diff options
37 files changed, 20 insertions, 88 deletions
diff --git a/lib/OPMode.pm b/lib/OPMode.pm index fa51c66..ed57ea2 100644 --- a/lib/OPMode.pm +++ b/lib/OPMode.pm @@ -869,7 +869,7 @@ sub show_ipsec_sa_natt display_ipsec_sa_brief(\%tmphash); } sub show_ike_status{ - my $process_id = `sudo cat /var/run/pluto.pid`; + my $process_id = `sudo cat /var/run/charon.pid`; chomp $process_id; print <<EOS; diff --git a/scripts/vyatta-show-ipsec-status.pl b/scripts/vyatta-show-ipsec-status.pl index faa931e..a96d1dd 100644 --- a/scripts/vyatta-show-ipsec-status.pl +++ b/scripts/vyatta-show-ipsec-status.pl @@ -97,7 +97,7 @@ sub relate_intfs_with_localips { # main # -my $process_id = `sudo cat /var/run/pluto.pid`; +my $process_id = `sudo cat /var/run/charon.pid`; my $active_tunnels = `sudo ipsec status 2>/dev/null | grep 'newest IPsec SA: #' | grep -v 'newest IPsec SA: #0' | wc -l`; chomp $process_id; chomp $active_tunnels; diff --git a/scripts/vyatta-vpn-op.pl b/scripts/vyatta-vpn-op.pl index f862ef7..55ea1d5 100755 --- a/scripts/vyatta-vpn-op.pl +++ b/scripts/vyatta-vpn-op.pl @@ -44,28 +44,11 @@ sub clear_tunnel { my $cmd = undef; print "Resetting tunnel $tunnel with peer $peer...\n"; - - # back-up ipsec.conf - `sudo cp /etc/ipsec.conf /etc/ipsec.conf.bak.\$PPID`; - - # remove specific connection from ipsec.conf - `sudo sed -i -e '/conn peer-$peer-tunnel-$tunnel/,/#conn peer-$peer-tunnel-$tunnel/d' /etc/ipsec.conf`; - - # update ipsec connections - `sudo /usr/sbin/ipsec update >&/dev/null`; - - # sleep for 1/4th of a second for connection to go down - `sudo sleep 0.25`; - - # move original ipsec.conf back - `sudo mv /etc/ipsec.conf.bak.\$PPID /etc/ipsec.conf`; - - # update ipsec connections - `sudo /usr/sbin/ipsec update >&/dev/null`; - - # sleep for 3/4th of a second for connection to come up - # this gives us sometime before bringing clearing another tunnel - `sudo sleep 0.75`; + + # bring down the tunnel + `sudo /usr/sbin/ipsec down peer-$peer-tunnel-$tunnel`; + # bring up the tunnel + `sudo /usr/sbin/ipsec up peer-$peer-tunnel-$tunnel`; } if ($op eq '') { diff --git a/templates/restart/vpn/node.def b/templates/restart/vpn/node.def index 7cb9387..6d0f50c 100644 --- a/templates/restart/vpn/node.def +++ b/templates/restart/vpn/node.def @@ -1,7 +1,7 @@ help: Restart IPsec VPN run: if [ -n "$(cli-shell-api returnActiveValues \ vpn ipsec ipsec-interfaces interface)" ]; then - if pgrep pluto > /dev/null + if pgrep charon > /dev/null then /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=clear-vpn-ipsec-process else diff --git a/templates/show/vpn/debug/detail/node.def b/templates/show/vpn/debug/detail/node.def index ee3604d..0f88f1e 100644 --- a/templates/show/vpn/debug/detail/node.def +++ b/templates/show/vpn/debug/detail/node.def @@ -1,7 +1,7 @@ help: Show detailed VPN debugging information run: if [ -n "$(cli-shell-api returnActiveValues \ vpn ipsec ipsec-interfaces interface)" ]; then - if pgrep pluto > /dev/null + if pgrep charon > /dev/null then /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=show-vpn-debug-detail else diff --git a/templates/show/vpn/debug/node.def b/templates/show/vpn/debug/node.def index 7a33888..281228a 100644 --- a/templates/show/vpn/debug/node.def +++ b/templates/show/vpn/debug/node.def @@ -1,7 +1,7 @@ help: Show VPN debugging information run: if [ -n "$(cli-shell-api returnActiveValues \ vpn ipsec ipsec-interfaces interface)" ]; then - if pgrep pluto > /dev/null + if pgrep charon > /dev/null then /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=show-vpn-debug else diff --git a/templates/show/vpn/debug/peer/node.tag/node.def b/templates/show/vpn/debug/peer/node.tag/node.def index a27063a..a3a9573 100644 --- a/templates/show/vpn/debug/peer/node.tag/node.def +++ b/templates/show/vpn/debug/peer/node.tag/node.def @@ -2,7 +2,7 @@ help: Show debugging information for a peer allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-peers-for-cli run: if [ -n "$(cli-shell-api returnActiveValues \ vpn ipsec ipsec-interfaces interface)" ]; then - if pgrep pluto > /dev/null + if pgrep charon > /dev/null then /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=show-vpn-debug | grep peer-$5 else diff --git a/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def index c141ac0..3c96973 100644 --- a/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def +++ b/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def @@ -2,7 +2,7 @@ help: Show debugging information for a peer's tunnel allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[4]} run: if [ -n "$(cli-shell-api returnActiveValues \ vpn ipsec ipsec-interfaces interface)" ]; then - if pgrep pluto > /dev/null + if pgrep charon > /dev/null then /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=show-vpn-debug | grep "peer-$5-tunnel-$7" else diff --git a/templates/show/vpn/ipsec/sa/detail/node.def b/templates/show/vpn/ipsec/sa/detail/node.def deleted file mode 100644 index 1397817..0000000 --- a/templates/show/vpn/ipsec/sa/detail/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show details for all active IPsec Security Associations (SA) -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-detail - sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-detail diff --git a/templates/show/vpn/ipsec/sa/detail/peer/node.def