summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitignore42
-rw-r--r--Makefile.am6
-rw-r--r--configure.ac55
-rwxr-xr-xdebian/autogen.sh4
-rw-r--r--debian/changelog2
-rw-r--r--m4/relpaths.m4155
-rwxr-xr-xscripts/vyatta-gen-x509-keypair.in (renamed from scripts/vyatta-gen-x509-keypair.sh.in)0
-rw-r--r--templates/generate/vpn/rsa-key/bits/node.tag/node.def.in (renamed from templates/generate/vpn/rsa-key/bits/node.tag/node.def)2
-rw-r--r--templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def.in (renamed from templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def)2
-rw-r--r--templates/generate/vpn/rsa-key/node.def2
-rw-r--r--templates/generate/vpn/rsa-key/node.def.in2
-rw-r--r--templates/generate/vpn/x509/key-pair/node.tag/node.def.in (renamed from templates/generate/vpn/x509/key-pair/node.tag/node.def)2
-rw-r--r--templates/reset/vpn/ipsec-peer/node.tag/node.def6
-rw-r--r--templates/reset/vpn/ipsec-peer/node.tag/node.def.in6
-rw-r--r--templates/reset/vpn/ipsec-peer/node.tag/tunnel/node.tag/node.def.in (renamed from templates/reset/vpn/ipsec-peer/node.tag/tunnel/node.tag/node.def)4
-rw-r--r--templates/reset/vpn/ipsec-peer/node.tag/vti/node.def.in (renamed from templates/reset/vpn/ipsec-peer/node.tag/vti/node.def)2
-rw-r--r--templates/reset/vpn/ipsec-profile/node.tag/node.def6
-rw-r--r--templates/reset/vpn/ipsec-profile/node.tag/node.def.in6
-rw-r--r--templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def.in (renamed from templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def)4
-rw-r--r--templates/restart/vpn/node.def.in (renamed from templates/restart/vpn/node.def)2
-rw-r--r--templates/show/vpn/debug/detail/node.def.in (renamed from templates/show/vpn/debug/detail/node.def)2
-rw-r--r--templates/show/vpn/debug/node.def.in (renamed from templates/show/vpn/debug/node.def)2
-rw-r--r--templates/show/vpn/debug/peer/node.tag/node.def.in (renamed from templates/show/vpn/debug/peer/node.tag/node.def)4
-rw-r--r--templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def.in (renamed from templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def)4
-rw-r--r--templates/show/vpn/ike/rsa-keys/node.def2
-rw-r--r--templates/show/vpn/ike/rsa-keys/node.def.in2
-rw-r--r--templates/show/vpn/ike/sa/nat-traversal/node.def.in (renamed from templates/show/vpn/ike/sa/nat-traversal/node.def)2
-rw-r--r--templates/show/vpn/ike/sa/node.def2
-rw-r--r--templates/show/vpn/ike/sa/node.def.in2
-rw-r--r--templates/show/vpn/ike/sa/peer/node.tag/node.def3
-rw-r--r--templates/show/vpn/ike/sa/peer/node.tag/node.def.in3
-rw-r--r--templates/show/vpn/ike/secrets/node.def2
-rw-r--r--templates/show/vpn/ike/secrets/node.def.in2
-rw-r--r--templates/show/vpn/ike/status/node.def2
-rw-r--r--templates/show/vpn/ike/status/node.def.in2
-rw-r--r--templates/show/vpn/ipsec/sa/detail/node.def.in3
-rw-r--r--templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def.in3
-rw-r--r--templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def.in3
-rw-r--r--templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def.in3
-rw-r--r--templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def.in3
-rw-r--r--templates/show/vpn/ipsec/sa/nat-traversal/node.def.in2
-rw-r--r--templates/show/vpn/ipsec/sa/node.def8
-rw-r--r--templates/show/vpn/ipsec/sa/node.def.in3
-rw-r--r--templates/show/vpn/ipsec/sa/peer/node.tag/node.def.in3
-rw-r--r--templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def.in3
-rw-r--r--templates/show/vpn/ipsec/sa/profile/node.tag/node.def.in3
-rw-r--r--templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def.in3
-rw-r--r--templates/show/vpn/ipsec/sa/statistics/node.def.in3
-rw-r--r--templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def.in3
-rw-r--r--templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def.in3
-rw-r--r--templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def.in3
-rw-r--r--templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def.in3
-rw-r--r--templates/show/vpn/ipsec/status/node.def.in (renamed from templates/show/vpn/ipsec/status/node.def)2
53 files changed, 339 insertions, 64 deletions
diff --git a/.gitignore b/.gitignore
index 67bea90..470b73c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
*~
-/m4
+m4/lt*.m4
+m4/libtool.m4
.*.swp
*.[oa]
*.l[oa]
@@ -27,4 +28,41 @@ libtool
/Makefile
/command_proc_show_vpn
-/scripts/vyatta-gen-x509-keypair.sh \ No newline at end of file
+templates/generate/vpn/rsa-key/bits/node.tag/node.def
+templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def
+templates/generate/vpn/rsa-key/node.def
+templates/generate/vpn/x509/key-pair/node.tag/node.def
+templates/reset/vpn/ipsec-peer/node.tag/node.def
