diff options
| author | Daniil Baturin <daniil@baturin.org> | 2017-09-04 04:08:59 +0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-09-04 04:08:59 +0700 |
| commit | 9324923d31d389110e2ab882a035982e2b269417 (patch) | |
| tree | 1ce5e1911f588045a92e385cde8dd7630ffb47d7 | |
| parent | dc80f5eb559758fd999c70345d576e189f7f3afd (diff) | |
| parent | f6f567b8b168dbe0d4bdb1b08c0f84faa0d362cb (diff) | |
| download | vyatta-op-vpn-9324923d31d389110e2ab882a035982e2b269417.tar.gz vyatta-op-vpn-9324923d31d389110e2ab882a035982e2b269417.zip | |
Merge pull request #22 from jules-vyos/current
Fixes for show vpn ike sa and show vpn ipsec sa
| -rw-r--r-- | lib/OPMode.pm | 16 | ||||
| -rw-r--r-- | templates/show/vpn/ipsec/sa/node.def | 2 |
2 files changed, 11 insertions, 7 deletions
diff --git a/lib/OPMode.pm b/lib/OPMode.pm index 0068e96..38bea1c 100644 --- a/lib/OPMode.pm +++ b/lib/OPMode.pm @@ -615,19 +615,21 @@ sub process_tunnels{ $tunnel_hash{$connectid}->{_ikelife} = $ikelife; $tunnel_hash{$connectid}->{_pfsgrp} = $pfs_group; - } elsif ($line =~ /\]:\s+IKE.* SPIs: .* (reauthentication|rekeying) (disabled|in .*)/) { + } elsif ($line =~ /\]:\s+IKE.* SPIs:/) { my $ikever; ($ikever) = $line =~ /IKEv(.*?) SPI/; $tunnel_hash{$connectid}->{_ikever} = $ikever; my $expiry_time; - (undef,$expiry_time) = $line =~ /(reauthentication|rekeying) (.*)/; - $tunnel_hash{$connectid}->{_ikeexpire} = conv_time($expiry_time); + if($line =~ /(reauthentication|rekeying)/) + {(undef,$expiry_time) = $line =~ /(reauthentication|rekeying) (.*)/; + $tunnel_hash{$connectid}->{_ikeexpire} = conv_time($expiry_time); + my $atime = $tunnel_hash{$connectid}->{_ikelife} - $tunnel_hash{$connectid}->{_ikeexpire}; # $atime = $ike_lifetime - $ike_expire if (($ike_lifetime ne 'n/a') && ($ike_expire ne 'n/a')); $tunnel_hash{$connectid}->{_ikestate} = "up" if ($atime >= 0); - + } } elsif ($line =~ /\]:\s+IKE.proposal:(.*?)\/(.*?)\/(.*?)\/(.*)/) { $tunnel_hash{$connectid}->{_ikeencrypt} = $1; $tunnel_hash{$connectid}->{_ikehash} = $2; @@ -1260,7 +1262,7 @@ sub display_ike_sa_brief { my $lip = $th{$connectid}->{_lip}; $peerid = $th{$connectid}->{_rip}; my $tunnel = "$peerid-$lip"; - next if ($th{$connectid}->{_ikestate} eq 'down'); + #next if ($th{$connectid}->{_ikestate} eq 'down'); if (not exists $tunhash{$tunnel}) { $tunhash{$tunnel}={ _configpeer => conv_id_rev($th{$connectid}->{_peerid}), @@ -1304,8 +1306,10 @@ EOH $dhgrp = conv_dh_group($dhgrp)."(".$dhgrp.")"; my $atime = $life - $expire; $atime = 0 if ($atime == $life); + my $ike_out = "N/A"; + $ike_out = "IKEv".$ver if( $ver > 0 ); printf " %-6s %-6s %-8s %-7s %-14s %-6s %-7s %-7s\n", - $state, "IKEv".$ver, $enc, $hash, $dhgrp, $natt, $atime, $life; + $state, $ike_out, $enc, $hash, $dhgrp, $natt, $atime, $life; } print "\n \n"; } diff --git a/templates/show/vpn/ipsec/sa/node.def b/templates/show/vpn/ipsec/sa/node.def index 99a5cc1..7f569bd 100644 --- a/templates/show/vpn/ipsec/sa/node.def +++ b/templates/show/vpn/ipsec/sa/node.def @@ -1,6 +1,6 @@ help: Show all active IPsec Security Associations (SA) run: if pgrep charon >&/dev/null; then - sudo /usr/sbin/swanctl --list-sas + sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa else echo -e "IPSec Process NOT Running\n" fi |