From 397864e7371df953b0c5093493f49a5a2cd935c2 Mon Sep 17 00:00:00 2001 From: UnicronNL Date: Tue, 19 Apr 2016 13:48:37 +0200 Subject: defined(@array) is deprecated, omit the defined() --- scripts/vyatta-op-vpn.pl | 6 +++--- scripts/vyatta-op-vpnprof.pl | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) (limited to 'scripts') diff --git a/scripts/vyatta-op-vpn.pl b/scripts/vyatta-op-vpn.pl index d6648ae..50cbcbd 100755 --- a/scripts/vyatta-op-vpn.pl +++ b/scripts/vyatta-op-vpn.pl @@ -73,10 +73,10 @@ if (defined $show_ipsec_sa_peer) { if (defined $show_ipsec_sa_peer_detail) { Vyatta::VPN::OPMode::show_ipsec_sa_peer_detail($show_ipsec_sa_peer_detail); } -if (defined @show_ipsec_sa_conn_detail) { +if (@show_ipsec_sa_conn_detail) { Vyatta::VPN::OPMode::show_ipsec_sa_conn_detail(@show_ipsec_sa_conn_detail); } -if (defined @show_ipsec_sa_conn) { +if (@show_ipsec_sa_conn) { Vyatta::VPN::OPMode::show_ipsec_sa_conn(@show_ipsec_sa_conn); } if (defined $show_ipsec_sa_natt) { @@ -88,7 +88,7 @@ if (defined $show_ipsec_sa_stats) { if (defined $show_ipsec_sa_stats_peer) { Vyatta::VPN::OPMode::show_ipsec_sa_stats_peer($show_ipsec_sa_stats_peer); } -if (defined @show_ipsec_sa_stats_conn) { +if (@show_ipsec_sa_stats_conn) { Vyatta::VPN::OPMode::show_ipsec_sa_stats_conn(@show_ipsec_sa_stats_conn); } if (defined $show_ike_sa) { diff --git a/scripts/vyatta-op-vpnprof.pl b/scripts/vyatta-op-vpnprof.pl index 72124fa..4da46c4 100644 --- a/scripts/vyatta-op-vpnprof.pl +++ b/scripts/vyatta-op-vpnprof.pl @@ -52,11 +52,11 @@ if ( defined $show_ipsec_sa_profile_detail ) { Vyatta::vpnprof::OPMode::show_ipsec_sa_profile_detail( $show_ipsec_sa_profile_detail); } -if ( defined @show_ipsec_sa_conn_detail ) { +if ( @show_ipsec_sa_conn_detail ) { Vyatta::vpnprof::OPMode::show_ipsec_sa_conn_detail( @show_ipsec_sa_conn_detail); } -if ( defined @show_ipsec_sa_conn ) { +if ( @show_ipsec_sa_conn ) { Vyatta::vpnprof::OPMode::show_ipsec_sa_conn(@show_ipsec_sa_conn); } if ( defined $show_ipsec_sa_stats ) { @@ -66,7 +66,7 @@ if ( defined $show_ipsec_sa_stats_profile ) { Vyatta::vpnprof::OPMode::show_ipsec_sa_stats_profile( $show_ipsec_sa_stats_profile); } -if ( defined @show_ipsec_sa_stats_conn ) { +if ( @show_ipsec_sa_stats_conn ) { Vyatta::vpnprof::OPMode::show_ipsec_sa_stats_conn( @show_ipsec_sa_stats_conn); } -- cgit v1.2.3 From 286e4186e7185a49bd1be6bc0f7afe77dfcfcdad Mon Sep 17 00:00:00 2001 From: "C.J. Collier" Date: Wed, 11 May 2016 05:28:30 +0000 Subject: vyatta-op-vpn (0.15.0+vyos2+current2+nmu1) UNRELEASED; urgency=low * Non-maintainer upload. * address lintian issues - script-not-executable: removed #!/usr/bin/perl from .pm files - debhelper-but-no-misc-depends: added ${misc:Depends} to Depends: field - debian-rules-missing-recommended-target: added build-arch build-indep - out-of-date-standards-version: updated standards version to 3.9.4 - package-contains-linda-override: removed linda override - file-in-unusual-dir: not triggering, removed from override - script-with-language-extension: renamed vyatta-gen-x509-keypair.sh vyatta-gen-x509-keypair * address dpkg-gencontrol issue: - unknown substitution variable ${shlibs:Depends} - removed * address dpkg-source issue: - debian/source/format set to "3.0 (native)" Signed-off-by: C.J. Collier --- .gitignore | 1 + Makefile.am | 8 ++-- configure.ac | 25 ++++++++---- debian/changelog | 20 ++++++++++ debian/conffiles | 1 + debian/control | 6 +-- debian/linda | 1 - debian/lintian | 4 +- debian/rules | 13 +++--- debian/source/format | 1 + lib/OPMode.pm | 1 - lib/vpnprof/OPMode.pm | 1 - scripts/key-pair.template | 46 ++++++++++++++++++++-- scripts/vyatta-gen-x509-keypair.sh | 11 ------ scripts/vyatta-gen-x509-keypair.sh.in | 11 ++++++ .../generate/vpn/x509/key-pair/node.tag/node.def | 2 +- 16 files changed, 111 insertions(+), 41 deletions(-) create mode 100644 debian/conffiles delete mode 100644 debian/linda create mode 100644 debian/source/format delete mode 100755 scripts/vyatta-gen-x509-keypair.sh create mode 100755 scripts/vyatta-gen-x509-keypair.sh.in (limited to 'scripts') diff --git a/.gitignore b/.gitignore index 4fb5a01..67bea90 100644 --- a/.gitignore +++ b/.gitignore @@ -27,3 +27,4 @@ libtool /Makefile /command_proc_show_vpn +/scripts/vyatta-gen-x509-keypair.sh \ No newline at end of file diff --git a/Makefile.am b/Makefile.am index c4a71ec..f15d7c0 100644 --- a/Makefile.am +++ b/Makefile.am @@ -21,10 +21,10 @@ cpiop = find . ! -regex '\(.