+templates/reset/vpn/ipsec-peer/node.tag/tunnel/node.tag/node.def
+templates/reset/vpn/ipsec-peer/node.tag/vti/node.def
+templates/reset/vpn/ipsec-profile/node.tag/node.def
+templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def
+templates/restart/vpn/node.def
+templates/show/vpn/debug/detail/node.def
+templates/show/vpn/debug/node.def
+templates/show/vpn/debug/peer/node.tag/node.def
+templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def
+templates/show/vpn/ike/rsa-keys/node.def
+templates/show/vpn/ike/sa/nat-traversal/node.def
+templates/show/vpn/ike/sa/node.def
+templates/show/vpn/ike/sa/peer/node.tag/node.def
+templates/show/vpn/ike/secrets/node.def
+templates/show/vpn/ike/status/node.def
+templates/show/vpn/ipsec/sa/detail/node.def
+templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def
+templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def
+templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def
+templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def
+templates/show/vpn/ipsec/sa/nat-traversal/node.def
+templates/show/vpn/ipsec/sa/node.def
+templates/show/vpn/ipsec/sa/peer/node.tag/node.def
+templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def
+templates/show/vpn/ipsec/sa/profile/node.tag/node.def
+templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def
+templates/show/vpn/ipsec/sa/statistics/node.def
+templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def
+templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def
+templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def
+templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def
+templates/show/vpn/ipsec/status/node.def
+/scripts/vyatta-gen-x509-keypair \ No newline at end of file
diff --git a/Makefile.am b/Makefile.am
index f15d7c0..490b1f1 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -21,11 +21,9 @@ cpiop = find . ! -regex '\(.*~\|.*\.bak\|.*\.swp\|.*\#.*\#\)' -print0 | \
cpio -0pd
install-exec-hook:
- mkdir -p $(DESTDIR)${sysconfdir}
- mkdir -p $(DESTDIR)${sbindir}
- cp scripts/vyatta-gen-x509-keypair.sh $(DESTDIR)${sbindir}/vyatta-gen-x509-keypair
+ mkdir -p $(DESTDIR)${sysconfdir} $(DESTDIR)${sbindir} $(DESTDIR)$(opdir)
+ cp scripts/vyatta-gen-x509-keypair $(DESTDIR)${sbindir}/
cp scripts/key-pair.template $(DESTDIR)${sysconfdir}
- mkdir -p $(DESTDIR)$(opdir)
cd templates; $(cpiop) $(DESTDIR)$(opdir)
diff --git a/configure.ac b/configure.ac
index 3d9a504..6002c2d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,7 +1,7 @@
# Process this file with autoconf to produce a configure script.
AC_PREREQ(2.59)
-m4_define([DEFAULT_PREFIX], "/opt/vyatta")
+m4_define([DEFAULT_PREFIX], [/opt/vyatta])
m4_define([VERSION_ID], [m4_esyscmd([
if test -f .version ; then
@@ -24,6 +24,9 @@ else
XSLDIR="$prefix/share/xsl/"
fi
+adl_RECURSIVE_EVAL([$bindir/sudo-users/],[SUDOUSRDIR])
+adl_RECURSIVE_EVAL([$sbindir/],[SBINDIR])
+
AC_PROG_CC
AC_PROG_CXX
AM_PROG_AS
@@ -39,14 +42,56 @@ AC_ARG_ENABLE([nostrip],
AC_SUBST(NOSTRIP)
AC_SUBST(XSLDIR)
+AC_SUBST(SUDOUSRDIR)
+AC_SUBST(SBINDIR)
AC_OUTPUT([
Makefile
- scripts/vyatta-gen-x509-keypair.sh
+ scripts/vyatta-gen-x509-keypair
+ templates/restart/vpn/node.def
+ templates/generate/vpn/x509/key-pair/node.tag/node.def
+ templates/generate/vpn/rsa-key/node.def
+ templates/generate/vpn/rsa-key/bits/node.tag/node.def
+ templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def
+ templates/show/vpn/ipsec/status/node.def
+ templates/show/vpn/ipsec/sa/node.def
+ templates/show/vpn/ipsec/sa/nat-traversal/node.def
+ templates/show/vpn/ipsec/sa/statistics/node.def
+ templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def
+ templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def
+ templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def
+ templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def
+ templates/show/vpn/ipsec/sa/detail/node.def
+ templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def
+ templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def
+ templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def
+ templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def
+ templates/show/vpn/ipsec/sa/profile/node.tag/node.def
+ templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def
+ templates/show/vpn/ipsec/sa/peer/node.tag/node.def
+ templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def
+ templates/show/vpn/debug/node.def
+ templates/show/vpn/debug/detail/node.def
+ templates/show/vpn/debug/peer/node.tag/node.def
+ templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def
+ templates/show/vpn/ike/secrets/node.def
+ templates/show/vpn/ike/status/node.def
