From ecdc9b1f0bf47b762669d8600aaddc5cfa5ed206 Mon Sep 17 00:00:00 2001
From: aapostoliuk <a.apostoliuk@vyos.io>
Date: Thu, 16 Mar 2023 12:33:18 +0200
Subject: ipsec: T5043: Rewritten and fixed 'reset vpn' commands

1. Rewritten CLI of 'reset vpn' commands.
2. Created 'reset vpn ipsec remote-access' commands to reset
   RA IKEv2 session.
3. Created 'reset vpn ipsec site-to-site all' command to reset all
   configured IPSec site-to-site peers sessions.
4. Rewritten 'reset vpn l2t|pptp|sstp' commands to
   new opmode style.
---
 op-mode-definitions/reset-vpn.xml.in | 120 +++++++++++++++++------------------
 op-mode-definitions/vpn-ipsec.xml.in |  97 +++++++++++++++++++---------
 2 files changed, 126 insertions(+), 91 deletions(-)

(limited to 'op-mode-definitions')

diff --git a/op-mode-definitions/reset-vpn.xml.in b/op-mode-definitions/reset-vpn.xml.in
index 94ee1c7df..8de95d1cc 100644
--- a/op-mode-definitions/reset-vpn.xml.in
+++ b/op-mode-definitions/reset-vpn.xml.in
@@ -7,82 +7,78 @@
           <help>Reset Virtual Private Network (VPN) information</help>
         </properties>
         <children>
-          <node name="remote-access">
+          <node name="l2tp">
             <properties>
-              <help>Reset remote access VPN connections</help>
+              <help>Reset L2TP server VPN sessions</help>
             </properties>
             <children>
               <node name="all">
                 <properties>
-                  <help>Terminate all users current remote access VPN session(s)</help>
+                  <help>Reset all L2TP server VPN sessions</help>
                 </properties>
-                <children>
-                  <node name="protocol">
-                    <properties>
-                      <help>Terminate specified users current remote access VPN session(s) with specified protocol</help>
-                    </properties>
-                    <children>
-                      <leafNode name="l2tp">
-                        <properties>
-                          <help>Terminate all users current remote access VPN session(s) with L2TP protocol</help>
-                        </properties>
-                        <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --username="all_users" --protocol="l2tp"</command>
-                      </leafNode>
-                      <leafNode name="pptp">
-                        <properties>
-                          <help>Terminate all users current remote access VPN session(s) with PPTP protocol</help>
-                        </properties>
-                        <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --username="all_users" --protocol="pptp"</command>
-                      </leafNode>
-                      <leafNode name="sstp">
-                        <properties>
-                          <help>Terminate all users current remote access VPN session(s) with SSTP protocol</help>
-                        </properties>
-                        <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --username="all_users" --protocol="sstp"</command>
-                      </leafNode>
-                    </children>
-                  </node>
-                </children>
-                <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --username="all_users"</command>
+                <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="l2tp"</command>
               </node>
               <tagNode name="interface">
                 <properties>
-                  <help>Terminate a remote access VPN interface</help>
+                  <help>Reset specified interface on L2TP VPN server</help>
                 </properties>
-                <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --interface="$5"</command>
+                <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="l2tp" --interface="$5"</command>
               </tagNode>
               <tagNode name="user">
                 <properties>
-                  <help>Terminate specified users current remote access VPN session(s)</help>
+                  <help>Reset specified user on L2TP VPN server</help>
                 </properties>
-                <children>
-                  <node name="protocol">
-                    <properties>
-                      <help>Terminate specified users current remote access VPN session(s) with specified protocol</help>
-                    </properties>
-                    <children>
-                      <leafNode name="l2tp">
-                        <properties>
-                          <help>Terminate all users current remote access VPN session(s) with L2TP protocol</help>
-                        </properties>
-                        <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --username="$5" --protocol="l2tp"</command>
-                      </leafNode>
-                      <leafNode name="pptp">
-                        <properties>
-                          <help>Terminate all users current remote access VPN session(s) with PPTP protocol</help>
-                        </properties>
-                        <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --username="$5" --protocol="pptp"</command>
-                      </leafNode>
-                      <leafNode name="sstp">
-                        <properties>
-                          <help>Terminate all users current remote access VPN session(s) with SSTP protocol</help>
-                        </properties>
-                        <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --username="$5" --protocol="sstp"</command>
-                      </leafNode>
-                    </children>
-                  </node>
-                </children>
-                <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --username="$5"</command>
+                <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="l2tp" --username="$5"</command>
+              </tagNode>
+            </children>
+          </node>
+          <node name="pptp">
+            <properties>
+              <help>Reset PPTP server VPN sessions</help>
+            </properties>
+            <children>
+              <node name="all">
+                <properties>
+                  <help>Reset all PPTP server VPN sessions</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="pptp"</command>
+              </node>
+              <tagNode name="interface">
+                <properties>
+                  <help>Reset specified interface on PPTP VPN server</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="pptp" --interface="$5"</command>
+              </tagNode>
+              <tagNode name="user">
+                <properties>
+                  <help>Reset specified user on PPTP VPN server</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="pptp" --username="$5"</command>
+              </tagNode>