*~\|.*\.bak\|.*\.swp\|.*\#.*\#\)' -print0 | \ cpio -0pd install-exec-hook: - mkdir -p $(DESTDIR)/opt/vyatta/etc/ - mkdir -p $(DESTDIR)/opt/vyatta/sbin/ - cp scripts/vyatta-gen-x509-keypair.sh $(DESTDIR)/opt/vyatta/sbin - cp scripts/key-pair.template $(DESTDIR)/opt/vyatta/etc + mkdir -p $(DESTDIR)${sysconfdir} + mkdir -p $(DESTDIR)${sbindir} + cp scripts/vyatta-gen-x509-keypair.sh $(DESTDIR)${sbindir}/vyatta-gen-x509-keypair + cp scripts/key-pair.template $(DESTDIR)${sysconfdir} mkdir -p $(DESTDIR)$(opdir) cd templates; $(cpiop) $(DESTDIR)$(opdir) diff --git a/configure.ac b/configure.ac index 2d5ef35..3d9a504 100644 --- a/configure.ac +++ b/configure.ac @@ -1,6 +1,8 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.59) +m4_define([DEFAULT_PREFIX], "/opt/vyatta") + m4_define([VERSION_ID], [m4_esyscmd([ if test -f .version ; then head -n 1 .version | tr -d \\n @@ -14,10 +16,13 @@ test -n "$VYATTA_VERSION" || VYATTA_VERSION=$PACKAGE_VERSION AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_AUX_DIR([config]) AM_INIT_AUTOMAKE([gnu no-dist-gzip dist-bzip2 subdir-objects]) -AC_PREFIX_DEFAULT([/opt/vyatta]) - -XSLDIR=/opt/vyatta/share/xsl/ +AC_PREFIX_DEFAULT(DEFAULT_PREFIX) +if test "$prefix" = "NONE" ; then + XSLDIR="DEFAULT_PREFIX/share/xsl/" +else + XSLDIR="$prefix/share/xsl/" +fi AC_PROG_CC AC_PROG_CXX @@ -27,17 +32,21 @@ AC_PROG_LIBTOOL AC_PROG_LEX AC_PROG_YACC - AC_ARG_ENABLE([nostrip], AC_HELP_STRING([--enable-nostrip], [include -nostrip option during packaging]), [NOSTRIP=-nostrip], [NOSTRIP=]) -AC_CONFIG_FILES( - [Makefile]) - AC_SUBST(NOSTRIP) AC_SUBST(XSLDIR) -AC_OUTPUT +AC_OUTPUT([ + Makefile + scripts/vyatta-gen-x509-keypair.sh +]) + +echo "prefix: ${prefix}" +echo "sysconfdir: ${sysconfdir}" +echo "datarootdir: ${datarootdir}" +echo "XSLDIR: ${XSLDIR}" diff --git a/debian/changelog b/debian/changelog index fb88360..c7cd4d1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,23 @@ +vyatta-op-vpn (0.15.0+vyos2+current2+nmu1) UNRELEASED; urgency=low + + * Non-maintainer upload. + * address lintian issues + - script-not-executable: removed #!/usr/bin/perl from .pm files + - debhelper-but-no-misc-depends: added ${misc:Depends} to Depends: field + - debian-rules-missing-recommended-target: added build-arch build-indep + - out-of-date-standards-version: updated standards version to 3.9.4 + - package-contains-linda-override: removed linda override + - file-in-unusual-dir: not triggering, removed from override + - script-with-language-extension: renamed vyatta-gen-x509-keypair.sh + vyatta-gen-x509-keypair + * address dpkg-gencontrol issue: + - unknown substitution variable ${shlibs:Depends} - removed + * address dpkg-source issue: + - debian/source/format set to "3.0 (native)" + + + -- C.J. Collier Wed, 11 May 2016 02:33:38 +0000 + vyatta-op-vpn (0.15.0+vyos2+current2) unstable; urgency=low * Remove vyatta-ipsec dependency for migration to upstream strongswan. diff --git a/debian/conffiles b/debian/conffiles new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/debian/conffiles @@ -0,0 +1 @@ + diff --git a/debian/control b/debian/control index aeb9c65..c3f2ec0 100644 --- a/debian/control +++ b/debian/control @@ -3,7 +3,7 @@ Section: contrib/net Priority: extra Maintainer: VyOS Package Maintainers Build-Depends: debhelper (>= 5), autotools-dev, automake, autoconf, cpio, libtool -Standards-Version: 3.9.1 +Standards-Version: 3.9.4 Package: vyatta-op-vpn Architecture: all @@ -11,11 +11,11 @@ Depends: