VTI bring tunnel based on ipsec-sa state.

author: Saurabh Mohan <saurabh.mohan@vyatta.com> 2012-06-04 16:40:24 -0700
committer: Saurabh Mohan <saurabh.mohan@vyatta.com> 2012-06-04 16:40:24 -0700
commit: d814767a9daa54cf10176aa923453d5246898b3f (patch)
tree: aa9647761ccc0c13e9b403729283c3c142886769 /scripts/vpn-config.pl
parent: 1df15ff287d70b9e9689b987e335f4a8f35fd989 (diff)
download: vyatta-cfg-vpn-d814767a9daa54cf10176aa923453d5246898b3f.tar.gz
vyatta-cfg-vpn-d814767a9daa54cf10176aa923453d5246898b3f.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl
index c708724..2d5b78f 100755
--- a/scripts/vpn-config.pl
+++ b/scripts/vpn-config.pl
@@ -1137,6 +1137,7 @@ if ( $vcVPN->exists('ipsec') ) {
 
       #
       # Mark setting for vti.
+      # and up/down script hook.
       #
       if ($isVti) {
           my $mark = $vcVPN->returnValue("ipsec site-to-site peer $peer vti mark");
@@ -1152,6 +1153,13 @@ if ( $vcVPN->exists('ipsec') ) {
                   $genout .= "\tmark=$mark\n";
               }
           }
+          # up/down script hook.
+          my $tunName = $vcVPN->returnValue("ipsec site-to-site peer $peer vti bind");
+          if (!defined($tunName)) {
+            vpn_die(["vpn","ipsec","site-to-site","peer",$peer,"vti","bind"],
+                "$vpn_cfg_err No interface bind specified for peer \"$peer\" vti\n");
+          }
+          $genout .= "\tleftupdown=\"/usr/lib/ipsec/vti-up-down.sh $tunName\"\n";
       }
 
       #
author	Saurabh Mohan <saurabh.mohan@vyatta.com>	2012-06-04 16:40:24 -0700
committer	Saurabh Mohan <saurabh.mohan@vyatta.com>	2012-06-04 16:40:24 -0700
commit	d814767a9daa54cf10176aa923453d5246898b3f (patch)
tree	aa9647761ccc0c13e9b403729283c3c142886769 /scripts/vpn-config.pl
parent	1df15ff287d70b9e9689b987e335f4a8f35fd989 (diff)
download	vyatta-cfg-vpn-d814767a9daa54cf10176aa923453d5246898b3f.tar.gz vyatta-cfg-vpn-d814767a9daa54cf10176aa923453d5246898b3f.zip