From 434c1b6f76ddd27dc30ee3f00e8a0f4515ee2185 Mon Sep 17 00:00:00 2001
From: Jeff Leung <jleung@v10networks.ca>
Date: Sat, 31 Jan 2015 05:17:48 +0000
Subject: Bring the VPN tunnel down and up as opposed to commenting it out in
 the ipsec.conf file

Commenting out the tunnel and restoring it does not reset the tunnel.

Use the ipsec commands to actually bring it down and back up to properly
reset the tunnel.
---
 scripts/vyatta-vpn-op.pl | 27 +++++----------------------
 1 file changed, 5 insertions(+), 22 deletions(-)

diff --git a/scripts/vyatta-vpn-op.pl b/scripts/vyatta-vpn-op.pl
index f862ef7..55ea1d5 100755
--- a/scripts/vyatta-vpn-op.pl
+++ b/scripts/vyatta-vpn-op.pl
@@ -44,28 +44,11 @@ sub clear_tunnel {
   my $cmd = undef;
   
   print "Resetting tunnel $tunnel with peer $peer...\n";
-
-  # back-up ipsec.conf
-  `sudo cp /etc/ipsec.conf /etc/ipsec.conf.bak.\$PPID`;
-
-  # remove specific connection from ipsec.conf
-  `sudo sed -i -e '/conn peer-$peer-tunnel-$tunnel/,/#conn peer-$peer-tunnel-$tunnel/d' /etc/ipsec.conf`;
-
-  # update ipsec connections
-  `sudo /usr/sbin/ipsec update >&/dev/null`;
-
-  # sleep for 1/4th of a second for connection to go down
-  `sudo sleep 0.25`;
-
-  # move original ipsec.conf back
-  `sudo mv /etc/ipsec.conf.bak.\$PPID /etc/ipsec.conf`;
-
-  # update ipsec connections
-  `sudo /usr/sbin/ipsec update >&/dev/null`;
-
-  # sleep for 3/4th of a second for connection to come up
-  # this gives us sometime before bringing clearing another tunnel
-  `sudo sleep 0.75`;
+  
+  # bring down the tunnel
+  `sudo /usr/sbin/ipsec down peer-$peer-tunnel-$tunnel`;
+  # bring up the tunnel
+  `sudo /usr/sbin/ipsec up peer-$peer-tunnel-$tunnel`;
 }
 
 if ($op eq '') {
-- 
cgit v1.2.3