diff options
-rwxr-xr-x | scripts/vyatta-vpn-op.pl | 47 |
1 files changed, 29 insertions, 18 deletions
diff --git a/scripts/vyatta-vpn-op.pl b/scripts/vyatta-vpn-op.pl index ca44011..db44959 100755 --- a/scripts/vyatta-vpn-op.pl +++ b/scripts/vyatta-vpn-op.pl @@ -14,6 +14,8 @@ GetOptions( "op=s" => \$op, "peer=s" => \$peer, "tunnel=s" => \$tunnel); +sub numerically { $a <=> $b; } + sub get_tunnels { my $s2s_peer = undef; $s2s_peer = shift; @@ -30,20 +32,29 @@ sub clear_tunnel { my $error = undef; my $cmd = undef; - # replace connection i.e. sequentially run down, delete, load connection - $cmd = "sudo ipsec auto --replace peer-$peer-tunnel-$tunnel &> /dev/null"; - $error = system "$cmd"; - - if ($error eq '0') { - if (!($peer =~ /^\@/ || $peer eq 'any' || $peer eq '0.0.0.0')) { - # initiate the connection to peer if peer is a specific IP - $cmd = "sudo ipsec auto --asynchronous --up " . - "peer-$peer-tunnel-$tunnel &> /dev/null"; - system "$cmd"; - } - } else { - die "Error clearing tunnel $tunnel for peer $peer\n"; - } + print "Clearing tunnel $tunnel with peer $peer...\n"; + + # back-up ipsec.conf + `sudo cp /etc/ipsec.conf /etc/ipsec.conf.bak.\$PPID`; + + # remove specific connection from ipsec.conf + `sudo sed -i -e '/conn peer-$peer-tunnel-$tunnel/,/#conn peer-$peer-tunnel-$tunnel/d' /etc/ipsec.conf`; + + # update ipsec connections + `sudo /usr/sbin/ipsec update >&/dev/null`; + + # sleep for 1/4th of a second for connection to go down + `sudo sleep 0.25`; + + # move original ipsec.conf back + `sudo mv /etc/ipsec.conf.bak.\$PPID /etc/ipsec.conf`; + + # update ipsec connections + `sudo /usr/sbin/ipsec update >&/dev/null`; + + # sleep for 3/4th of a second for connection to come up + # this gives us sometime before bringing clearing another tunnel + `sudo sleep 0.75`; } if ($op eq '') { @@ -51,13 +62,13 @@ if ($op eq '') { } if ($op eq 'clear-vpn-ipsec-process') { - system 'sudo /usr/sbin/ipsec setup restart'; + system 'sudo /usr/sbin/ipsec restart'; } elsif ($op eq 'show-vpn-debug') { - system 'sudo /usr/sbin/ipsec auto --status'; + system 'sudo /usr/sbin/ipsec status'; } elsif ($op eq 'show-vpn-debug-detail') { - system 'sudo /usr/sbin/ipsec barf'; + system 'sudo /usr/sbin/ipsec statusall'; } elsif ($op eq 'get-all-peers') { # get all site-to-site peers @@ -77,7 +88,7 @@ if ($op eq 'clear-vpn-ipsec-process') { die 'Undefined peer to clear tunnels for' if ! defined $peer; my @peer_tunnels = get_tunnels("$peer"); if (scalar(@peer_tunnels)>0) { - foreach my $tun (@peer_tunnels) { + foreach my $tun (sort numerically @peer_tunnels) { clear_tunnel($peer, $tun); } } else { |