vyatta-op, vyatta-bash | bash (>= 3.1), vyatta-cfg-vpn, strongswan (>= 5.2), - ${shlibs:Depends} + ${misc:Depends} Suggests: util-linux (>= 2.13-5), net-tools, ethtool, ncurses-bin (>= 5.5-5), ntpdate Description: VyOS operational commands for IPsec VPN - VyOS commands fpr IPsec VPN operations. + VyOS commands for IPsec VPN operations. diff --git a/debian/linda b/debian/linda deleted file mode 100644 index 0381d9d..0000000 --- a/debian/linda +++ /dev/null @@ -1 +0,0 @@ -Tag: file-in-opt diff --git a/debian/lintian b/debian/lintian index a5d78e0..7a94f59 100644 --- a/debian/lintian +++ b/debian/lintian @@ -1,2 +1,2 @@ -vyatta-op-vpn: file-in-unusual-dir -vyatta-op-vpn: dir-or-file-in-opt +# It's a hassle to move it out of /opt. I'll get to it later +#vyatta-op-vpn binary: dir-or-file-in-opt diff --git a/debian/rules b/debian/rules index 4b68fde..67f4ee5 100755 --- a/debian/rules +++ b/debian/rules @@ -22,7 +22,8 @@ CFLAGS = -Wall -g configure = ./configure configure += --host=$(DEB_HOST_GNU_TYPE) configure += --build=$(DEB_BUILD_GNU_TYPE) -configure += --prefix=/opt/vyatta +configure += --prefix=/usr +configure += --sysconfdir=/etc configure += --mandir=\$${prefix}/share/man configure += --infodir=\$${prefix}/share/info configure += CFLAGS="$(CFLAGS)" @@ -43,9 +44,10 @@ config.status: configure rm -f config.cache $(configure) -build: build-stamp - -build-stamp: config.status +build: build-arch build-indep +build-arch: build-stamp +build-indep: build-stamp +build-stamp: config.status dh_testdir $(MAKE) touch $@ @@ -68,13 +70,12 @@ clean-patched: install: build dh_testdir dh_testroot - dh_clean -k + dh_prep dh_installdirs $(MAKE) DESTDIR=$(PKGDIR) install install -D --mode=0644 debian/lintian $(PKGDIR)/usr/share/lintian/overrides/$(PACKAGE) - install -D --mode=0644 debian/linda $(PKGDIR)/usr/share/linda/overrides/$(PACKAGE) # Build architecture-independent files here. binary-indep: build install diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..9f67427 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (native) \ No newline at end of file diff --git a/lib/OPMode.pm b/lib/OPMode.pm index 49bc966..fa51c66 100644 --- a/lib/OPMode.pm +++ b/lib/OPMode.pm @@ -1,4 +1,3 @@ -#!/usr/bin/perl # # Module Vyatta::VPN::OpMode.pm # diff --git a/lib/vpnprof/OPMode.pm b/lib/vpnprof/OPMode.pm index 99c6268..05e1f00 100644 --- a/lib/vpnprof/OPMode.pm +++ b/lib/vpnprof/OPMode.pm @@ -1,4 +1,3 @@ -#!/usr/bin/perl # # Module Vyatta::vpnprof::OpMode.pm # diff --git a/scripts/key-pair.template b/scripts/key-pair.template index 5b5b2a6..bbf5eb9 100644 --- a/scripts/key-pair.template +++ b/scripts/key-pair.template @@ -1,10 +1,15 @@ [ req ] - default_bits = 1024 + default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name + string_mask = utf8only attributes = req_attributes + dirstring_type = nobmp +# SHA-1 is deprecated, so use SHA-2 instead. + default_md = sha256 +# Extension to add when the -x509 option is used. x509_extensions = v3_ca - dirstring_type = nobmp + [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_min = 2 @@ -24,4 +29,39 @@ [ v3_ca ] subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always - basicConstraints = CA:true + basicConstraints = critical, CA:true + keyUsage = critical, digitalSignature, cRLSign, keyCertSign +[ v3_intermediate_ca ] +# Extensions for a typical intermediate CA (`man x509v3_config`). + subjectKeyIdentifier = hash + authorityKeyIdentifier = keyid:always,issuer + basicConstraints = critical, CA:true, pathlen:0 + keyUsage = critical, digitalSignature, cRLSign, keyCertSign +[ usr_cert ] +# Extensions for client certificates (`man x509v3_config`). + basicConstraints = CA:FALSE + nsCertType = client, email + nsComment = "OpenSSL Generated Client Certificate" + subjectKeyIdentifier = hash + authorityKeyIdentifier = keyid,issuer + keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment + extendedKeyUsage = clientAuth, emailProtection +[ server_cert ] +# Extensions for server certificates (`man x509v3_config`). + basicConstraints = CA:FALSE + nsCertType = server + nsComment = "OpenSSL Generated Server Certificate" + subjectKeyIdentifier = hash + authorityKeyIdentifier = keyid,issuer:always + keyUsage = critical, digitalSignature, keyEncipherment + extendedKeyUsage = serverAuth +[ crl_ext ] +# Extension for CRLs (`man x509v3_config`). + authorityKeyIdentifier=keyid:always +[ ocsp ] +# Extension for OCSP signing certificates (`man ocsp`). + basicConstraints = CA:FALSE + subjectKeyIdentifier = hash + authorityKeyIdentifier = keyid,issuer + keyUsage = critical, digitalSignature + extendedKeyUsage = critical, OCSPSigning \ No newline at end of file diff --git a/scripts/vyatta-gen-x509-keypair.sh b/scripts/vyatta-gen-x509-keypair.sh deleted file mode 100755 index 5a66d0a..0000000 --- a/scripts/vyatta-gen-x509-keypair.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -CN=$1 -genkeypair (){ - openssl req -new -nodes -keyout /config/auth/$CN.key -out /config/auth/$CN.csr -config /opt/vyatta/etc/key-pair.template -} -if [ -f /config/auth/$CN.csr ]; then - read -p "A certificate request named $CN.csr already exists. Overwrite (y/n)?" - [[ $REPLY != y && $REPLY != Y ]] || genkeypair -else - genkeypair -fi diff --git a/scripts/vyatta-gen-x509-keypair.sh.in b/scripts/vyatta-gen-x509-keypair.sh.in new file mode 100755 index 0000000..194ac4f --- /dev/null +++ b/scripts/vyatta-gen-x509-keypair.sh.in @@ -0,0 +1,11 @@ +#!/bin/bash +CN=$1 +genkeypair (){ + openssl req -new -nodes -keyout /config/auth/$CN.key -out /config/auth/$CN.csr -config @sysconfdir@/key-pair.template +} +if [ -f /config/auth/$CN.csr ]; then + read -p "A certificate request named $CN.csr already exists. Overwrite (y/n)?" + [[ $REPLY != y && $REPLY != Y ]] || genkeypair +else + genkeypair +fi diff --git a/templates/generate/vpn/x509/key-pair/node.tag/node.def b/templates/generate/vpn/x509/key-pair/node.tag/node.def index 9882df8..dc21935 100644 --- a/templates/generate/vpn/x509/key-pair/node.tag/node.def +++ b/templates/generate/vpn/x509/key-pair/node.tag/node.def @@ -1,4 +1,4 @@ help: Generate x509 key-pair run: - sudo /opt/vyatta/sbin/vyatta-gen-x509-keypair.sh $5 + sudo /opt/vyatta/sbin/vyatta-gen-x509-keypair $5 allowed: echo -n '' -- cgit v1.2.3 From 6ed20a24270b1b33b9a5e4595938590a8d2a76fb Mon Sep 17 00:00:00 2001 From: Jeff Leung Date: Sat, 31 Jan 2015 05:17:48 +0000 Subject: Bring the VPN tunnel down and up as opposed to commenting it out in the ipsec.conf file Commenting out the tunnel and restoring it does not reset the tunnel. Use the ipsec commands to actually bring it down and back up to properly reset the tunnel. --- scripts/vyatta-vpn-op.pl | 27 +++++---------------------- 1 file changed, 5 insertions(+), 22 deletions(-) (limited to 'scripts') diff --git a/scripts/vyatta-vpn-op.pl b/scripts/vyatta-vpn-op.pl index f862ef7..55ea1d5 100755 --- a/scripts/vyatta-vpn-op.pl +++ b/scripts/vyatta-vpn-op.pl @@ -44,28 +44,11 @@ sub clear_tunnel { my $cmd = undef; print "Resetting tunnel $tunnel with peer $peer...\n"; - - # back-up ipsec.conf - `sudo cp /etc/ipsec.conf /etc/ipsec.conf.bak.\$PPID`; - - # remove specific connection from ipsec.conf - `sudo sed -i -e '/conn peer-$peer-tunnel-$tunnel/,/#conn peer-$peer-tunnel-$tunnel/d' /etc/ipsec.conf`; - - # update ipsec connections - `sudo /usr/sbin/ipsec update >&/dev/null`; - - # sleep for 1/4th of a second for connection to go down - `sudo sleep 0.25`; - - # move original ipsec.conf back - `sudo mv /etc/ipsec.conf.bak.