diff options
Diffstat (limited to 'scripts/vyatta-ipsec-dhcp.pl')
| -rwxr-xr-x | scripts/vyatta-ipsec-dhcp.pl | 104 |
1 files changed, 0 insertions, 104 deletions
diff --git a/scripts/vyatta-ipsec-dhcp.pl b/scripts/vyatta-ipsec-dhcp.pl deleted file mode 100755 index 6b8782c..0000000 --- a/scripts/vyatta-ipsec-dhcp.pl +++ /dev/null @@ -1,104 +0,0 @@ -#!/usr/bin/perl -use Getopt::Long; -use strict; - -my $config_file = "/etc/ipsec.conf"; -my $secrets_file = "/etc/ipsec.secrets"; - -sub logger { - my $msg = pop(@_); - my $FACILITY = "daemon"; - my $LEVEL = "notice"; - my $TAG = "ipsec-dhclient-hook"; - my $LOGCMD = "logger -t $TAG -p $FACILITY.$LEVEL"; - system("$LOGCMD $msg"); -} - -my ($iface, $config_iface, $nip, $oip, $reason); -GetOptions("interface=s" => \$iface, - "new_ip=s" => \$nip, - "old_ip=s" => \$oip, - "reason=s" => \$reason); - -# check if an update is needed -exit(0) if (($oip eq $nip) && ($reason ne "BOUND")); -logger("DHCP address updated to $nip from $oip: Updating ipsec configuration."); - -# open ipsec config -open (my $FD, '<', $config_file); -my $header = ''; -my $footer = ''; -my $finheader = 0; -my %connhash = (); -my $curconn = ''; -foreach my $line (<$FD>){ - next if (($line =~/^\s*$/) && $finheader); - if ($line =~ /\#conn.*/){ - $curconn = ''; - next; - } - if ($line =~ /(peer-.*-tunnel.*)/){ - $finheader = 1; - my $connid = $1; - $curconn = $connid; - if (not exists $connhash{$connid}){ - $connhash{$connid} = { - _dhcp_iface => undef, - _lip => undef, - _lines => [] - }; - } - } elsif (($line =~ /dhcp-interface=(.*)/) && ($curconn ne '') ){ - $connhash{$curconn}->{_dhcp_iface}=$1; - } elsif (($line =~ /left=(.*)/) && ($curconn ne '') ){ - $connhash{$curconn}->{_lip}=$1; - } elsif (!$finheader){ - $header .= $line; - } elsif ($curconn ne ''){ - push (@{$connhash{"$curconn"}->{_lines}}, $line); - } elsif ($curconn eq ''){ - $footer .= $line; - } -} -close($FD); - -# output new ipsec.conf -open my $output_config, '>', $config_file - or die "Can't open $config_file: $!"; - -print ${output_config} "$header\n"; -foreach my $connid ( keys (%connhash)){ - print ${output_config} "conn $connid\n"; - if (defined($connhash{$connid}->{_dhcp_iface})){ - if ($connhash{$connid}->{_dhcp_iface} eq $iface){ - $connhash{$connid}->{_lip} = $nip; - } - print ${output_config} "\t\#dhcp-interface=$connhash{$connid}->{_dhcp_iface}\n"; - } - print ${output_config} "\tleft=$connhash{$connid}->{_lip}\n"; - foreach my $line (@{$connhash{$connid}->{_lines}}){ - print ${output_config} $line; - } - print ${output_config} "\#conn $connid\n\n"; -} -print ${output_config} "$footer\n"; -close $output_config; - -# change ipsec.secrets -open (my $FD, '<', $secrets_file); -my @lines = <$FD>; -close FD; -open my $output_secrets, '>', $secrets_file - or die "Can't open $secrets_file"; -foreach my $line (@lines){ - if (($line =~ /(.*)\#dhcp-interface=(.*)\#/) && ($2 eq $iface)){ - my $secretline = $1; - $nip = "#" if ($nip eq ''); - $secretline =~ /(.*?) (.*?) : PSK (.*)/; - $line = "$nip $2 : PSK $3\#dhcp-interface=$iface\#\n"; - } - print ${output_secrets} $line; -} -close $output_secrets; -system ("/usr/sbin/ipsec rereadall > /dev/null 2>&1"); -system ("/usr/sbin/ipsec update > /dev/null 2>&1"); |