From de904a56dfd7687a088decd6a76b386e362cfa5b Mon Sep 17 00:00:00 2001
From: An-Cheng Huang <ancheng@vyatta.com>
Date: Fri, 29 May 2009 18:35:35 -0700
Subject: 0.12.8

---
 debian/changelog | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 47ff365..9480251 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+vyatta-cfg-vpn (0.12.8) unstable; urgency=low
+
+  * UNRELEASED
+
+ -- An-Cheng Huang <ancheng@vyatta.com>  Fri, 29 May 2009 18:35:35 -0700
+
 vyatta-cfg-vpn (0.12.7) unstable; urgency=low
 
   * Fix 3836: Allow VPN authentication ID to accept values of IP
-- 
cgit v1.2.3


From 1ee7a6dc6c246dab2db65bd07b5ecc0e4146b8ba Mon Sep 17 00:00:00 2001
From: Stig Thormodsrud <stig@vyatta.com>
Date: Fri, 10 Jul 2009 13:43:19 -0700
Subject: Fix 4623: Removing IPSEC VPN config without removing cluster ipsec
 config drops all interfaces. Add a check to prevent deleting ipsec if it's
 referenced by cluster. (cherry picked from commit
 b17d768af5845cb5b74e9ba8c6d8f8e2701bb0f6)

---
 scripts/vpn-config.pl | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl
index d65f977..af3f432 100755
--- a/scripts/vpn-config.pl
+++ b/scripts/vpn-config.pl
@@ -798,14 +798,20 @@ if (!(defined($config_file) && ($config_file ne '') && defined($secrets_file) &&
 if ($error == 0) {
     if ($vcVPN->isDeleted('.') || !$vcVPN->exists('.')
         || $vcVPN->isDeleted('ipsec') || !$vcVPN->exists('ipsec')) {
-	if (is_vpn_running()) {
-	    vpn_exec('ipsec setup --stop', 'stop ipsec');
-	}
-	if (!enableICMP('1')) {
+	if (Vyatta::Misc::isClusterIP($vc, 'ipsec')) { 
 	    $error = 1;
-	    print STDERR "VPN commit error.  Unable to re-enable ICMP redirects.\n";
+	    print STDERR "VPN commit error.  Cluster service is referencing ipsec config.\n";
+	} 
+	if ($error == 0) {
+	    if (is_vpn_running()) {
+		vpn_exec('ipsec setup --stop', 'stop ipsec');
+	    }
+	    if (!enableICMP('1')) {
+		$error = 1;
+		print STDERR "VPN commit error.  Unable to re-enable ICMP redirects.\n";
+	    }
+	    write_config($genout, $config_file, $genout_secrets, $secrets_file);
 	}
-	write_config($genout, $config_file, $genout_secrets, $secrets_file);
     } else {
 	if (!enableICMP('0')) {
 	    $error = 1;
-- 
cgit v1.2.3


From 851a3a394edfb5fec64ece5b700be5fa4b4f8d29 Mon Sep 17 00:00:00 2001
From: Stig Thormodsrud <stig@vyatta.com>
Date: Fri, 10 Jul 2009 14:13:06 -0700
Subject: 0.12.9

---
 debian/changelog | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 9480251..a6e7208 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+vyatta-cfg-vpn (0.12.9) unstable; urgency=low
+
+  * Fix 4623: Removing IPSEC VPN config without removing cluster ipsec
+    config drops all interfaces.
+
+ -- Stig Thormodsrud <stig@vyatta.com>  Fri, 10 Jul 2009 14:13:06 -0700
+
 vyatta-cfg-vpn (0.12.8) unstable; urgency=low
 
   * UNRELEASED
-- 
cgit v1.2.3