+ templates/show/vpn/ike/sa/node.def
+ templates/show/vpn/ike/sa/nat-traversal/node.def
+ templates/show/vpn/ike/sa/peer/node.tag/node.def
+ templates/show/vpn/ike/rsa-keys/node.def
+ templates/reset/vpn/ipsec-profile/node.tag/node.def
+ templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def
+ templates/reset/vpn/ipsec-peer/node.tag/node.def
+ templates/reset/vpn/ipsec-peer/node.tag/vti/node.def
+ templates/reset/vpn/ipsec-peer/node.tag/tunnel/node.tag/node.def
])
-echo "prefix: ${prefix}"
-echo "sysconfdir: ${sysconfdir}"
+echo "prefix: ${prefix}"
+echo "sbindir: ${sbindir}"
+echo "sysconfdir: ${sysconfdir}"
echo "datarootdir: ${datarootdir}"
-echo "XSLDIR: ${XSLDIR}"
+echo "XSLDIR: ${XSLDIR}"
+echo "SBINDIR: ${SBINDIR}"
+echo "SUDOUSRDIR: ${SUDOUSRDIR}"
diff --git a/debian/autogen.sh b/debian/autogen.sh
index 92719c8..70ecdeb 100755
--- a/debian/autogen.sh
+++ b/debian/autogen.sh
@@ -1,10 +1,10 @@
#!/bin/sh
-rm -rf config m4
+rm -rf config
rm -f aclocal.m4 config.guess config.statusconfig.sub configure INSTALL
-mkdir -p m4
+mkdir -p
autoreconf --force --install
rm -f config.sub config.guess
diff --git a/debian/changelog b/debian/changelog
index c7cd4d1..13bbddd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -14,7 +14,7 @@ vyatta-op-vpn (0.15.0+vyos2+current2+nmu1) UNRELEASED; urgency=low
- unknown substitution variable ${shlibs:Depends} - removed
* address dpkg-source issue:
- debian/source/format set to "3.0 (native)"
-
+ * removed all references to /opt/vyatta but one from source
-- C.J. Collier <cjcollier@linuxfoundation.org> Wed, 11 May 2016 02:33:38 +0000
diff --git a/m4/relpaths.m4 b/m4/relpaths.m4
new file mode 100644
index 0000000..15f24b3
--- /dev/null
+++ b/m4/relpaths.m4
@@ -0,0 +1,155 @@
+dnl @synopsis adl_COMPUTE_RELATIVE_PATHS(PATH_LIST)
+dnl
+dnl PATH_LIST is a space-separated list of colon-separated triplets of
+dnl the form 'FROM:TO:RESULT'. This function iterates over these
+dnl triplets and set $RESULT to the relative path from $FROM to $TO.
+dnl Note that $FROM and $TO needs to be absolute filenames for this
+dnl macro to success.
+dnl
+dnl For instance,
+dnl
+dnl first=/usr/local/bin
+dnl second=/usr/local/share
+dnl adl_COMPUTE_RELATIVE_PATHS([first:second:fs second:first:sf])
+dnl # $fs is set to ../share
+dnl # $sf is set to ../bin
+dnl
+dnl $FROM and $TO are both eval'ed recursively and normalized, this
+dnl means that you can call this macro with autoconf's dirnames like
+dnl `prefix' or `datadir'. For example:
+dnl
+dnl adl_COMPUTE_RELATIVE_PATHS([bindir:datadir:bin_to_data])
+dnl
+dnl adl_COMPUTE_RELATIVE_PATHS should also works with DOS filenames.
+dnl
+dnl You may want to use this macro in order to make your package
+dnl relocatable. Instead of hardcoding $datadir into your programs just
+dnl encode $bin_to_data and try to determine $bindir at run-time.
+dnl
+dnl This macro requires adl_NORMALIZE_PATH.
+dnl
+dnl @category Misc
+dnl @author Alexandre Duret-Lutz <duret_g@epita.fr>
+dnl @version 2001-05-25
+dnl @license GPLWithACException
+
+AC_DEFUN([adl_COMPUTE_RELATIVE_PATHS],
+[for _lcl_i in $1; do
+ _lcl_from=\[$]`echo "[$]_lcl_i" | sed 's,:.*$,,'`
+ _lcl_to=\[$]`echo "[$]_lcl_i" | sed 's,^[[^:]]*:,,' | sed 's,:[[^:]]*$,,'`
+ _lcl_result_var=`echo "[$]_lcl_i" | sed 's,^.*:,,'`
+ adl_RECURSIVE_EVAL([[$]_lcl_from], [_lcl_from])
+ adl_RECURSIVE_EVAL([[$]_lcl_to], [_lcl_to])
+ _lcl_notation="$_lcl_from$_lcl_to"
+ adl_NORMALIZE_PATH([_lcl_from],['/'])
+ adl_NORMALIZE_PATH([_lcl_to],['/'])
+ adl_COMPUTE_RELATIVE_PATH([_lcl_from], [_lcl_to], [_lcl_result_tmp])
+ adl_NORMALIZE_PATH([_lcl_result_tmp],["[$]_lcl_notation"])
+ eval $_lcl_result_var='[$]_lcl_result_tmp'
+done])
+
+## Note:
+## *****
+## The following helper macros are too fragile to be used out
+## of adl_COMPUTE_RELATIVE_PATHS (mainly because they assume that
+## paths are normalized), that's why I'm keeping them in the same file.
+## Still, some of them maybe worth to reuse.
+
+dnl adl_COMPUTE_RELATIVE_PATH(FROM, TO, RESULT)
+dnl ===========================================
+dnl Compute the relative path to go from $FROM to $TO and set the value
+dnl of $RESULT to that value. This function work on raw filenames
+dnl (for instead it will considerate /usr//local and /usr/local as
+dnl two distinct paths), you should really use adl_COMPUTE_REALTIVE_PATHS
+dnl instead to have the paths sanitized automatically.
+dnl
+dnl For instance:
+dnl first_dir=/somewhere/on/my/disk/bin
+dnl second_dir=/somewhere/on/another/disk/share
+dnl adl_COMPUTE_RELATIVE_PATH(first_dir, second_dir, first_to_second)
+dnl will set $first_to_second to '../../../another/disk/share'.
