diff options
| author | Saurabh Mohan <saurabh@vyatta.com> | 2012-05-18 14:50:32 -0700 |
|---|---|---|
| committer | Saurabh Mohan <saurabh@vyatta.com> | 2012-05-18 14:50:32 -0700 |
| commit | 34ce3a9b1b3339d3c5874057e5d31c61b68b0e6e (patch) | |
| tree | 3507a6a302bdfc2797067be8db88db0a3d6085ed /templates/vpn/ipsec/site-to-site | |
| parent | 37126e2b3b8d40fc43d8c7803b6eb3f1f14c760f (diff) | |
| download | vyatta-cfg-vpn-34ce3a9b1b3339d3c5874057e5d31c61b68b0e6e.tar.gz vyatta-cfg-vpn-34ce3a9b1b3339d3c5874057e5d31c61b68b0e6e.zip | |
VTI: cfg mark/bind change handlers.
Diffstat (limited to 'templates/vpn/ipsec/site-to-site')
| -rw-r--r-- | templates/vpn/ipsec/site-to-site/peer/node.tag/vti/bind/node.def | 16 | ||||
| -rw-r--r-- | templates/vpn/ipsec/site-to-site/peer/node.tag/vti/mark/node.def | 13 |
2 files changed, 29 insertions, 0 deletions
diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/bind/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/bind/node.def index 01bb112..c8b2222 100644 --- a/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/bind/node.def +++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/bind/node.def @@ -1,3 +1,19 @@ type: txt help: VTI tunnel interface associated with this configuration [REQUIRED] allowed: cli-shell-api listActiveNodes interfaces vti + +update: + old_vti=`cli-shell-api returnActiveValue vpn ipsec site-to-site peer $VAR(../../@) vti bind` + if [ ! -z "$old_vti" ] ; then + if [ -d /sys/class/net/$old_vti ] ; then + sudo ip tunnel del $old_vti + fi + fi + +delete: + old_vti=`cli-shell-api returnActiveValue vpn ipsec site-to-site peer $VAR(../../@) vti bind` + if [ ! -z "$old_vti" ] ; then + if [ -d /sys/class/net/$old_vti ] ; then + sudo ip tunnel del $old_vti + fi + fi diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/mark/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/mark/node.def index 1d29970..0841bd2 100644 --- a/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/mark/node.def +++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/mark/node.def @@ -1,2 +1,15 @@ type: u32 help: Mark associated with the secure tunnel interface [REQUIRED] + +update: + old_mark=`cli-shell-api returnActiveValue vpn ipsec site-to-site peer $VAR(../../@) vti mark` + if [ ! -z "$old_mark" ] ; then + sudo iptables -t mangle -D PREROUTING -s $VAR(../../@) -p esp -j MARK --set-mark $old_mark + sudo iptables -t mangle -D PREROUTING -s $VAR(../../@) -p udp --dport 4500 -j MARK --set-mark $old_mark + fi + sudo iptables -t mangle -A PREROUTING -s $VAR(../../@) -p esp -j MARK --set-mark $VAR(@) + sudo iptables -t mangle -A PREROUTING -s $VAR(../../@) -p udp --dport 4500 -j MARK --set-mark $VAR(@) + +delete: + sudo iptables -t mangle -D PREROUTING -s $VAR(../../@) -p esp -j MARK --set-mark $VAR(@) + sudo iptables -t mangle -D PREROUTING -s $VAR(../../@) -p udp --dport 4500 -j MARK --set-mark $VAR(@) |