diff options
| author | Stig Thormodsrud <stig@vyatta.com> | 2009-07-10 13:43:19 -0700 |
|---|---|---|
| committer | Stig Thormodsrud <stig@vyatta.com> | 2009-07-10 14:12:52 -0700 |
| commit | 1ee7a6dc6c246dab2db65bd07b5ecc0e4146b8ba (patch) | |
| tree | 9140d4e046b26d720f0cd3784785ff163d29c3e3 /scripts | |
| parent | de904a56dfd7687a088decd6a76b386e362cfa5b (diff) | |
| download | vyatta-cfg-vpn-1ee7a6dc6c246dab2db65bd07b5ecc0e4146b8ba.tar.gz vyatta-cfg-vpn-1ee7a6dc6c246dab2db65bd07b5ecc0e4146b8ba.zip | |
Fix 4623: Removing IPSEC VPN config without removing cluster ipsec config drops all interfaces.
Add a check to prevent deleting ipsec if it's referenced by cluster.
(cherry picked from commit b17d768af5845cb5b74e9ba8c6d8f8e2701bb0f6)
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/vpn-config.pl | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl index d65f977..af3f432 100755 --- a/scripts/vpn-config.pl +++ b/scripts/vpn-config.pl @@ -798,14 +798,20 @@ if (!(defined($config_file) && ($config_file ne '') && defined($secrets_file) && if ($error == 0) { if ($vcVPN->isDeleted('.') || !$vcVPN->exists('.') || $vcVPN->isDeleted('ipsec') || !$vcVPN->exists('ipsec')) { - if (is_vpn_running()) { - vpn_exec('ipsec setup --stop', 'stop ipsec'); - } - if (!enableICMP('1')) { + if (Vyatta::Misc::isClusterIP($vc, 'ipsec')) { $error = 1; - print STDERR "VPN commit error. Unable to re-enable ICMP redirects.\n"; + print STDERR "VPN commit error. Cluster service is referencing ipsec config.\n"; + } + if ($error == 0) { + if (is_vpn_running()) { + vpn_exec('ipsec setup --stop', 'stop ipsec'); + } + if (!enableICMP('1')) { + $error = 1; + print STDERR "VPN commit error. Unable to re-enable ICMP redirects.\n"; + } + write_config($genout, $config_file, $genout_secrets, $secrets_file); } - write_config($genout, $config_file, $genout_secrets, $secrets_file); } else { if (!enableICMP('0')) { $error = 1; |