+AC_DEFUN([adl_COMPUTE_RELATIVE_PATH],
+[adl_COMPUTE_COMMON_PATH([$1], [$2], [_lcl_common_prefix])
+adl_COMPUTE_BACK_PATH([$1], [_lcl_common_prefix], [_lcl_first_rel])
+adl_COMPUTE_SUFFIX_PATH([$2], [_lcl_common_prefix], [_lcl_second_suffix])
+$3="[$]_lcl_first_rel[$]_lcl_second_suffix"])
+
+dnl adl_COMPUTE_COMMON_PATH(LEFT, RIGHT, RESULT)
+dnl ============================================
+dnl Compute the common path to $LEFT and $RIGHT and set the result to $RESULT.
+dnl
+dnl For instance:
+dnl first_path=/somewhere/on/my/disk/bin
+dnl second_path=/somewhere/on/another/disk/share
+dnl adl_COMPUTE_COMMON_PATH(first_path, second_path, common_path)
+dnl will set $common_path to '/somewhere/on'.
+AC_DEFUN([adl_COMPUTE_COMMON_PATH],
+[$3=''
+_lcl_second_prefix_match=''
+while test "[$]_lcl_second_prefix_match" != 0; do
+ _lcl_first_prefix=`expr "x[$]$1" : "x\([$]$3/*[[^/]]*\)"`
+ _lcl_second_prefix_match=`expr "x[$]$2" : "x[$]_lcl_first_prefix"`
+ if test "[$]_lcl_second_prefix_match" != 0; then
+ if test "[$]_lcl_first_prefix" != "[$]$3"; then
+ $3="[$]_lcl_first_prefix"
+ else
+ _lcl_second_prefix_match=0
+ fi
+ fi
+done])
+
+dnl adl_COMPUTE_SUFFIX_PATH(PATH, SUBPATH, RESULT)
+dnl ==============================================
+dnl Substrack $SUBPATH from $PATH, and set the resulting suffix
+dnl (or the empty string if $SUBPATH is not a subpath of $PATH)
+dnl to $RESULT.
+dnl
+dnl For instace:
+dnl first_path=/somewhere/on/my/disk/bin
+dnl second_path=/somewhere/on
+dnl adl_COMPUTE_SUFFIX_PATH(first_path, second_path, common_path)
+dnl will set $common_path to '/my/disk/bin'.
+AC_DEFUN([adl_COMPUTE_SUFFIX_PATH],
+[$3=`expr "x[$]$1" : "x[$]$2/*\(.*\)"`])
+
+dnl adl_COMPUTE_BACK_PATH(PATH, SUBPATH, RESULT)
+dnl ============================================
+dnl Compute the relative path to go from $PATH to $SUBPATH, knowing that
+dnl $SUBPATH is a subpath of $PATH (any other words, only repeated '../'
+dnl should be needed to move from $PATH to $SUBPATH) and set the value
+dnl of $RESULT to that value. If $SUBPATH is not a subpath of PATH,
+dnl set $RESULT to the empty string.
+dnl
+dnl For instance:
+dnl first_path=/somewhere/on/my/disk/bin
+dnl second_path=/somewhere/on
+dnl adl_COMPUTE_BACK_PATH(first_path, second_path, back_path)
+dnl will set $back_path to '../../../'.
+AC_DEFUN([adl_COMPUTE_BACK_PATH],
+[adl_COMPUTE_SUFFIX_PATH([$1], [$2], [_lcl_first_suffix])
+$3=''
+_lcl_tmp='xxx'
+while test "[$]_lcl_tmp" != ''; do
+ _lcl_tmp=`expr "x[$]_lcl_first_suffix" : "x[[^/]]*/*\(.*\)"`
+ if test "[$]_lcl_first_suffix" != ''; then
+ _lcl_first_suffix="[$]_lcl_tmp"
+ $3="../[$]$3"
+ fi
+done])
+
+
+dnl adl_RECURSIVE_EVAL(VALUE, RESULT)
+dnl =================================
+dnl Interpolate the VALUE in loop until it doesn't change,
+dnl and set the result to $RESULT.
+dnl WARNING: It's easy to get an infinite loop with some unsane input.
+AC_DEFUN([adl_RECURSIVE_EVAL],
+[_lcl_receval="$1"
+$2=`(test "x$prefix" = xNONE && prefix="$ac_default_prefix"
+ test "x$exec_prefix" = xNONE && exec_prefix="${prefix}"
+ _lcl_receval_old=''
+ while test "[$]_lcl_receval_old" != "[$]_lcl_receval"; do
+ _lcl_receval_old="[$]_lcl_receval"
+ eval _lcl_receval="\"[$]_lcl_receval\""
+ done
+ echo "[$]_lcl_receval")`])
diff --git a/scripts/vyatta-gen-x509-keypair.sh.in b/scripts/vyatta-gen-x509-keypair.in
index 194ac4f..194ac4f 100755
--- a/scripts/vyatta-gen-x509-keypair.sh.in
+++ b/scripts/vyatta-gen-x509-keypair.in
diff --git a/templates/generate/vpn/rsa-key/bits/node.tag/node.def b/templates/generate/vpn/rsa-key/bits/node.tag/node.def.in
index fa2fed2..2eae9cc 100644
--- a/templates/generate/vpn/rsa-key/bits/node.tag/node.def
+++ b/templates/generate/vpn/rsa-key/bits/node.tag/node.def.in
@@ -1,3 +1,3 @@
help: Generate local RSA key with specified number of bits
-run: sudo /opt/vyatta/bin/sudo-users/gen_local_rsa_key.pl "$5" /dev/random
+run: sudo @SUDOUSRDIR@/gen_local_rsa_key.pl "$5" /dev/random
allowed: echo -n '<16-4096>'
diff --git a/templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def b/templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def.in
index eb11433..81a9633 100644
--- a/templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def
+++ b/templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def.in
@@ -1,3 +1,3 @@
help: Generate local RSA key with specified number of bits and random device
-run: sudo /opt/vyatta/bin/sudo-users/gen_local_rsa_key.pl "$5" "$7"
+run: sudo @SUDOUSRDIR@/gen_local_rsa_key.pl "$5" "$7"
allowed: echo -n '/dev/random /dev/urandom'
diff --git a/templates/generate/vpn/rsa-key/node.def b/templates/generate/vpn/rsa-key/node.def
deleted file mode 100644
index 60296f2..0000000
--- a/templates/generate/vpn/rsa-key/node.def
+++ /dev/null
@@ -1,2 +0,0 @@
-help: Generate local RSA key (default: bits=2192 device=/dev/random)
-run: sudo /opt/vyatta/bin/sudo-users/gen_local_rsa_key.pl 2192 /dev/random
