diff options
21 files changed, 13 insertions, 42 deletions
diff --git a/lib/OPMode.pm b/lib/OPMode.pm index fa51c66..ed57ea2 100644 --- a/lib/OPMode.pm +++ b/lib/OPMode.pm @@ -869,7 +869,7 @@ sub show_ipsec_sa_natt display_ipsec_sa_brief(\%tmphash); } sub show_ike_status{ - my $process_id = `sudo cat /var/run/pluto.pid`; + my $process_id = `sudo cat /var/run/charon.pid`; chomp $process_id; print <<EOS; diff --git a/scripts/vyatta-show-ipsec-status.pl b/scripts/vyatta-show-ipsec-status.pl index faa931e..a96d1dd 100644 --- a/scripts/vyatta-show-ipsec-status.pl +++ b/scripts/vyatta-show-ipsec-status.pl @@ -97,7 +97,7 @@ sub relate_intfs_with_localips { # main # -my $process_id = `sudo cat /var/run/pluto.pid`; +my $process_id = `sudo cat /var/run/charon.pid`; my $active_tunnels = `sudo ipsec status 2>/dev/null | grep 'newest IPsec SA: #' | grep -v 'newest IPsec SA: #0' | wc -l`; chomp $process_id; chomp $active_tunnels; diff --git a/scripts/vyatta-vpn-op.pl b/scripts/vyatta-vpn-op.pl index f862ef7..55ea1d5 100755 --- a/scripts/vyatta-vpn-op.pl +++ b/scripts/vyatta-vpn-op.pl @@ -44,28 +44,11 @@ sub clear_tunnel { my $cmd = undef; print "Resetting tunnel $tunnel with peer $peer...\n"; - - # back-up ipsec.conf - `sudo cp /etc/ipsec.conf /etc/ipsec.conf.bak.\$PPID`; - - # remove specific connection from ipsec.conf - `sudo sed -i -e '/conn peer-$peer-tunnel-$tunnel/,/#conn peer-$peer-tunnel-$tunnel/d' /etc/ipsec.conf`; - - # update ipsec connections - `sudo /usr/sbin/ipsec update >&/dev/null`; - - # sleep for 1/4th of a second for connection to go down - `sudo sleep 0.25`; - - # move original ipsec.conf back - `sudo mv /etc/ipsec.conf.bak.\$PPID /etc/ipsec.conf`; - - # update ipsec connections - `sudo /usr/sbin/ipsec update >&/dev/null`; - - # sleep for 3/4th of a second for connection to come up - # this gives us sometime before bringing clearing another tunnel - `sudo sleep 0.75`; + + # bring down the tunnel + `sudo /usr/sbin/ipsec down peer-$peer-tunnel-$tunnel`; + # bring up the tunnel + `sudo /usr/sbin/ipsec up peer-$peer-tunnel-$tunnel`; } if ($op eq '') { diff --git a/templates/restart/vpn/node.def.in b/templates/restart/vpn/node.def.in index 3e3566a..4366d19 100644 --- a/templates/restart/vpn/node.def.in +++ b/templates/restart/vpn/node.def.in @@ -1,7 +1,7 @@ help: Restart IPsec VPN run: if [ -n "$(cli-shell-api returnActiveValues \ vpn ipsec ipsec-interfaces interface)" ]; then - if pgrep pluto > /dev/null + if pgrep charon > /dev/null then @SUDOUSRDIR@/vyatta-vpn-op.pl --op=clear-vpn-ipsec-process else diff --git a/templates/show/vpn/debug/detail/node.def.in b/templates/show/vpn/debug/detail/node.def.in index 9271328..8eb4e70 100644 --- a/templates/show/vpn/debug/detail/node.def.in +++ b/templates/show/vpn/debug/detail/node.def.in @@ -1,7 +1,7 @@ help: Show detailed VPN debugging information run: if [ -n "$(cli-shell-api returnActiveValues \ vpn ipsec ipsec-interfaces interface)" ]; then - if pgrep pluto > /dev/null + if pgrep charon > /dev/null then @SUDOUSRDIR@/vyatta-vpn-op.pl --op=show-vpn-debug-detail else diff --git a/templates/show/vpn/debug/node.def.in b/templates/show/vpn/debug/node.def.in index 1f6c829..6fb98de 100644 --- a/templates/show/vpn/debug/node.def.in +++ b/templates/show/vpn/debug/node.def.in @@ -1,7 +1,7 @@ help: Show VPN debugging information run: if [ -n "$(cli-shell-api returnActiveValues \ vpn ipsec ipsec-interfaces interface)" ]; then - if pgrep pluto > /dev/null + if pgrep charon > /dev/null then @SUDOUSRDIR@/vyatta-vpn-op.pl --op=show-vpn-debug else diff --git a/templates/show/vpn/debug/peer/node.tag/node.def.in b/templates/show/vpn/debug/peer/node.tag/node.def.in index d201746..bd60ed5 100644 --- a/templates/show/vpn/debug/peer/node.tag/node.def.in +++ b/templates/show/vpn/debug/peer/node.tag/node.def.in @@ -2,7 +2,7 @@ help: Show debugging information for a peer allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-peers-for-cli run: if [ -n "$(cli-shell-api returnActiveValues \ vpn ipsec ipsec-interfaces interface)" ]; then - if pgrep pluto > /dev/null + if pgrep charon > /dev/null then @SUDOUSRDIR@/vyatta-vpn-op.pl --op=show-vpn-debug | grep peer-$5 else diff --git a/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def.in b/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def.in index 5906929..ca422e3 100644 --- a/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def.in +++ b/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def.in @@ -2,7 +2,7 @@ help: Show debugging information for a peer's tunnel allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[4]} run: