From e0e550ad1187e10bcd730675c11714a075abc4a0 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Tue, 14 Feb 2023 19:47:23 +0100
Subject: strongSwan: T4593: move to charon-systemd

---
 debian/control                         |  1 +
 op-mode-definitions/monitor-log.xml.in |  4 ++--
 op-mode-definitions/show-log.xml.in    |  4 ++--
 op-mode-definitions/vpn-ipsec.xml.in   | 12 ++++++------
 src/conf_mode/vpn_ipsec.py             |  2 +-
 5 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/debian/control b/debian/control
index 1e593d378..2b940a412 100644
--- a/debian/control
+++ b/debian/control
@@ -39,6 +39,7 @@ Depends:
   beep,
   bmon,
   bsdmainutils,
+  charon-systemd,
   conntrack,
   conntrackd,
   conserver-client,
diff --git a/op-mode-definitions/monitor-log.xml.in b/op-mode-definitions/monitor-log.xml.in
index ec428a676..d5892398b 100644
--- a/op-mode-definitions/monitor-log.xml.in
+++ b/op-mode-definitions/monitor-log.xml.in
@@ -274,13 +274,13 @@
                 <properties>
                   <help>Monitor last lines of ALL VPNs</help>
                 </properties>
-                <command>journalctl --no-hostname --boot --follow --unit strongswan-starter.service --unit accel-ppp@*.service --unit ocserv.service</command>
+                <command>journalctl --no-hostname --boot --follow --unit strongswan.service --unit accel-ppp@*.service --unit ocserv.service</command>
               </leafNode>
               <leafNode name="ipsec">
                 <properties>
                   <help>Monitor last lines of IPsec</help>
                 </properties>
-                <command>journalctl --no-hostname --boot --follow --unit strongswan-starter.service</command>
+                <command>journalctl --no-hostname --boot --follow --unit strongswan.service</command>
               </leafNode>
               <leafNode name="l2tp">
                 <properties>
diff --git a/op-mode-definitions/show-log.xml.in b/op-mode-definitions/show-log.xml.in
index f5e5b1493..c626e45fb 100644
--- a/op-mode-definitions/show-log.xml.in
+++ b/op-mode-definitions/show-log.xml.in
@@ -421,13 +421,13 @@
                 <properties>
                   <help>Show log for ALL</help>
                 </properties>
-                <command>journalctl --no-hostname --boot --unit strongswan-starter.service --unit accel-ppp@*.service --unit ocserv.service</command>
+                <command>journalctl --no-hostname --boot --unit strongswan.service --unit accel-ppp@*.service --unit ocserv.service</command>
               </leafNode>
               <leafNode name="ipsec">
                 <properties>
                   <help>Show log for IPsec</help>
                 </properties>
-                <command>journalctl --no-hostname --boot --unit strongswan-starter.service</command>
+                <command>journalctl --no-hostname --boot --unit strongswan.service</command>
               </leafNode>
               <leafNode name="l2tp">
                 <properties>
diff --git a/op-mode-definitions/vpn-ipsec.xml.in b/op-mode-definitions/vpn-ipsec.xml.in
index f6b5e6020..eca9f6fd9 100644
--- a/op-mode-definitions/vpn-ipsec.xml.in
+++ b/op-mode-definitions/vpn-ipsec.xml.in
@@ -53,11 +53,11 @@
   </node>
   <node name="restart">
     <children>
-      <node name="vpn">
+      <node name="ipsec">
         <properties>
           <help>Restart the IPsec VPN process</help>
         </properties>
-        <command>if pgrep charon >/dev/null ; then sudo ipsec restart ; sleep 3 ; sudo swanctl -q ; else echo "IPsec process not running" ; fi</command>
+        <command>if systemctl is-active --quiet strongswan; then sudo systemctl restart strongswan ; echo "IPsec process restarted";  else echo "IPsec process not running" ; fi</command>
       </node>
     </children>
   </node>
@@ -128,7 +128,7 @@
                 <properties>
                   <help>Show summary of IKE process information</help>
                 </properties>
-                <command>if pgrep charon >/dev/null ; then echo "Running: $(pgrep charon)" ; else echo "Process is not running" ; fi</command>
+                <command>if systemctl is-active --quiet strongswan ; then systemctl status strongswan ; else echo "Process is not running" ; fi</command>
               </node>
             </children>
           </node>
@@ -190,10 +190,10 @@
                     <properties>
                       <help>Show Verbose Detail on all active IPsec Security Associations (SA)</help>
                     </properties>
-                    <command>if pgrep charon >/dev/null ; then sudo /usr/sbin/ipsec statusall ; else echo "IPsec process not running" ; fi</command>
+                    <command>if systemctl is-active --quiet strongswan ; then sudo /usr/sbin/ipsec statusall ; else echo "IPsec process not running" ; fi</command>
                   </node>
                 </children>
-                <command>if pgrep charon >/dev/null ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_sa ; else echo "IPsec process not running" ; fi</command>
+                <command>if systemctl is-active --quiet strongswan ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_sa ; else echo "IPsec process not running" ; fi</command>
               </node>
               <node name="state">
                 <properties>
@@ -205,7 +205,7 @@
                 <properties>
                   <help>Show status of IPsec process</help>
                 </properties>
-                <command>if pgrep charon >/dev/null ; then echo -e "IPsec Process Running: $(pgrep charon)\n$(sudo /usr/sbin/ipsec status)" ; else echo "IPsec process not running" ; fi</command>
+                <command>if systemctl is-active --quiet strongswan >/dev/null ; then echo -e "IPsec Process Running: $(pgrep charon)\n$(sudo /usr/sbin/ipsec status)" ; else echo "IPsec process not running" ; fi</command>
               </node>
             </children>
           </node>
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py
index ce4f13d27..10bad8c74 100755
--- a/src/conf_mode/vpn_ipsec.py
+++ b/src/conf_mode/vpn_ipsec.py
@@ -646,7 +646,7 @@ def wait_for_vici_socket(timeout=5, sleep_interval=0.1):
         sleep(sleep_interval)
 
 def apply(ipsec):
-    systemd_service = 'strongswan-starter.service'
+    systemd_service = 'strongswan.service'
     if not ipsec:
         call(f'systemctl stop {systemd_service}')
     else:
-- 
cgit v1.2.3