Bring the VPN tunnel down and up as opposed to commenting it out in the ipsec.conf file

Commenting out the tunnel and restoring it does not reset the tunnel.

Use the ipsec commands to actually bring it down and back up to properly
reset the tunnel.

1 files changed, 5 insertions, 22 deletions

diff --git a/scripts/vyatta-vpn-op.pl b/scripts/vyatta-vpn-op.pl
index f862ef7..55ea1d5 100755
--- a/scripts/vyatta-vpn-op.pl
+++ b/scripts/vyatta-vpn-op.pl
@@ -44,28 +44,11 @@ sub clear_tunnel {
   my $cmd = undef;
   
   print "Resetting tunnel $tunnel with peer $peer...\n";
-
-  # back-up ipsec.conf
-  `sudo cp /etc/ipsec.conf /etc/ipsec.conf.bak.\$PPID`;
-
-  # remove specific connection from ipsec.conf
-  `sudo sed -i -e '/conn peer-$peer-tunnel-$tunnel/,/#conn peer-$peer-tunnel-$tunnel/d' /etc/ipsec.conf`;
-
-  # update ipsec connections
-  `sudo /usr/sbin/ipsec update >&/dev/null`;
-
-  # sleep for 1/4th of a second for connection to go down
-  `sudo sleep 0.25`;
-
-  # move original ipsec.conf back
-  `sudo mv /etc/ipsec.conf.bak.\$PPID /etc/ipsec.conf`;
-
-  # update ipsec connections
-  `sudo /usr/sbin/ipsec update >&/dev/null`;
-
-  # sleep for 3/4th of a second for connection to come up
-  # this gives us sometime before bringing clearing another tunnel
-  `sudo sleep 0.75`;
+  
+  # bring down the tunnel
+  `sudo /usr/sbin/ipsec down peer-$peer-tunnel-$tunnel`;
+  # bring up the tunnel
+  `sudo /usr/sbin/ipsec up peer-$peer-tunnel-$tunnel`;
 }
 
 if ($op eq '') {