Merge branch 'kenwood' of http://git.vyatta.com/vyatta-cfg-vpn into kenwood

2 files changed, 25 insertions, 6 deletions

diff --git a/debian/changelog b/debian/changelog
index 47ff365..a6e7208 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+vyatta-cfg-vpn (0.12.9) unstable; urgency=low
+
+  * Fix 4623: Removing IPSEC VPN config without removing cluster ipsec
+    config drops all interfaces.
+
+ -- Stig Thormodsrud <stig@vyatta.com>  Fri, 10 Jul 2009 14:13:06 -0700
+
+vyatta-cfg-vpn (0.12.8) unstable; urgency=low
+
+  * UNRELEASED
+
+ -- An-Cheng Huang <ancheng@vyatta.com>  Fri, 29 May 2009 18:35:35 -0700
+
 vyatta-cfg-vpn (0.12.7) unstable; urgency=low
 
   * Fix 3836: Allow VPN authentication ID to accept values of IP
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl
index d65f977..af3f432 100755
--- a/scripts/vpn-config.pl
+++ b/scripts/vpn-config.pl
@@ -798,14 +798,20 @@ if (!(defined($config_file) && ($config_file ne '') && defined($secrets_file) &&
 if ($error == 0) {
     if ($vcVPN->isDeleted('.') || !$vcVPN->exists('.')
         || $vcVPN->isDeleted('ipsec') || !$vcVPN->exists('ipsec')) {
-	if (is_vpn_running()) {
-	    vpn_exec('ipsec setup --stop', 'stop ipsec');
-	}
-	if (!enableICMP('1')) {
+	if (Vyatta::Misc::isClusterIP($vc, 'ipsec')) { 
 	    $error = 1;
-	    print STDERR "VPN commit error.  Unable to re-enable ICMP redirects.\n";
+	    print STDERR "VPN commit error.  Cluster service is referencing ipsec config.\n";
+	} 
+	if ($error == 0) {
+	    if (is_vpn_running()) {
+		vpn_exec('ipsec setup --stop', 'stop ipsec');
+	    }
+	    if (!enableICMP('1')) {
+		$error = 1;
+		print STDERR "VPN commit error.  Unable to re-enable ICMP redirects.\n";
+	    }
+	    write_config($genout, $config_file, $genout_secrets, $secrets_file);
 	}
-	write_config($genout, $config_file, $genout_secrets, $secrets_file);
     } else {
 	if (!enableICMP('0')) {
 	    $error = 1;