diff options
| author | Saurabh Mohan <saurabh.mohan@vyatta.com> | 2013-01-29 15:52:30 -0800 |
|---|---|---|
| committer | Saurabh Mohan <saurabh.mohan@vyatta.com> | 2013-01-29 15:52:30 -0800 |
| commit | d2e06245883e98a1ea8a4940211652f60a6294b3 (patch) | |
| tree | 130d01ae0bd96060d1e26475aabe7b79d010f5b6 | |
| parent | f985848659239d50f202ca98bdcdb081bd15dbd7 (diff) | |
| download | vyatta-op-vpn-d2e06245883e98a1ea8a4940211652f60a6294b3.tar.gz vyatta-op-vpn-d2e06245883e98a1ea8a4940211652f60a6294b3.zip | |
Support for reset vpn ipsec-profile
| -rw-r--r-- | Makefile.am | 1 | ||||
| -rw-r--r-- | scripts/vyatta-dmvpn-op.pl | 90 | ||||
| -rw-r--r-- | templates/reset/vpn/ipsec-profile/node.def | 1 | ||||
| -rw-r--r-- | templates/reset/vpn/ipsec-profile/node.tag/node.def | 6 | ||||
| -rw-r--r-- | templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.def | 1 | ||||
| -rw-r--r-- | templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def | 10 |
6 files changed, 109 insertions, 0 deletions
diff --git a/Makefile.am b/Makefile.am index 02d96a4..1422d22 100644 --- a/Makefile.am +++ b/Makefile.am @@ -10,6 +10,7 @@ share_perl5_vpnprof_DATA = lib/vpnprof/OPMode.pm bin_sudo_users_SCRIPTS = scripts/gen_local_rsa_key.pl bin_sudo_users_SCRIPTS += scripts/vyatta-show-vpn.pl bin_sudo_users_SCRIPTS += scripts/vyatta-vpn-op.pl +bin_sudo_users_SCRIPTS += scripts/vyatta-dmvpn-op.pl bin_sudo_users_SCRIPTS += scripts/vyatta-op-vpn.pl bin_sudo_users_SCRIPTS += scripts/vyatta-op-vpnprof.pl bin_sudo_users_SCRIPTS += scripts/vyatta-show-ipsec-status.pl diff --git a/scripts/vyatta-dmvpn-op.pl b/scripts/vyatta-dmvpn-op.pl new file mode 100644 index 0000000..4a33498 --- /dev/null +++ b/scripts/vyatta-dmvpn-op.pl @@ -0,0 +1,90 @@ +#!/usr/bin/perl -w + +use strict; +use warnings; +use lib "/opt/vyatta/share/perl5/"; +use Vyatta::Config; +use Getopt::Long; +my $op=''; +my $profile=undef; +my $tunnel=undef; +my $profile_path='vpn ipsec profile'; + +GetOptions( "op=s" => \$op, + "profile=s" => \$profile, + "tunnel=s" => \$tunnel); + +sub get_tunnels { + my $profile = undef; + $profile = shift; + my @profile_tunnels = (); + if (defined $profile) { + my $config = new Vyatta::Config; + @profile_tunnels = $config->listOrigNodes("$profile_path $profile bind tunnel"); + } + return @profile_tunnels; +} + +sub clear_tunnel { + my ($profile, $tunnel) = @_; + my $error = undef; + my $cmd = undef; + + print "Resetting tunnel $tunnel with profile $profile...\n"; + + # turn down the connection + `sudo ipsec down dmvpn-$profile-tunnel-$tunnel`; + + # sleep for 1/4th of a second for connection to go down + `sudo sleep 0.25`; + + # turn connection up + `sudo ipsec up dmvpn-$profile-tunnel-$tunnel`; + + # sleep for 3/4th of a second for connection to come up + `sudo sleep 0.75`; +} + +if ($op eq '') { + die 'No op specified'; +} + +if ($op eq 'get-all-profiles') { + # get all ipsec profiles + my $config = new Vyatta::Config; + my @profiles = (); + @profiles = $config->listOrigNodes("$profile_path"); + print "@profiles\n"; + +} elsif ($op eq 'get-tunnels-for-profile') { + # get all tunnels for a specific profile + die 'Undefined profile to get list of tunnels for' if ! defined $profile; + my @profile_tunnels = get_tunnels("$profile"); + print "@profile_tunnels\n"; + +} elsif ($op eq 'clear-tunnels-for-profile') { + # clear all tunnels for a given profile + die 'Undefined profile to clear tunnels for' if ! defined $profile; + my @profile_tunnels = get_tunnels("$profile"); + if (scalar(@profile_tunnels)>0) { + foreach my $tun (sort @profile_tunnels) { + clear_tunnel($profile, $tun); + } + } + +} elsif ($op eq 'clear-specific-tunnel-for-profile') { + # clear a specific tunnel for a given profile + die 'Undefined profile to clear tunnel for' if ! defined $profile; + die 'Undefined tunnel for profile $profile' if ! defined $tunnel; + my @profile_tunnels = get_tunnels("$profile"); + if (scalar(grep(/^$tunnel$/,@profile_tunnels))>0) { + clear_tunnel($profile, $tunnel); + } else { + die "Undefined tunnel $tunnel for profile $profile\n"; + } + +} else { + die "Unknown op: $op"; +} + +exit 0; diff --git a/templates/reset/vpn/ipsec-profile/node.def b/templates/reset/vpn/ipsec-profile/node.def new file mode 100644 index 0000000..fb5a749 --- /dev/null +++ b/templates/reset/vpn/ipsec-profile/node.def @@ -0,0 +1 @@ +help: Reset all tunnels for given profile diff --git a/templates/reset/vpn/ipsec-profile/node.tag/node.def b/templates/reset/vpn/ipsec-profile/node.tag/node.def new file mode 100644 index 0000000..639fac3 --- /dev/null +++ b/templates/reset/vpn/ipsec-profile/node.tag/node.def @@ -0,0 +1,6 @@ +help: Reset all tunnels for given profile + +allowed: /opt/vyatta/bin/sudo-users/vyatta-dmvpn-op.pl --op=get-all-profiles + +run: /opt/vyatta/bin/sudo-users/vyatta-dmvpn-op.pl \ + --op=clear-tunnels-for-profile --profile="$4" diff --git a/templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.def b/templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.def new file mode 100644 index 0000000..57f4e36 --- /dev/null +++ b/templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.def @@ -0,0 +1 @@ +help: Reset a specific tunnel for given profile diff --git a/templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def b/templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def new file mode 100644 index 0000000..08e299f --- /dev/null +++ b/templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def @@ -0,0 +1,10 @@ +help: Reset a specific tunnel for given profile + +allowed: /opt/vyatta/bin/sudo-users/vyatta-dmvpn-op.pl \ + --op=get-tunnels-for-profile \ + --profile="${COMP_WORDS[COMP_CWORD-2]}" + +run: /opt/vyatta/bin/sudo-users/vyatta-dmvpn-op.pl \ + --op=clear-specific-tunnel-for-profile \ + --profile="$4" \ + --tunnel="$6" |