\$PPID /etc/ipsec.conf`; - - # update ipsec connections - `sudo /usr/sbin/ipsec update >&/dev/null`; - - # sleep for 3/4th of a second for connection to come up - # this gives us sometime before bringing clearing another tunnel - `sudo sleep 0.75`; + + # bring down the tunnel + `sudo /usr/sbin/ipsec down peer-$peer-tunnel-$tunnel`; + # bring up the tunnel + `sudo /usr/sbin/ipsec up peer-$peer-tunnel-$tunnel`; } if ($op eq '') { -- cgit v1.2.3 From 12b2b88d03ce3527a46abc3c1e5cf9e8b8cd5238 Mon Sep 17 00:00:00 2001 From: Jeff Leung Date: Wed, 28 Jan 2015 08:26:51 +0000 Subject: Update pluto.pid references to charon.pid Since pluto doesn't exist anymore in strongSwan 5.0 and later series, we are updating references from pluto* to charon*. --- lib/OPMode.pm | 2 +- scripts/vyatta-show-ipsec-status.pl | 2 +- templates/restart/vpn/node.def | 2 +- templates/show/vpn/debug/detail/node.def | 2 +- templates/show/vpn/debug/node.def | 2 +- templates/show/vpn/debug/peer/node.tag/node.def | 2 +- templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def | 2 +- templates/show/vpn/ipsec/status/node.def | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) (limited to 'scripts') diff --git a/lib/OPMode.pm b/lib/OPMode.pm index 49bc966..7502788 100644 --- a/lib/OPMode.pm +++ b/lib/OPMode.pm @@ -870,7 +870,7 @@ sub show_ipsec_sa_natt display_ipsec_sa_brief(\%tmphash); } sub show_ike_status{ - my $process_id = `sudo cat /var/run/pluto.pid`; + my $process_id = `sudo cat /var/run/charon.pid`; chomp $process_id; print </dev/null | grep 'newest IPsec SA: #' | grep -v 'newest IPsec SA: #0' | wc -l`; chomp $process_id; chomp $active_tunnels; diff --git a/templates/restart/vpn/node.def b/templates/restart/vpn/node.def index 7cb9387..6d0f50c 100644 --- a/templates/restart/vpn/node.def +++ b/templates/restart/vpn/node.def @@ -1,7 +1,7 @@ help: Restart IPsec VPN run: if [ -n "$(cli-shell-api returnActiveValues \ vpn ipsec ipsec-interfaces interface)" ]; then - if pgrep pluto > /dev/null + if pgrep charon > /dev/null then /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=clear-vpn-ipsec-process else diff --git a/templates/show/vpn/debug/detail/node.def b/templates/show/vpn/debug/detail/node.def index ee3604d..0f88f1e 100644 --- a/templates/show/vpn/debug/detail/node.def +++ b/templates/show/vpn/debug/detail/node.def @@ -1,7 +1,7 @@ help: Show detailed VPN debugging information run: if [ -n "$(cli-shell-api returnActiveValues \ vpn ipsec ipsec-interfaces interface)" ]; then - if pgrep pluto > /dev/null + if pgrep charon > /dev/null then /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=show-vpn-debug-detail else diff --git a/templates/show/vpn/debug/node.def b/templates/show/vpn/debug/node.def index 7a33888..281228a 100644 --- a/templates/show/vpn/debug/node.def +++ b/templates/show/vpn/debug/node.def @@ -1,7 +1,7 @@ help: Show VPN debugging information run: if [ -n "$(cli-shell-api returnActiveValues \ vpn ipsec ipsec-interfaces interface)" ]; then - if pgrep pluto > /dev/null + if pgrep charon > /dev/null then /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=show-vpn-debug else diff --git a/templates/show/vpn/debug/peer/node.tag/node.def b/templates/show/vpn/debug/peer/node.tag/node.def index a27063a..a3a9573 100644 --- a/templates/show/vpn/debug/peer/node.tag/node.def +++ b/templates/show/vpn/debug/peer/node.tag/node.def @@ -2,7 +2,7 @@ help: Show debugging information for a peer allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-peers-for-cli run: if [ -n "$(cli-shell-api returnActiveValues \ vpn ipsec ipsec-interfaces interface)" ]; then - if pgrep pluto > /dev/null + if pgrep charon > /dev/null then /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=show-vpn-debug | grep peer-$5 else diff --git a/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def index c141ac0..3c96973 100644 --- a/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def +++ b/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def @@ -2,7 +2,7 @@ help: Show debugging information for a peer's tunnel allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[4]} run: if [ -n "$(cli-shell-api returnActiveValues \ vpn ipsec ipsec-interfaces interface)" ]; then - if pgrep pluto > /dev/null + if pgrep charon > /dev/null then /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=show-vpn-debug | grep "peer-$5-tunnel-$7" else diff --git a/templates/show/vpn/ipsec/status/node.def b/templates/show/vpn/ipsec/status/node.def index bf4ebf7..3c48c60 100644 --- a/templates/show/vpn/ipsec/status/node.def +++ b/templates/show/vpn/ipsec/status/node.def @@ -1,5 +1,5 @@ help: Show status of IPsec process -run: if pgrep pluto >&/dev/null; then +run: if pgrep charon >&/dev/null; then /opt/vyatta/bin/sudo-users/vyatta-show-ipsec-status.pl else echo -e "IPSec Process NOT Running\n" -- cgit v1.2.3 From 020165ce5b9643ff3b9c96bd4a30c981a5d5d78d Mon Sep 17 00:00:00 2001 From: "C.J. Collier" Date: Wed, 11 May 2016 06:42:43 +0000 Subject: vyatta-op-vpn (0.15.0+vyos2+current2+nmu1) UNRELEASED; urgency=low * Non-maintainer upload. * address lintian issues - script-not-executable: removed #!/usr/bin/perl from .pm files - debhelper-but-no-misc-depends: added ${misc:Depends} to Depends: field - debian-rules-missing-recommended-target: added build-arch build-indep - out-of-date-standards-version: updated standards version to 3.9.4 - package-contains-linda-override: removed linda override - file-in-unusual-dir: not triggering, removed from override - script-with-language-extension: renamed vyatta-gen-x509-keypair.sh vyatta-gen-x509-keypair * address dpkg-gencontrol issue: - unknown substitution variable ${shlibs:Depends} - removed * address dpkg-source issue: - debian/source/format set to "3.0 (native)" * removed all references to /opt/vyatta but one from source Signed-off-by: C.J. Collier --- .gitignore | 42 +++++- Makefile.am | 6 +- configure.ac | 55 +++++++- debian/autogen.sh | 4 +- m4/relpaths.m4 | 155 +++++++++++++++++++++ scripts/vyatta-gen-x509-keypair.in | 11 ++ scripts/vyatta-gen-x509-keypair.sh.in | 11 -- .../generate/vpn/rsa-key/bits/node.tag/node.def | 3 - .../generate/vpn/rsa-key/bits/node.tag/node.def.in | 3 + .../rsa-key/bits/node.tag/random/node.tag/node.def | 3 - .../bits/node.tag/random/node.tag/node.def.in | 3 + templates/generate/vpn/rsa-key/node.def | 2 - templates/generate/vpn/rsa-key/node.def.in | 2 + .../generate/vpn/x509/key-pair/node.tag/node.def | 4 - .../vpn/x509/key-pair/node.tag/node.def.in | 4 + templates/reset/vpn/ipsec-peer/node.tag/node.def | 6 - .../reset/vpn/ipsec-peer/node.tag/node.def.in | 6 + .../ipsec-peer/node.tag/tunnel/node.tag/node.def | 10 -- .../node.tag/tunnel/node.tag/node.def.in | 10 ++ .../reset/vpn/ipsec-peer/node.tag/vti/node.def | 5 - .../reset/vpn/ipsec-peer/node.tag/vti/node.def.in | 5 + .../reset/vpn/ipsec-profile/node.tag/node.def | 6 - .../reset/vpn/ipsec-profile/node.tag/node.def.in | 6 + .../node.tag/tunnel/node.tag/node.def | 10 -- .../node.tag/tunnel/node.tag/node.def.in | 10 ++ templates/restart/vpn/node.def | 12 -- templates/restart/vpn/node.def.in | 12 ++ templates/show/vpn/debug/detail/node.def | 12 -- templates/show/vpn/debug/detail/node.def.in | 12 ++ templates/show/vpn/debug/node.def | 12 -- templates/show/vpn/debug/node.def.in | 12 ++ templates/show/vpn/debug/peer/node.tag/node.def | 14 -- templates/show/vpn/debug/peer/node.tag/node.def.in | 14 ++ .../debug/peer/node.tag/tunnel/node.tag/node.def | 14 -- .../peer/node.tag/tunnel/node.tag/node.def.in | 14 ++ templates/show/vpn/ike/rsa-keys/node.def | 2 - templates/show/vpn/ike/rsa-keys/node.def.in | 2 + templates/show/vpn/ike/sa/nat-traversal/node.def | 2 - .../show/vpn/ike/sa/nat-traversal/node.def.in | 2 + templates/show/vpn/ike/sa/node.def | 2 - templates/show/vpn/ike/sa/node.def.in | 2 + templates/show/vpn/ike/sa/peer/node.tag/node.def | 3 - .../show/vpn/ike/sa/peer/node.tag/node.def.in | 3 + templates/show/vpn/ike/secrets/node.def | 2 - templates/show/vpn/ike/secrets/node.def.in | 2 + templates/show/vpn/ike/status/node.def | 2 - templates/show/vpn/ike/status/node.def.in | 2 + templates/show/vpn/ipsec/sa/detail/node.def | 3 - templates/show/vpn/ipsec/sa/detail/node.def.in | 3 + .../vpn/ipsec/sa/detail/peer/node.tag/node.def | 3 - .../vpn/ipsec/sa/detail/peer/node.tag/node.def.in | 3 + .../detail/peer/node.tag/tunnel/node.tag/node.def | 3 - .../peer/node.tag/tunnel/node.tag/node.def.in | 3 + .../vpn/ipsec/sa/detail/profile/node.tag/node.def | 3 - .../ipsec/sa/detail/profile/node.tag/node.def.in | 3 + .../profile/node.tag/tunnel/node.tag/node.def | 3 - .../profile/node.tag/tunnel/node.tag/node.def.in | 3 + templates/show/vpn/ipsec/sa/nat-traversal/node.def | 2 - .../show/vpn/ipsec/sa/nat-traversal/node.def.in | 2 + templates/show/vpn/ipsec/sa/node.def | 3 - templates/show/vpn/ipsec/sa/node.def.in | 3 + templates/show/vpn/ipsec/sa/peer/node.tag/node.def | 3 - .../show/vpn/ipsec/sa/peer/node.tag/node.def.in | 3 + .../sa/peer/node.tag/tunnel/node.tag/node.def | 3 - .../sa/peer/node.tag/tunnel/node.tag/node.def.in | 3 + .../show/vpn/ipsec/sa/profile/node.tag/node.def | 3 - .../show/vpn/ipsec/sa/profile/node.tag/node.def.in | 3 + .../sa/profile/node.tag/tunnel/node.tag/node.def | 3 - .../profile/node.tag/tunnel/node.tag/node.def.in | 3 + templates/show/vpn/ipsec/sa/statistics/node.def | 3 - templates/show/vpn/ipsec/sa/statistics/node.def.in | 3 + .../vpn/ipsec/sa/statistics/peer/node.tag/node.def | 3 - .../ipsec/sa/statistics/peer/node.tag/node.def.in | 3 + .../peer/node.tag/tunnel/node.tag/node.def | 3 - .../peer/node.tag/tunnel/node.tag/node.def.in | 3 + .../ipsec/sa/statistics/profile/node.tag/node.def | 3 - .../sa/statistics/profile/node.tag/node.def.in | 3 + .../profile/node.tag/tunnel/node.tag/node.def | 3 - .../profile/node.tag/tunnel/node.tag/node.def.in | 3 + templates/show/vpn/ipsec/status/node.def | 6 - templates/show/vpn/ipsec/status/node.def.in | 6 + 81 files changed, 439 insertions(+), 203 deletions(-) create mode 100644 m4/relpaths.m4 create mode 100755 scripts/vyatta-gen-x509-keypair.in delete mode 100755 scripts/vyatta-gen-x509-keypair.sh.in delete mode 100644 templates/generate/vpn/rsa-key/bits/node.tag/node.def create mode 100644 templates/generate/vpn/rsa-key/bits/node.tag/node.def.in delete mode 100644 templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def create mode 100644 templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def.in delete mode 100644 templates/generate/vpn/rsa-key/node.def create mode 100644 templates/generate/vpn/rsa-key/node.def.in delete mode 100644 templates/generate/vpn/x509/key-pair/node.tag/node.def create mode 100644 templates/generate/vpn/x509/key-pair/node.tag/node.def.in delete mode 100644 templates/reset/vpn/ipsec-peer/node.tag/node.def create mode 100644 templates/reset/vpn/ipsec-peer/node.tag/node.def.in delete mode 100644 templates/reset/vpn/ipsec-peer/node.tag/tunnel/node.tag/node.def create mode 100644 templates/reset/vpn/ipsec-peer/node.tag/tunnel/node.tag/node.def.in delete mode 100644 templates/reset/vpn/ipsec-peer/node.tag/vti/node.def create mode 100644 templates/reset/vpn/ipsec-peer/node.tag/vti/node.def.in delete mode 100644 templates/reset/vpn/ipsec-profile/node.tag/node.def create mode 100644 templates/reset/vpn/ipsec-profile/node.tag/node.def.in delete mode 100644 templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def create mode 100644 templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def.in delete mode 100644 templates/restart/vpn/node.def create mode 100644 templates/restart/vpn/node.def.in delete mode 100644 templates/show/vpn/debug/detail/node.def create mode 100644 templates/show/vpn/debug/detail/node.def.in delete mode 100644 templates/show/vpn/debug/node.def create mode 100644 templates/show/vpn/debug/node.def.in delete mode 100644 templates/show/vpn/debug/peer/node.tag/node.def create mode 100644 templates/show/vpn/debug/peer/node.tag/node.def.in delete mode 100644 templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def create mode 100644 templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def.in delete mode 100644 templates/show/vpn/ike/rsa-keys/node.def create mode 100644 templates/show/vpn/ike/rsa-keys/node.def.in delete mode 100644 templates/show/vpn/ike/sa/nat-traversal/node.def