diff options
| author | John Southworth <john.southworth@vyatta.com> | 2012-02-28 13:32:06 -0800 |
|---|---|---|
| committer | John Southworth <john.southworth@vyatta.com> | 2012-02-28 13:32:06 -0800 |
| commit | 24a757a122a7d3eee06f705a946d4ec9aac308fa (patch) | |
| tree | a97b5076d1e1f7c0f0733071aa2330075501b299 | |
| parent | ee19ee2a74ca2a67083db6fc6b6b751e7cb9f65c (diff) | |
| download | vyatta-cfg-vpn-24a757a122a7d3eee06f705a946d4ec9aac308fa.tar.gz vyatta-cfg-vpn-24a757a122a7d3eee06f705a946d4ec9aac308fa.zip | |
Bugfix 6839: Warn that pre-shared key changes aren't loaded until a rekey interval
| -rwxr-xr-x | scripts/vpn-config.pl | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl index a4a2428..faf7bb2 100755 --- a/scripts/vpn-config.pl +++ b/scripts/vpn-config.pl @@ -928,6 +928,12 @@ if ( $vcVPN->exists('ipsec') ) { } elsif ( defined($auth_mode) && ( $auth_mode eq 'pre-shared-secret' ) ) { my $psk = $vcVPN->returnValue( "ipsec site-to-site peer $peer authentication pre-shared-secret"); + my $orig_psk = $vcVPN->returnOrigValue( + "ipsec site-to-site peer $peer authentication pre-shared-secret"); + if ($psk ne $orig_psk){ + print "WARNING: The pre-shared-secret will not be updated until the next re-keying interval\n"; + print "To force the key change use: 'reset vpn ipsec-peer'\n"; + } if ( !defined($psk) || $psk eq '' ) { vpn_die(["vpn","ipsec","site-to-site","peer",$peer,"authentication"], "$vpn_cfg_err No 'pre-shared-secret' specified for peer \"$peer\"" |