summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xscripts/vyatta-vpn-op.pl47
1 files changed, 29 insertions, 18 deletions
diff --git a/scripts/vyatta-vpn-op.pl b/scripts/vyatta-vpn-op.pl
index ca44011..db44959 100755
--- a/scripts/vyatta-vpn-op.pl
+++ b/scripts/vyatta-vpn-op.pl
@@ -14,6 +14,8 @@ GetOptions( "op=s" => \$op,
"peer=s" => \$peer,
"tunnel=s" => \$tunnel);
+sub numerically { $a <=> $b; }
+
sub get_tunnels {
my $s2s_peer = undef;
$s2s_peer = shift;
@@ -30,20 +32,29 @@ sub clear_tunnel {
my $error = undef;
my $cmd = undef;
- # replace connection i.e. sequentially run down, delete, load connection
- $cmd = "sudo ipsec auto --replace peer-$peer-tunnel-$tunnel &> /dev/null";
- $error = system "$cmd";
-
- if ($error eq '0') {
- if (!($peer =~ /^\@/ || $peer eq 'any' || $peer eq '0.0.0.0')) {
- # initiate the connection to peer if peer is a specific IP
- $cmd = "sudo ipsec auto --asynchronous --up " .
- "peer-$peer-tunnel-$tunnel &> /dev/null";
- system "$cmd";
- }
- } else {
- die "Error clearing tunnel $tunnel for peer $peer\n";
- }
+ print "Clearing tunnel $tunnel with peer $peer...\n";
+
+ # back-up ipsec.conf
+ `sudo cp /etc/ipsec.conf /etc/ipsec.conf.bak.\$PPID`;
+
+ # remove specific connection from ipsec.conf
+ `sudo sed -i -e '/conn peer-$peer-tunnel-$tunnel/,/#conn peer-$peer-tunnel-$tunnel/d' /etc/ipsec.conf`;
+
+ # update ipsec connections
+ `sudo /usr/sbin/ipsec update >&/dev/null`;
+
+ # sleep for 1/4th of a second for connection to go down
+ `sudo sleep 0.25`;
+
+ # move original ipsec.conf back
+ `sudo mv /etc/ipsec.conf.bak.\$PPID /etc/ipsec.conf`;
+
+ # update ipsec connections
+ `sudo /usr/sbin/ipsec update >&/dev/null`;
+
+ # sleep for 3/4th of a second for connection to come up
+ # this gives us sometime before bringing clearing another tunnel
+ `sudo sleep 0.75`;
}
if ($op eq '') {
@@ -51,13 +62,13 @@ if ($op eq '') {
}
if ($op eq 'clear-vpn-ipsec-process') {
- system 'sudo /usr/sbin/ipsec setup restart';
+ system 'sudo /usr/sbin/ipsec restart';
} elsif ($op eq 'show-vpn-debug') {
- system 'sudo /usr/sbin/ipsec auto --status';
+ system 'sudo /usr/sbin/ipsec status';
} elsif ($op eq 'show-vpn-debug-detail') {
- system 'sudo /usr/sbin/ipsec barf';
+ system 'sudo /usr/sbin/ipsec statusall';
} elsif ($op eq 'get-all-peers') {
# get all site-to-site peers
@@ -77,7 +88,7 @@ if ($op eq 'clear-vpn-ipsec-process') {
die 'Undefined peer to clear tunnels for' if ! defined $peer;
my @peer_tunnels = get_tunnels("$peer");
if (scalar(@peer_tunnels)>0) {
- foreach my $tun (@peer_tunnels) {
+ foreach my $tun (sort numerically @peer_tunnels) {
clear_tunnel($peer, $tun);
}
} else {