diff --git a/templates/generate/vpn/rsa-key/node.def.in b/templates/generate/vpn/rsa-key/node.def.in
new file mode 100644
index 0000000..482f32c
--- /dev/null
+++ b/templates/generate/vpn/rsa-key/node.def.in
@@ -0,0 +1,2 @@
+help: Generate local RSA key (default: bits=2192 device=/dev/random)
+run: sudo @SUDOUSRDIR@/gen_local_rsa_key.pl 2192 /dev/random
diff --git a/templates/generate/vpn/x509/key-pair/node.tag/node.def b/templates/generate/vpn/x509/key-pair/node.tag/node.def.in
index dc21935..2c87956 100644
--- a/templates/generate/vpn/x509/key-pair/node.tag/node.def
+++ b/templates/generate/vpn/x509/key-pair/node.tag/node.def.in
@@ -1,4 +1,4 @@
help: Generate x509 key-pair
run:
- sudo /opt/vyatta/sbin/vyatta-gen-x509-keypair $5
+ sudo @SBINDIR@/vyatta-gen-x509-keypair $5
allowed: echo -n '<common-name>'
diff --git a/templates/reset/vpn/ipsec-peer/node.tag/node.def b/templates/reset/vpn/ipsec-peer/node.tag/node.def
deleted file mode 100644
index fa55d52..0000000
--- a/templates/reset/vpn/ipsec-peer/node.tag/node.def
+++ /dev/null
@@ -1,6 +0,0 @@
-help: Reset all tunnels for given peer
-
-allowed: /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=get-all-peers
-
-run: /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl \
- --op=clear-tunnels-for-peer --peer="$4"
diff --git a/templates/reset/vpn/ipsec-peer/node.tag/node.def.in b/templates/reset/vpn/ipsec-peer/node.tag/node.def.in
new file mode 100644
index 0000000..621c40a
--- /dev/null
+++ b/templates/reset/vpn/ipsec-peer/node.tag/node.def.in
@@ -0,0 +1,6 @@
+help: Reset all tunnels for given peer
+
+allowed: @SUDOUSRDIR@/vyatta-vpn-op.pl --op=get-all-peers
+
+run: @SUDOUSRDIR@/vyatta-vpn-op.pl \
+ --op=clear-tunnels-for-peer --peer="$4"
diff --git a/templates/reset/vpn/ipsec-peer/node.tag/tunnel/node.tag/node.def b/templates/reset/vpn/ipsec-peer/node.tag/tunnel/node.tag/node.def.in
index eecb740..4407515 100644
--- a/templates/reset/vpn/ipsec-peer/node.tag/tunnel/node.tag/node.def
+++ b/templates/reset/vpn/ipsec-peer/node.tag/tunnel/node.tag/node.def.in
@@ -1,10 +1,10 @@
help: Reset a specific tunnel for given peer
-allowed: /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl \
+allowed: @SUDOUSRDIR@/vyatta-vpn-op.pl \
--op=get-tunnels-for-peer \
--peer="${COMP_WORDS[COMP_CWORD-2]}"
-run: /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl \
+run: @SUDOUSRDIR@/vyatta-vpn-op.pl \
--op=clear-specific-tunnel-for-peer \
--peer="$4" \
--tunnel="$6"
diff --git a/templates/reset/vpn/ipsec-peer/node.tag/vti/node.def b/templates/reset/vpn/ipsec-peer/node.tag/vti/node.def.in
index f0f39a8..2e8e9be 100644
--- a/templates/reset/vpn/ipsec-peer/node.tag/vti/node.def
+++ b/templates/reset/vpn/ipsec-peer/node.tag/vti/node.def.in
@@ -1,5 +1,5 @@
help: Reset a vti tunnel for given peer
-run: /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl \
+run: @SUDOUSRDIR@/vyatta-vpn-op.pl \
--op=clear-vtis-for-peer \
--peer="$4"
diff --git a/templates/reset/vpn/ipsec-profile/node.tag/node.def b/templates/reset/vpn/ipsec-profile/node.tag/node.def
deleted file mode 100644
index 639fac3..0000000
--- a/templates/reset/vpn/ipsec-profile/node.tag/node.def
+++ /dev/null
@@ -1,6 +0,0 @@
-help: Reset all tunnels for given profile
-
-allowed: /opt/vyatta/bin/sudo-users/vyatta-dmvpn-op.pl --op=get-all-profiles
-
-run: /opt/vyatta/bin/sudo-users/vyatta-dmvpn-op.pl \
- --op=clear-tunnels-for-profile --profile="$4"
diff --git a/templates/reset/vpn/ipsec-profile/node.tag/node.def.in b/templates/reset/vpn/ipsec-profile/node.tag/node.def.in
new file mode 100644
index 0000000..ea90853
--- /dev/null
+++ b/templates/reset/vpn/ipsec-profile/node.tag/node.def.in
@@ -0,0 +1,6 @@
+help: Reset all tunnels for given profile
+
+allowed: @SUDOUSRDIR@/vyatta-dmvpn-op.pl --op=get-all-profiles
+
+run: @SUDOUSRDIR@/vyatta-dmvpn-op.pl \
+ --op=clear-tunnels-for-profile --profile="$4"
diff --git a/templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def b/templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def.in
index 08e299f..f5eda6c 100644
--- a/templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def
+++ b/templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def.in
@@ -1,10 +1,10 @@
help: Reset a specific tunnel for given profile
-allowed: /opt/vyatta/bin/sudo-users/vyatta-dmvpn-op.pl \
+allowed: @SUDOUSRDIR@/vyatta-dmvpn-op.pl \
--op=get-tunnels-for-profile \
--profile="${COMP_WORDS[COMP_CWORD-2]}"
-run: /opt/vyatta/bin/sudo-users/vyatta-dmvpn-op.pl \
+run: @SUDOUSRDIR@/vyatta-dmvpn-op.pl \
--op=clear-specific-tunnel-for-profile \
--profile="$4" \
--tunnel="$6"
diff --git a/templates/restart/vpn/node.def b/templates/restart/vpn/node.def.in
index 6d0f50c..4366d19 100644
--- a/templates/restart/vpn/node.def
+++ b/templates/restart/vpn/node.def.in
@@ -3,7 +3,7 @@ run: if [ -n "$(cli-shell-api returnActiveValues \
vpn ipsec ipsec-interfaces interface)" ]; then
if pgrep charon > /dev/null
then
