* Fix Bug 4017 Add the ability to restart individual IPSec tunnels

added new operational mode commands - clear vpn ipsec-peer peer <peer> # clear all tunnels for given peer clear vpn ipsec-peer peer <peer> tunnel <tunnel> # clear specific tunnel If peer is 0.0.0.0/any/@id then tunnel is brought down and loaded again but connection is not initiated as remote end could be multiple end-points The remote ends will bring up the tunnel when they get/detect tunnel down * don't call script with sudo from templates. use sudo in script where needed * script clean up
author: Mohit Mehta <mohit.mehta@vyatta.com> 2009-10-09 16:59:53 -0700
committer: Mohit Mehta <mohit.mehta@vyatta.com> 2009-10-09 16:59:53 -0700
commit: 92a42fb741210a774309ceb8da438e005d80421f (patch)
tree: e417e184d033c9e9b5b2c419c142cc23c6112a5d /templates
parent: 4337b53ed0fcf777d1ed5e4b227450bd44a484b4 (diff)
download: vyatta-op-vpn-92a42fb741210a774309ceb8da438e005d80421f.tar.gz
vyatta-op-vpn-92a42fb741210a774309ceb8da438e005d80421f.zip
7 files changed, 21 insertions, 3 deletions
diff --git a/templates/clear/vpn/ipsec-peer/node.def b/templates/clear/vpn/ipsec-peer/node.def
new file mode 100644
index 0000000..48cdff9
--- /dev/null
+++ b/templates/clear/vpn/ipsec-peer/node.def
@@ -0,0 +1 @@
+help: Clear all tunnels for given peer
diff --git a/templates/clear/vpn/ipsec-peer/node.tag/node.def b/templates/clear/vpn/ipsec-peer/node.tag/node.def
new file mode 100644
index 0000000..0e29756
--- /dev/null
+++ b/templates/clear/vpn/ipsec-peer/node.tag/node.def
@@ -0,0 +1,6 @@
+help: Clear all tunnels for given peer
+
+allowed: /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=get-all-peers
+
+run:  /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl \
+      --op=clear-tunnels-for-peer --peer="$4"
diff --git a/templates/clear/vpn/ipsec-peer/node.tag/tunnel/node.def b/templates/clear/vpn/ipsec-peer/node.tag/tunnel/node.def
new file mode 100644
index 0000000..2add8cd
--- /dev/null
+++ b/templates/clear/vpn/ipsec-peer/node.tag/tunnel/node.def
@@ -0,0 +1 @@
+help: Clear a specific tunnel for given peer
diff --git a/templates/clear/vpn/ipsec-peer/node.tag/tunnel/node.tag/node.def b/templates/clear/vpn/ipsec-peer/node.tag/tunnel/node.tag/node.def
new file mode 100644
index 0000000..91b4ff3
--- /dev/null
+++ b/templates/clear/vpn/ipsec-peer/node.tag/tunnel/node.tag/node.def
@@ -0,0 +1,10 @@
+help: Clear a specific tunnel for given peer
+
+allowed: /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl \
+        --op=get-tunnels-for-peer \
+        --peer="${COMP_WORDS[COMP_CWORD-2]}"
+
+run: /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl \
+        --op=clear-specific-tunnel-for-peer \
+        --peer="$4" \
+        --tunnel="$6"
diff --git a/templates/clear/vpn/ipsec-process/node.def b/templates/clear/vpn/ipsec-process/node.def
index 0f7e233..8ced091 100644
--- a/templates/clear/vpn/ipsec-process/node.def
+++ b/templates/clear/vpn/ipsec-process/node.def
@@ -1,6 +1,6 @@
 help: Restart VPN ipsec process
 run: if [ -d $VYATTA_ACTIVE_CONFIGURATION_DIR/vpn/ipsec/site-to-site/peer ] && [ -n "`ls $VYATTA_ACTIVE_CONFIGURATION_DIR/vpn/ipsec/site-to-site/peer/`" ] ; then
-        sudo /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=clear-vpn-ipsec-process
+        /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=clear-vpn-ipsec-process
      else
         echo VPN ipsec not configured
      fi
diff --git a/templates/show/vpn/debug/detail/node.def b/templates/show/vpn/debug/detail/node.def
index c12cac8..112cbf6 100644
--- a/templates/show/vpn/debug/detail/node.def
+++ b/templates/show/vpn/debug/detail/node.def
@@ -1,6 +1,6 @@
 help: Show detailed VPN debugging information
 run: if [ -d $VYATTA_ACTIVE_CONFIGURATION_DIR/vpn/ipsec/site-to-site/peer ] && [ -n "`ls $VYATTA_ACTIVE_CONFIGURATION_DIR/vpn/ipsec/site-to-site/peer/`" ] ; then
-        sudo /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=show-vpn-debug-detail
+        /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=show-vpn-debug-detail
      else
         echo VPN ipsec not configured
      fi
diff --git a/templates/show/vpn/debug/node.def b/templates/show/vpn/debug/node.def
index ceb64c9..2327d95 100644
--- a/templates/show/vpn/debug/node.def
+++ b/templates/show/vpn/debug/node.def
@@ -1,6 +1,6 @@
 help: Show VPN debugging information
 run: if [ -d $VYATTA_ACTIVE_CONFIGURATION_DIR/vpn/ipsec/site-to-site/peer ] && [ -n "`ls $VYATTA_ACTIVE_CONFIGURATION_DIR/vpn/ipsec/site-to-site/peer/`" ] ; then
-        sudo /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=show-vpn-debug
+        /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=show-vpn-debug
      else
         echo VPN ipsec not configured
      fi
author	Mohit Mehta <mohit.mehta@vyatta.com>	2009-10-09 16:59:53 -0700
committer	Mohit Mehta <mohit.mehta@vyatta.com>	2009-10-09 16:59:53 -0700
commit	92a42fb741210a774309ceb8da438e005d80421f (patch)
tree	e417e184d033c9e9b5b2c419c142cc23c6112a5d /templates
parent	4337b53ed0fcf777d1ed5e4b227450bd44a484b4 (diff)
download	vyatta-op-vpn-92a42fb741210a774309ceb8da438e005d80421f.tar.gz vyatta-op-vpn-92a42fb741210a774309ceb8da438e005d80421f.zip