From 24a757a122a7d3eee06f705a946d4ec9aac308fa Mon Sep 17 00:00:00 2001
From: John Southworth <john.southworth@vyatta.com>
Date: Tue, 28 Feb 2012 13:32:06 -0800
Subject: Bugfix 6839: Warn that pre-shared key changes aren't loaded until a
 rekey interval

---
 scripts/vpn-config.pl | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl
index a4a2428..faf7bb2 100755
--- a/scripts/vpn-config.pl
+++ b/scripts/vpn-config.pl
@@ -928,6 +928,12 @@ if ( $vcVPN->exists('ipsec') ) {
       } elsif ( defined($auth_mode) && ( $auth_mode eq 'pre-shared-secret' ) ) {
         my $psk = $vcVPN->returnValue(
           "ipsec site-to-site peer $peer authentication pre-shared-secret");
+        my $orig_psk = $vcVPN->returnOrigValue(
+          "ipsec site-to-site peer $peer authentication pre-shared-secret");
+        if ($psk ne $orig_psk){
+          print "WARNING: The pre-shared-secret will not be updated until the next re-keying interval\n";
+          print "To force the key change use: 'reset vpn ipsec-peer'\n";
+        }
         if ( !defined($psk) || $psk eq '' ) {
           vpn_die(["vpn","ipsec","site-to-site","peer",$peer,"authentication"],
             "$vpn_cfg_err No 'pre-shared-secret' specified for peer \"$peer\""
-- 
cgit v1.2.3