if [ -n "$(cli-shell-api returnActiveValues \ vpn ipsec ipsec-interfaces interface)" ]; then - if pgrep pluto > /dev/null + if pgrep charon > /dev/null then @SUDOUSRDIR@/vyatta-vpn-op.pl --op=show-vpn-debug | grep "peer-$5-tunnel-$7" else diff --git a/templates/show/vpn/ipsec/sa/detail/peer/node.def b/templates/show/vpn/ipsec/sa/detail/peer/node.def deleted file mode 100644 index bbb34b8..0000000 --- a/templates/show/vpn/ipsec/sa/detail/peer/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show details for all active IPsec Security Associations (SA) for a peer diff --git a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.def b/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.def deleted file mode 100644 index 1bc4f2f..0000000 --- a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show details for the active IPsec Security Association (SA) for a peer's tunnel diff --git a/templates/show/vpn/ipsec/sa/detail/profile/node.def b/templates/show/vpn/ipsec/sa/detail/profile/node.def deleted file mode 100644 index 00a4e7c..0000000 --- a/templates/show/vpn/ipsec/sa/detail/profile/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show details for all active IPsec Security Associations (SA) for a profile diff --git a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.def b/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.def deleted file mode 100644 index 58100d8..0000000 --- a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show details for the active IPsec Security Association (SA) for a tunnel bound to profile diff --git a/templates/show/vpn/ipsec/sa/peer/node.def b/templates/show/vpn/ipsec/sa/peer/node.def deleted file mode 100644 index 7e5e913..0000000 --- a/templates/show/vpn/ipsec/sa/peer/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show all active IPsec Security Associations (SA) for a peer diff --git a/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.def b/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.def deleted file mode 100644 index 0772ef3..0000000 --- a/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show the active IPsec Security Association (SA) for a peer's tunnel diff --git a/templates/show/vpn/ipsec/sa/profile/node.def b/templates/show/vpn/ipsec/sa/profile/node.def deleted file mode 100644 index a0d7b44..0000000 --- a/templates/show/vpn/ipsec/sa/profile/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show all active IPsec Security Associations (SA) for a profile diff --git a/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.def b/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.def deleted file mode 100644 index ca0ec72..0000000 --- a/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show the active IPsec Security Association (SA) for a profiles's tunnel diff --git a/templates/show/vpn/ipsec/sa/statistics/peer/node.def b/templates/show/vpn/ipsec/sa/statistics/peer/node.def deleted file mode 100644 index b104a83..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/peer/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show stats for all active IPsec Security Associations (SA) for a peer diff --git a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.def b/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.def deleted file mode 100644 index 561cd42..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show stats for the active IPsec Security Association (SA) for a peer's tunnel diff --git a/templates/show/vpn/ipsec/sa/statistics/profile/node.def b/templates/show/vpn/ipsec/sa/statistics/profile/node.def deleted file mode 100644 index 7b5e040..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/profile/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show stats for all active IPsec Security Associations (SA) for a profile diff --git a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.def b/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.def deleted file mode 100644 index 4b131c5..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show stats for the active IPsec Security Association (SA) for a tunnel bound to profile diff --git a/templates/show/vpn/ipsec/status/node.def.in b/templates/show/vpn/ipsec/status/node.def.in index 25f849b..838a133 100644 --- a/templates/show/vpn/ipsec/status/node.def.in +++ b/templates/show/vpn/ipsec/status/node.def.in @@ -1,5 +1,5 @@ help: Show status of IPsec process -run: if pgrep pluto >&/dev/null; then +run: if pgrep charon >&/dev/null; then @SUDOUSRDIR@/vyatta-show-ipsec-status.pl else echo -e "IPSec Process NOT Running\n" |