+            </children>
+          </node>
+          <node name="sstp">
+            <properties>
+              <help>Reset SSTP server VPN sessions</help>
+            </properties>
+            <children>
+              <node name="all">
+                <properties>
+                  <help>Reset all SSTP server VPN sessions</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="sstp"</command>
+              </node>
+              <tagNode name="interface">
+                <properties>
+                  <help>Reset specified interface on SSTP VPN server</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="sstp" --interface="$5"</command>
+              </tagNode>
+              <tagNode name="user">
+                <properties>
+                  <help>Reset specified user on SSTP VPN server</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="sstp" --username="$5"</command>
               </tagNode>
             </children>
           </node>
diff --git a/op-mode-definitions/vpn-ipsec.xml.in b/op-mode-definitions/vpn-ipsec.xml.in
index ee006a2d5..5baaec7ce 100644
--- a/op-mode-definitions/vpn-ipsec.xml.in
+++ b/op-mode-definitions/vpn-ipsec.xml.in
@@ -7,49 +7,88 @@
           <help>Reset Virtual Private Network (VPN) information</help>
         </properties>
         <children>
-          <tagNode name="ipsec-peer">
+          <node name="ipsec">
             <properties>
-              <help>Reset all tunnels for given peer</help>
-              <completionHelp>
-                <path>vpn ipsec site-to-site peer</path>
-              </completionHelp>
+              <help>Reset IPSec VPN sessions</help>
             </properties>
             <children>
-              <tagNode name="tunnel">
+              <tagNode name="profile">
                 <properties>
-                  <help>Reset a specific tunnel for given peer</help>
+                  <help>Reset all tunnels for given DMVPN profile</help>
                   <completionHelp>
-                    <path>vpn ipsec site-to-site peer ${COMP_WORDS[3]} tunnel</path>
+                    <path>vpn ipsec profile</path>
                   </completionHelp>
                 </properties>
-                <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_peer --peer="$4" --tunnel="$6"</command>
+                <children>
+                  <tagNode name="tunnel">
+                    <properties>
+                      <help>Reset a specific tunnel for given DMVPN profile</help>
+                    </properties>
+                    <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-profile" --name="$6" --tunnel="$8"</command>
+                  </tagNode>
+                </children>
+                <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-profile" --name="$6" --tunnel="all"</command>
               </tagNode>
-              <node name="vti">
+              <node name="remote-access">
                 <properties>
-                  <help>Reset the VTI tunnel for given peer</help>
+                  <help>Reset remote access IPSec VPN connections</help>
                 </properties>
-                <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_peer --peer="$4" --tunnel="vti"</command>
+                <children>
+                  <node name="all">
+                    <properties>
+                      <help>Reset all users current remote access IPSec VPN sessions</help>
+                    </properties>
+                     <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_ra</command>
+                  </node>
+                  <tagNode name="user">
+                    <properties>
+                      <help>Reset specified user current remote access IPsec VPN session(s)</help>
+                    </properties>
+                    <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_ra --user="$6"</command>
+                  </tagNode>
+                </children>
               </node>
-            </children>
-            <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_peer --peer="$4"</command>
-          </tagNode>
-          <tagNode name="ipsec-profile">
-            <properties>
-              <help>Reset all tunnels for given DMVPN profile</help>
-              <completionHelp>
-                <path>vpn ipsec profile</path>
-              </completionHelp>
-            </properties>
-            <children>
-              <tagNode name="tunnel">
+              <node name="site-to-site">
                 <properties>
-                  <help>Reset a specific tunnel for given DMVPN profile</help>
+                  <help>Reset site-to-site IPSec VPN connections</help>
                 </properties>
-                <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-profile" --name="$4" --tunnel="$6"</command>
-              </tagNode>
+                <children>
+                  <node name="all">
+                    <properties>
+                      <help>Reset all site-to-site IPSec VPN sessions</help>
+                    </properties>
+                     <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_all_peers</command>
+                  </node>
+                  <tagNode name="peer">
+                    <properties>
+                      <help>Reset all tunnels for given peer</help>
+                      <completionHelp>
+                        <path>vpn ipsec site-to-site peer</path>
+                      </completionHelp>
+                    </properties>
+                    <children>
+                      <tagNode name="tunnel">
+                        <properties>
+                          <help>Reset a specific tunnel for given peer</help>
+                          <completionHelp>
+                            <path>vpn ipsec site-to-site peer ${COMP_WORDS[5]} tunnel</path>
+                          </completionHelp>
+                        </properties>
+                        <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_peer --peer="$6" --tunnel="$8"</command>
+                      </tagNode>
+                      <node name="vti">
+                        <properties>
+                          <help>Reset the VTI tunnel for given peer</help>
+                        </properties>
+                        <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_peer --peer="$6" --tunnel="vti"</command>
+                      </node>
+                    </children>
+                    <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_peer --peer="$6"</command>
+                  </tagNode>
+                </children>
+              </node>
             </children>
-            <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-profile" --name="$4" --tunnel="all"</command>
-          </tagNode>
+          </node>
         </children>
       </node>
     </children>
-- 
cgit v1.2.3