diff options
| -rw-r--r-- | Makefile.am | 2 | ||||
| -rw-r--r-- | scripts/vyatta-show-ipsec-status.pl | 101 | ||||
| -rw-r--r-- | templates/show/vpn/ipsec/status/node.def | 11 |
3 files changed, 107 insertions, 7 deletions
diff --git a/Makefile.am b/Makefile.am index 7ed2dcd..bc91675 100644 --- a/Makefile.am +++ b/Makefile.am @@ -17,7 +17,7 @@ xsl_DATA += src/xsl/show_vpn_ipsec_status.xsl bin_sudo_users_PROGRAMS = command_proc_show_vpn -bin_sudo_users_SCRIPTS = scripts/gen_local_rsa_key.pl scripts/vyatta-show-vpn.pl scripts/vyatta-vpn-op.pl +bin_sudo_users_SCRIPTS = scripts/gen_local_rsa_key.pl scripts/vyatta-show-vpn.pl scripts/vyatta-vpn-op.pl scripts/vyatta-show-ipsec-status.pl command_proc_show_vpn_SOURCES = src/command_proc_base.hh command_proc_show_vpn_SOURCES += src/command_proc_show_vpn.cc diff --git a/scripts/vyatta-show-ipsec-status.pl b/scripts/vyatta-show-ipsec-status.pl new file mode 100644 index 0000000..7ae384a --- /dev/null +++ b/scripts/vyatta-show-ipsec-status.pl @@ -0,0 +1,101 @@ +#!/usr/bin/perl +# +# Module: vyatta-show-ipsec-status.pl +# +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2010 Vyatta, Inc. +# All Rights Reserved. +# +# Author: Mohit Mehta +# Date: March 2010 +# Description: vpn ipsec status +# +# **** End License **** +# + +use Getopt::Long; +use POSIX; + +use lib "/opt/vyatta/share/perl5"; +use Vyatta::Config; +use Vyatta::Misc; + +use warnings; +use strict; + +sub get_vpn_intfs { + my $config = new Vyatta::Config; + $config->setLevel('vpn ipsec'); + my @vpn_intfs = (); + @vpn_intfs = $config->returnOrigValues('ipsec-interfaces interface'); + return sort @vpn_intfs; +} + +sub get_vpn_all_localips { + my $config = new Vyatta::Config; + $config->setLevel('vpn ipsec site-to-site'); + my @local_ips = (); + my @vpn_peers = (); + @vpn_peers = $config->listOrigNodes('peer'); + foreach my $peer (@vpn_peers) { + my $local_ip = $config->returnOrigValue("peer $peer local-ip"); + push @local_ips, $local_ip; + } + return @local_ips; +} + +sub relate_intfs_with_localips { + my @vpn_intfs = get_vpn_intfs(); + my @peer_localips = get_vpn_all_localips(); + + if ((scalar @vpn_intfs) > 0) { + foreach my $intf (@vpn_intfs) { + print "\t$intf\t"; + my @intf_ips = Vyatta::Misc::getIP($intf, 4); + if ((scalar @intf_ips) > 0) { + my $ip_found = 0; + foreach my $local_ip (@peer_localips) { + if (scalar(grep(/^$local_ip/, @intf_ips)) > 0) { + print "($local_ip)"; + $ip_found = 1; + last; + } + } + if ($ip_found == 0) { + print "(no IP on interface used as local-ip for any VPN peer)"; + } + print "\n"; + } + } + } +} + +# +# main +# + +my $process_id = `sudo cat /var/run/pluto.pid`; +my $active_tunnels = `sudo ipsec status 2>/dev/null | grep 'newest IPsec SA: #' | grep -v 'newest IPsec SA: #0' | wc -l`; +chomp $process_id; +chomp $active_tunnels; +my @vpn_interfaces = get_vpn_intfs(); +my @peer_local_ips = get_vpn_all_localips(); + +print "IPSec Process Running PID: $process_id\n"; +print "\n$active_tunnels Active IPsec Tunnels\n"; +print "\nIPsec Interfaces :\n"; +relate_intfs_with_localips(); + +exit 0; + +# end of file diff --git a/templates/show/vpn/ipsec/status/node.def b/templates/show/vpn/ipsec/status/node.def index 4611fdd..bf4ebf7 100644 --- a/templates/show/vpn/ipsec/status/node.def +++ b/templates/show/vpn/ipsec/status/node.def @@ -1,7 +1,6 @@ help: Show status of IPsec process -run: sudo /opt/vyatta/bin/sudo-users/command_proc_show_vpn show_vpn_ipsec_status.xsl - if pgrep pluto >&/dev/null; then - active_tunnels=`ipsec status 2> /dev/null | grep -i "ipsec sa established" | wc -l | sed s/\ //g` - echo "$active_tunnels Active IPsec Tunnels" - echo - fi +run: if pgrep pluto >&/dev/null; then + /opt/vyatta/bin/sudo-users/vyatta-show-ipsec-status.pl + else + echo -e "IPSec Process NOT Running\n" + fi |