b/templates/show/vpn/ipsec/sa/detail/peer/node.def deleted file mode 100644 index bbb34b8..0000000 --- a/templates/show/vpn/ipsec/sa/detail/peer/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show details for all active IPsec Security Associations (SA) for a peer diff --git a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def b/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def deleted file mode 100644 index cad43ba..0000000 --- a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show details for all active IPsec Security Associations (SA) for a peer -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-peers-for-cli -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-peer-detail="$7" diff --git a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.def b/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.def deleted file mode 100644 index 1bc4f2f..0000000 --- a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show details for the active IPsec Security Association (SA) for a peer's tunnel diff --git a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def deleted file mode 100644 index 470578e..0000000 --- a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show details for the active IPsec Security Associations (SA) for a peer's tunnel -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[6]} -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-conn-detail $7 $9 diff --git a/templates/show/vpn/ipsec/sa/detail/profile/node.def b/templates/show/vpn/ipsec/sa/detail/profile/node.def deleted file mode 100644 index 00a4e7c..0000000 --- a/templates/show/vpn/ipsec/sa/detail/profile/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show details for all active IPsec Security Associations (SA) for a profile diff --git a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def b/templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def deleted file mode 100644 index fbb6218..0000000 --- a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show details for all active IPsec Security Associations (SA) for a profile -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --get-profiles-for-cli -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-profile-detail="$7" diff --git a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.def b/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.def deleted file mode 100644 index 58100d8..0000000 --- a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show details for the active IPsec Security Association (SA) for a tunnel bound to profile diff --git a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def deleted file mode 100644 index ac5fd14..0000000 --- a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show details for the active IPsec Security Associations (SA) for a tunnel bound to profile -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --get-conn-for-cli=${COMP_WORDS[6]} -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-conn-detail $7 $9 diff --git a/templates/show/vpn/ipsec/sa/nat-traversal/node.def b/templates/show/vpn/ipsec/sa/nat-traversal/node.def deleted file mode 100644 index 7ea610b..0000000 --- a/templates/show/vpn/ipsec/sa/nat-traversal/node.def +++ /dev/null @@ -1,2 +0,0 @@ -help: Show all active IPsec Security Associations (SA) that are using NAT Traversal -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-natt diff --git a/templates/show/vpn/ipsec/sa/node.def b/templates/show/vpn/ipsec/sa/node.def index 287d489..be8f108 100644 --- a/templates/show/vpn/ipsec/sa/node.def +++ b/templates/show/vpn/ipsec/sa/node.def @@ -1,3 +1,8 @@ help: Show all active IPsec Security Associations (SA) -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa - sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa + +run: if pgrep charon >&/dev/null; then + sudo /usr/sbin/swanctl --list-sas + else + echo -e "IPSec Process NOT Running\n" + fi + diff --git a/templates/show/vpn/ipsec/sa/peer/node.def b/templates/show/vpn/ipsec/sa/peer/node.def deleted file mode 100644 index 7e5e913..0000000 --- a/templates/show/vpn/ipsec/sa/peer/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show all active IPsec Security Associations (SA) for a peer diff --git a/templates/show/vpn/ipsec/sa/peer/node.tag/node.def b/templates/show/vpn/ipsec/sa/peer/node.tag/node.def deleted file mode 100644 index 559bed5..0000000 --- a/templates/show/vpn/ipsec/sa/peer/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show all active IPsec Security Associations (SA) for a peer -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-peers-for-cli -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-peer="$6" diff --git a/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.def b/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.def deleted file mode 100644 index 0772ef3..0000000 --- a/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show the active IPsec Security Association (SA) for a peer's tunnel diff --git a/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def deleted file mode 100644 index 195f37a..0000000 --- a/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show the active IPsec Security Association (SA) for a peer's tunnel -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[5]} -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-conn $6 $8 diff --git a/templates/show/vpn/ipsec/sa/profile/node.def b/templates/show/vpn/ipsec/sa/profile/node.def deleted file mode 100644 index a0d7b44..0000000 --- a/templates/show/vpn/ipsec/sa/profile/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show all active IPsec Security Associations (SA) for a profile diff --git a/templates/show/vpn/ipsec/sa/profile/node.tag/node.def b/templates/show/vpn/ipsec/sa/profile/node.tag/node.def deleted file mode 100644 index 76e66a5..0000000 --- a/templates/show/vpn/ipsec/sa/profile/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show all active IPsec Security Associations (SA) for a profile -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --get-profiles-for-cli -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-profile="$6" diff --git a/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.def b/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.def deleted file mode 100644 index ca0ec72..0000000 --- a/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show the active IPsec Security Association (SA) for a profiles's tunnel diff --git a/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def deleted file mode 100644 index 3f0af98..0000000 --- a/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show the active IPsec Security Association (SA) for a profile's tunnel -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --get-conn-for-cli=${COMP_WORDS[5]} -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-conn $6 $8 diff --git a/templates/show/vpn/ipsec/sa/statistics/node.def b/templates/show/vpn/ipsec/sa/statistics/node.def deleted file mode 100644 index 84fa4b7..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show statistics of all active tunnels that have IPsec Security Associations (SA) -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-stats - sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-stats diff --git a/templates/show/vpn/ipsec/sa/statistics/peer/node.def b/templates/show/vpn/ipsec/sa/statistics/peer/node.def deleted file mode 100644 index b104a83..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/peer/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show stats for all active IPsec Security Associations (SA) for a peer diff --git a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def b/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def deleted file mode 100644 index 758333e..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show stats for all active IPsec Security Associations (SA) for a peer -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-peers-for-cli -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-stats-peer="$7" diff --git a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.def b/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.def deleted file mode 100644 index 561cd42..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show stats for the active IPsec Security Association (SA) for a peer's tunnel diff --git a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def deleted file mode 100644 index 1902c22..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show stats for the active IPsec Security Association (SA) for a peer's tunnel -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[6]} -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-stats-conn $7 $9 diff --git a/templates/show/vpn/ipsec/sa/statistics/profile/node.def b/templates/show/vpn/ipsec/sa/statistics/profile/node.def deleted file mode 100644 index 7b5e040..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/profile/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show stats for all active IPsec Security Associations (SA) for a profile diff --git a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def b/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def deleted file mode 100644 index 9d49f44..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show stats for all active IPsec Security Associations (SA) for a profile -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --get-profiles-for-cli -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-stats-profile="$7" diff --git a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.def b/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.def deleted file mode 100644 index 4b131c5..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show stats for the active IPsec Security Association (SA) for a tunnel bound to profile diff --git a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def deleted file mode 100644 index b8aa7dc..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show stats for the active IPsec Security Association (SA) for a tunnel bound to profile -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --get-conn-for-cli=${COMP_WORDS[6]} -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-stats-conn $7 $9 diff --git a/templates/show/vpn/ipsec/status/node.def b/templates/show/vpn/ipsec/status/node.def index bf4ebf7..3c48c60 100644 --- a/templates/show/vpn/ipsec/status/node.def +++ b/templates/show/vpn/ipsec/status/node.def @@ -1,5 +1,5 @@ help: Show status of IPsec process -run: if pgrep pluto >&/dev/null; then +run: if pgrep charon >&/dev/null; then /opt/vyatta/bin/sudo-users/vyatta-show-ipsec-status.pl else echo -e "IPSec Process NOT Running\n" |