summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAn-Cheng Huang <ancheng@vyatta.com>2007-12-31 15:12:55 -0800
committerAn-Cheng Huang <ancheng@vyatta.com>2007-12-31 15:12:55 -0800
commitd3d62b3c5be34576d339f5a7e7a4b3a304dfd4c6 (patch)
tree671d675660e9695388ba58691394670060e577a0
parent18e07e875f1802324fd1ce23716936d45029106c (diff)
downloadvyatta-cfg-vpn-d3d62b3c5be34576d339f5a7e7a4b3a304dfd4c6.tar.gz
vyatta-cfg-vpn-d3d62b3c5be34576d339f5a7e7a4b3a304dfd4c6.zip
interoperate with remote access vpn (if available).
-rwxr-xr-xscripts/vpn-config.pl15
-rw-r--r--templates/vpn/node.def11
2 files changed, 19 insertions, 7 deletions
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl
index bc64de3..d686b66 100755
--- a/scripts/vpn-config.pl
+++ b/scripts/vpn-config.pl
@@ -88,8 +88,9 @@ if ($vcVPN->exists('.')) {
#
my @esp_groups = $vcVPN->listNodes('ipsec esp-group');
if (@esp_groups == 0) {
- $error = 1;
- print STDERR "VPN configuration error. No ESP groups configured. At least one ESP group required.\n";
+ #$error = 1;
+ #print STDERR "VPN configuration error. No ESP groups configured. At least one ESP group required.\n";
+ # XXX for now this will be checked below for site-to-site peer
} else {
foreach my $esp_group (@esp_groups) {
my @esp_group_proposals = $vcVPN->listNodes("ipsec esp-group $esp_group proposal");
@@ -122,8 +123,9 @@ if ($vcVPN->exists('.')) {
#
my @ike_groups = $vcVPN->listNodes('ipsec ike-group');
if (@ike_groups == 0) {
- $error = 1;
- print STDERR "VPN configuration error. No IKE groups configured. At least one IKE group required.\n";
+ #$error = 1;
+ #print STDERR "VPN configuration error. No IKE groups configured. At least one IKE group required.\n";
+ # XXX for now this will be checked below for site-to-site peer
} else {
foreach my $ike_group (@ike_groups) {
my @ike_group_proposals = $vcVPN->listNodes("ipsec ike-group $ike_group proposal");
@@ -332,8 +334,9 @@ if ($vcVPN->exists('.')) {
#
my @peers = $vcVPN->listNodes('ipsec site-to-site peer');
if (@peers == 0) {
- $error = 1;
- print STDERR "VPN configuration error. No peers configured. At least one peer required.\n";
+ #$error = 1;
+ #print STDERR "VPN configuration error. No peers configured. At least one peer required.\n";
+ print "Warning: There are no site-to-site peers configured for IPSec.\n";
}
foreach my $peer (@peers) {
my $peer_ike_group = $vcVPN->returnValue("ipsec site-to-site peer $peer ike-group");
diff --git a/templates/vpn/node.def b/templates/vpn/node.def
index 5880e47..27c9eb7 100644
--- a/templates/vpn/node.def
+++ b/templates/vpn/node.def
@@ -1,2 +1,11 @@
help: "Configure VPN"
-end: "sudo /opt/vyatta/sbin/vpn-config.pl --config_file='/etc/ipsec.conf' --secrets_file='/etc/ipsec.secrets' --init_script='/etc/init.d/ipsec' "
+end: "sudo /opt/vyatta/sbin/vpn-config.pl \
+ --config_file='/etc/ipsec.conf' \
+ --secrets_file='/etc/ipsec.secrets' \
+ --init_script='/etc/init.d/ipsec' && \
+ if [ -x /opt/vyatta/sbin/vyatta-update-l2tp.pl ]; then \
+ sudo /opt/vyatta/sbin/vyatta-update-l2tp.pl; \
+ fi && \
+ if [ -x /opt/vyatta/sbin/vyatta-update-pptp.pl ]; then \
+ sudo /opt/vyatta/sbin/vyatta-update-pptp.pl; \
+ fi"