- /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=clear-vpn-ipsec-process
+ @SUDOUSRDIR@/vyatta-vpn-op.pl --op=clear-vpn-ipsec-process
else
echo IPsec process not running
fi
diff --git a/templates/show/vpn/debug/detail/node.def b/templates/show/vpn/debug/detail/node.def.in
index 0f88f1e..8eb4e70 100644
--- a/templates/show/vpn/debug/detail/node.def
+++ b/templates/show/vpn/debug/detail/node.def.in
@@ -3,7 +3,7 @@ run: if [ -n "$(cli-shell-api returnActiveValues \
vpn ipsec ipsec-interfaces interface)" ]; then
if pgrep charon > /dev/null
then
- /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=show-vpn-debug-detail
+ @SUDOUSRDIR@/vyatta-vpn-op.pl --op=show-vpn-debug-detail
else
echo IPsec process not running
fi
diff --git a/templates/show/vpn/debug/node.def b/templates/show/vpn/debug/node.def.in
index 281228a..6fb98de 100644
--- a/templates/show/vpn/debug/node.def
+++ b/templates/show/vpn/debug/node.def.in
@@ -3,7 +3,7 @@ run: if [ -n "$(cli-shell-api returnActiveValues \
vpn ipsec ipsec-interfaces interface)" ]; then
if pgrep charon > /dev/null
then
- /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=show-vpn-debug
+ @SUDOUSRDIR@/vyatta-vpn-op.pl --op=show-vpn-debug
else
echo IPsec process not running
fi
diff --git a/templates/show/vpn/debug/peer/node.tag/node.def b/templates/show/vpn/debug/peer/node.tag/node.def.in
index a3a9573..bd60ed5 100644
--- a/templates/show/vpn/debug/peer/node.tag/node.def
+++ b/templates/show/vpn/debug/peer/node.tag/node.def.in
@@ -1,10 +1,10 @@
help: Show debugging information for a peer
-allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-peers-for-cli
+allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-peers-for-cli
run: if [ -n "$(cli-shell-api returnActiveValues \
vpn ipsec ipsec-interfaces interface)" ]; then
if pgrep charon > /dev/null
then
- /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=show-vpn-debug | grep peer-$5
+ @SUDOUSRDIR@/vyatta-vpn-op.pl --op=show-vpn-debug | grep peer-$5
else
echo IPsec process not running
fi
diff --git a/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def.in
index 3c96973..ca422e3 100644
--- a/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def
+++ b/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def.in
@@ -1,10 +1,10 @@
help: Show debugging information for a peer's tunnel
-allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[4]}
+allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[4]}
run: if [ -n "$(cli-shell-api returnActiveValues \
vpn ipsec ipsec-interfaces interface)" ]; then
if pgrep charon > /dev/null
then
- /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=show-vpn-debug | grep "peer-$5-tunnel-$7"
+ @SUDOUSRDIR@/vyatta-vpn-op.pl --op=show-vpn-debug | grep "peer-$5-tunnel-$7"
else
echo IPsec process not running
fi
diff --git a/templates/show/vpn/ike/rsa-keys/node.def b/templates/show/vpn/ike/rsa-keys/node.def
deleted file mode 100644
index 6d3baa5..0000000
--- a/templates/show/vpn/ike/rsa-keys/node.def
+++ /dev/null
@@ -1,2 +0,0 @@
-help: Show VPN RSA keys
-run: sudo /opt/vyatta/bin/sudo-users/vyatta-show-vpn.pl rsa-keys
diff --git a/templates/show/vpn/ike/rsa-keys/node.def.in b/templates/show/vpn/ike/rsa-keys/node.def.in
new file mode 100644
index 0000000..255ca18
--- /dev/null
+++ b/templates/show/vpn/ike/rsa-keys/node.def.in
@@ -0,0 +1,2 @@
+help: Show VPN RSA keys
+run: sudo @SUDOUSRDIR@/vyatta-show-vpn.pl rsa-keys
diff --git a/templates/show/vpn/ike/sa/nat-traversal/node.def b/templates/show/vpn/ike/sa/nat-traversal/node.def.in
index 3855c49..6c62b12 100644
--- a/templates/show/vpn/ike/sa/nat-traversal/node.def
+++ b/templates/show/vpn/ike/sa/nat-traversal/node.def.in
@@ -1,2 +1,2 @@
help: Show all currently active IKE Security Associations (SA) that are using NAT Traversal
-run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ike-sa-natt
+run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ike-sa-natt
diff --git a/templates/show/vpn/ike/sa/node.def b/templates/show/vpn/ike/sa/node.def
deleted file mode 100644
index 051d657..0000000
--- a/templates/show/vpn/ike/sa/node.def
+++ /dev/null
@@ -1,2 +0,0 @@
-help: Show all currently active IKE Security Associations (SA)
-run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ike-sa
diff --git a/templates/show/vpn/ike/sa/node.def.in b/templates/show/vpn/ike/sa/node.def.in
new file mode 100644
index 0000000..e372ff7
--- /dev/null
+++ b/templates/show/vpn/ike/sa/node.def.in
@@ -0,0 +1,2 @@
+help: Show all currently active IKE Security Associations (SA)
+run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ike-sa
diff --git a/templates/show/vpn/ike/sa/peer/node.tag/node.def b/templates/show/vpn/ike/sa/peer/node.tag/node.def
deleted file mode 100644
index c76b71b..0000000
--- a/templates/show/vpn/ike/sa/peer/node.tag/node.def
+++ /dev/null
@@ -1,3 +0,0 @@
-help: Show all currently active IKE Security Associations (SA) for a peer
-allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-peers-for-cli
-run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ike-sa-peer="$6"
diff --git a/templates/show/vpn/ike/sa/peer/node.tag/node.def.in b/templates/show/vpn/ike/sa/peer/node.tag/node.def.in
new file mode 100644
index 0000000..a9782ad
--- /dev/null
+++ b/templates/show/vpn/ike/sa/peer/node.tag/node.def.in
@@ -0,0 +1,3 @@
+help: Show all currently active IKE Security Associations (SA) for a peer
+allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-peers-for-cli
+run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ike-sa-peer="$6"
diff --git a/templates/show/vpn/ike/secrets/node.def b/templates/show/vpn/ike/secrets/node.def
deleted file mode 100644
index ec4073c..0000000
--- a/templates/show/vpn/ike/secrets/node.def
+++ /dev/null
@@ -1,2 +0,0 @@
-help: Show all the pre-shared key secrets
-run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ike-secrets
diff --git a/templates/show/vpn/ike/secrets/node.def.in b/templates/show/vpn/ike/secrets/node.def.in
new file mode 100644
index 0000000..3d1a32d
--- /dev/null
+++ b/templates/show/vpn/ike/secrets/node.def.in
@@ -0,0 +1,2 @@
+help: Show all the pre-shared key secrets
+run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ike-secrets
diff --git a/templates/show/vpn/ike/status/node.def b/templates/show/vpn/ike/status/node.def
deleted file mode 100644
index e74a741..0000000
--- a/templates/show/vpn/ike/status/node.def
+++ /dev/null
@@ -1,2 +0,0 @@
-help: Show summary of IKE process information
-run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ike-status
diff --git a/templates/show/vpn/ike/status/node.def.in b/templates/show/vpn/ike/status/node.def.in
new file mode 100644
index 0000000..7cc9b10
--- /dev/null
+++ b/templates/show/vpn/ike/status/node.def.in
@@ -0,0 +1,2 @@
+help: Show summary of IKE process information
+run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ike-status
diff --git a/templates/show/vpn/ipsec/sa/detail/node.def.in b/templates/show/vpn/ipsec/sa/detail/node.def.in
new file mode 100644
index 0000000..781d61b
--- /dev/null
+++ b/templates/show/vpn/ipsec/sa/detail/node.def.in
@@ -0,0 +1,3 @@
+help: Show details for all active IPsec Security Associations (SA)
+run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-detail
+ sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-detail
diff --git a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def.in
new file mode 100644
index 0000000..659acfa
--- /dev/null
+++ b/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def.in
@@ -0,0 +1,3 @@
+help: Show details for all active IPsec Security Associations (SA) for a peer
+allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-peers-for-cli
+run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-peer-detail="$7"
diff --git a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def.in
new file mode 100644
index 0000000..5c121c3
--- /dev/null
+++ b/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def.in
@@ -0,0 +1,3 @@
+help: Show details for the active IPsec Security Associations (SA) for a peer's tunnel
+allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[6]}
+run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-conn-detail $7 $9
diff --git a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def.in
new file mode 100644
index 0000000..bcbc520
--- /dev/null
+++ b/templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def.in
@@ -0,0 +1,3 @@
+help: Show details for all active IPsec Security Associations (SA) for a profile
+allowed: @SUDOUSRDIR@/vyatta-op-vpnprof.pl --get-profiles-for-cli
+run: sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-profile-detail="$7"
diff --git a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def.in
new file mode 100644
index 0000000..e31b008
--- /dev/null
+++ b/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def.in
@@ -0,0 +1,3 @@
+help: Show details for the active IPsec Security Associations (SA) for a tunnel bound to profile
+allowed: @SUDOUSRDIR@/vyatta-op-vpnprof.pl --get-conn-for-cli=${COMP_WORDS[6]}
+run: sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-conn-detail $7 $9
diff --git a/templates/show/vpn/ipsec/sa/nat-traversal/node.def.in b/templates/show/vpn/ipsec/sa/nat-traversal/node.def.in
new file mode 100644
index 0000000..f3bbe87
--- /dev/null
+++ b/templates/show/vpn/ipsec/sa/nat-traversal/node.def.in
@@ -0,0 +1,2 @@
+help: Show all active IPsec Security Associations (SA) that are using NAT Traversal
+run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-natt
diff --git a/templates/show/vpn/ipsec/sa/node.def b/templates/show/vpn/ipsec/sa/node.def
deleted file mode 100644
index be8f108..0000000
--- a/templates/show/vpn/ipsec/sa/node.def
+++ /dev/null
@@ -1,8 +0,0 @@
-help: Show all active IPsec Security Associations (SA)
-
-run: if pgrep charon >&/dev/null; then
- sudo /usr/sbin/swanctl --list-sas
- else
