diff options
author | John Southworth <john.southworth@vyatta.com> | 2011-01-27 17:55:06 -0600 |
---|---|---|
committer | John Southworth <john.southworth@vyatta.com> | 2011-01-27 17:55:06 -0600 |
commit | 05e78db6ccdc153c2109e215e4ffd639eadb2287 (patch) | |
tree | ca786ec1423e5d18322e2a592ec60175253c2886 /scripts | |
parent | df0c929978904b030f0b0c8c986c76a5e2cdcd37 (diff) | |
download | vyatta-op-vpn-05e78db6ccdc153c2109e215e4ffd639eadb2287.tar.gz vyatta-op-vpn-05e78db6ccdc153c2109e215e4ffd639eadb2287.zip |
Work on new IPsec operational mode script. Initial NAT-T detection code
Diffstat (limited to 'scripts')
-rwxr-xr-x | scripts/vyatta-op-vpn.pl | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/scripts/vyatta-op-vpn.pl b/scripts/vyatta-op-vpn.pl index af3f677..4c35997 100755 --- a/scripts/vyatta-op-vpn.pl +++ b/scripts/vyatta-op-vpn.pl @@ -131,12 +131,31 @@ sub get_tunnel_info { for my $connectid ( keys %tunnel_hash) { (my $peer, my $tunid) = ($connectid =~ /peer-(.*)-tunnel-(.*)/); my $config = new Vyatta::Config; + my $peerip = $peer; $config->setLevel('vpn ipsec site-to-site'); $tunnel_hash{$connectid}->{_leftid} = $config->returnValue("peer $peer authentication id"); $tunnel_hash{$connectid}->{_rightid} = $config->returnValue("peer $peer authentication remote-id"); $tunnel_hash{$connectid}->{_leftip} = $config->returnValue("peer $peer local-ip"); $tunnel_hash{$connectid}->{_srcnet} = $config->returnValue("peer $peer tunnel $tunid local-subnet"); $tunnel_hash{$connectid}->{_dstnet} = $config->returnValue("peer $peer tunnel $tunid remote-subnet"); + if ($peerip =~ /\@.*/){ + $peerip = "0.0.0.0"; + } elsif ($peerip =~ /"any"/){ + $peerip = "0.0.0.0"; + } + my $cmd = "sudo setkey -D |"; + open(SETKEY, $cmd); + my @setkey = []; + while(<SETKEY>){ + push (@setkey, $_); + } + foreach my $line (@setkey){ + if ($line =~ /$tunnel_hash{$connectid}->{_leftip}\[(.*?)\].*?$peerip\[(.*?)\]/){ + $tunnel_hash{$connectid}->{_natt} = 1; + $tunnel_hash{$connectid}->{_natsrc} = $1; + $tunnel_hash{$connectid}->{_natdst} = $2; + } + } } for my $peer ( keys %tunnel_hash ) { for my $key ( keys %{$tunnel_hash{$peer}} ) { |