_to_qmi_rules_end" - -SUBSYSTEM!="usb", GOTO="mbim_to_qmi_rules_end" - -# ignore any device with only one configuration -ATTR{bNumConfigurations}=="1", GOTO="mbim_to_qmi_rules_end" - -# force Sierra Wireless MC7710 to configuration #1 -ATTR{idVendor}=="1199",ATTR{idProduct}=="68a2",ATTR{bConfigurationValue}="1" - -LABEL="mbim_to_qmi_rules_end" |