- echo -e "IPSec Process NOT Running\n"
- fi
-
diff --git a/templates/show/vpn/ipsec/sa/node.def.in b/templates/show/vpn/ipsec/sa/node.def.in
new file mode 100644
index 0000000..036a1d7
--- /dev/null
+++ b/templates/show/vpn/ipsec/sa/node.def.in
@@ -0,0 +1,3 @@
+help: Show all active IPsec Security Associations (SA)
+run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa
+ sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa
diff --git a/templates/show/vpn/ipsec/sa/peer/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/peer/node.tag/node.def.in
new file mode 100644
index 0000000..1cae596
--- /dev/null
+++ b/templates/show/vpn/ipsec/sa/peer/node.tag/node.def.in
@@ -0,0 +1,3 @@
+help: Show all active IPsec Security Associations (SA) for a peer
+allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-peers-for-cli
+run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-peer="$6"
diff --git a/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def.in
new file mode 100644
index 0000000..8cc8a9c
--- /dev/null
+++ b/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def.in
@@ -0,0 +1,3 @@
+help: Show the active IPsec Security Association (SA) for a peer's tunnel
+allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[5]}
+run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-conn $6 $8
diff --git a/templates/show/vpn/ipsec/sa/profile/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/profile/node.tag/node.def.in
new file mode 100644
index 0000000..30ed853
--- /dev/null
+++ b/templates/show/vpn/ipsec/sa/profile/node.tag/node.def.in
@@ -0,0 +1,3 @@
+help: Show all active IPsec Security Associations (SA) for a profile
+allowed: @SUDOUSRDIR@/vyatta-op-vpnprof.pl --get-profiles-for-cli
+run: sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-profile="$6"
diff --git a/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def.in
new file mode 100644
index 0000000..3d643bc
--- /dev/null
+++ b/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def.in
@@ -0,0 +1,3 @@
+help: Show the active IPsec Security Association (SA) for a profile's tunnel
+allowed: @SUDOUSRDIR@/vyatta-op-vpnprof.pl --get-conn-for-cli=${COMP_WORDS[5]}
+run: sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-conn $6 $8
diff --git a/templates/show/vpn/ipsec/sa/statistics/node.def.in b/templates/show/vpn/ipsec/sa/statistics/node.def.in
new file mode 100644
index 0000000..5832f1a
--- /dev/null
+++ b/templates/show/vpn/ipsec/sa/statistics/node.def.in
@@ -0,0 +1,3 @@
+help: Show statistics of all active tunnels that have IPsec Security Associations (SA)
+run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-stats
+ sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-stats
diff --git a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def.in
new file mode 100644
index 0000000..8b72451
--- /dev/null
+++ b/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def.in
@@ -0,0 +1,3 @@
+help: Show stats for all active IPsec Security Associations (SA) for a peer
+allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-peers-for-cli
+run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-stats-peer="$7"
diff --git a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def.in
new file mode 100644
index 0000000..6566a44
--- /dev/null
+++ b/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def.in
@@ -0,0 +1,3 @@
+help: Show stats for the active IPsec Security Association (SA) for a peer's tunnel
+allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[6]}
+run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-stats-conn $7 $9
diff --git a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def.in
new file mode 100644
index 0000000..1bc76d6
--- /dev/null
+++ b/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def.in
@@ -0,0 +1,3 @@
+help: Show stats for all active IPsec Security Associations (SA) for a profile
+allowed: @SUDOUSRDIR@/vyatta-op-vpnprof.pl --get-profiles-for-cli
+run: sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-stats-profile="$7"
diff --git a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def.in
new file mode 100644
index 0000000..9ae35c8
--- /dev/null
+++ b/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def.in
@@ -0,0 +1,3 @@
+help: Show stats for the active IPsec Security Association (SA) for a tunnel bound to profile
+allowed: @SUDOUSRDIR@/vyatta-op-vpnprof.pl --get-conn-for-cli=${COMP_WORDS[6]}
+run: sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-stats-conn $7 $9
diff --git a/templates/show/vpn/ipsec/status/node.def b/templates/show/vpn/ipsec/status/node.def.in
index 3c48c60..838a133 100644
--- a/templates/show/vpn/ipsec/status/node.def
+++ b/templates/show/vpn/ipsec/status/node.def.in
@@ -1,6 +1,6 @@
help: Show status of IPsec process
run: if pgrep charon >&/dev/null; then
- /opt/vyatta/bin/sudo-users/vyatta-show-ipsec-status.pl
+ @SUDOUSRDIR@/vyatta-show-ipsec-status.pl
else
echo -e "IPSec Process NOT Running\n"
fi