create mode 100644 templates/show/vpn/ike/sa/nat-traversal/node.def.in delete mode 100644 templates/show/vpn/ike/sa/node.def create mode 100644 templates/show/vpn/ike/sa/node.def.in delete mode 100644 templates/show/vpn/ike/sa/peer/node.tag/node.def create mode 100644 templates/show/vpn/ike/sa/peer/node.tag/node.def.in delete mode 100644 templates/show/vpn/ike/secrets/node.def create mode 100644 templates/show/vpn/ike/secrets/node.def.in delete mode 100644 templates/show/vpn/ike/status/node.def create mode 100644 templates/show/vpn/ike/status/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/detail/node.def create mode 100644 templates/show/vpn/ipsec/sa/detail/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def create mode 100644 templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def create mode 100644 templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def create mode 100644 templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def create mode 100644 templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/nat-traversal/node.def create mode 100644 templates/show/vpn/ipsec/sa/nat-traversal/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/node.def create mode 100644 templates/show/vpn/ipsec/sa/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/peer/node.tag/node.def create mode 100644 templates/show/vpn/ipsec/sa/peer/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def create mode 100644 templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/profile/node.tag/node.def create mode 100644 templates/show/vpn/ipsec/sa/profile/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def create mode 100644 templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/statistics/node.def create mode 100644 templates/show/vpn/ipsec/sa/statistics/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def create mode 100644 templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def create mode 100644 templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def create mode 100644 templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def create mode 100644 templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/status/node.def create mode 100644 templates/show/vpn/ipsec/status/node.def.in (limited to 'scripts') diff --git a/.gitignore b/.gitignore index 67bea90..470b73c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ *~ -/m4 +m4/lt*.m4 +m4/libtool.m4 .*.swp *.[oa] *.l[oa] @@ -27,4 +28,41 @@ libtool /Makefile /command_proc_show_vpn -/scripts/vyatta-gen-x509-keypair.sh \ No newline at end of file +templates/generate/vpn/rsa-key/bits/node.tag/node.def +templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def +templates/generate/vpn/rsa-key/node.def +templates/generate/vpn/x509/key-pair/node.tag/node.def +templates/reset/vpn/ipsec-peer/node.tag/node.def +templates/reset/vpn/ipsec-peer/node.tag/tunnel/node.tag/node.def +templates/reset/vpn/ipsec-peer/node.tag/vti/node.def +templates/reset/vpn/ipsec-profile/node.tag/node.def +templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def +templates/restart/vpn/node.def +templates/show/vpn/debug/detail/node.def +templates/show/vpn/debug/node.def +templates/show/vpn/debug/peer/node.tag/node.def +templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def +templates/show/vpn/ike/rsa-keys/node.def +templates/show/vpn/ike/sa/nat-traversal/node.def +templates/show/vpn/ike/sa/node.def +templates/show/vpn/ike/sa/peer/node.tag/node.def +templates/show/vpn/ike/secrets/node.def +templates/show/vpn/ike/status/node.def +templates/show/vpn/ipsec/sa/detail/node.def +templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def +templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def +templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def +templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def +templates/show/vpn/ipsec/sa/nat-traversal/node.def +templates/show/vpn/ipsec/sa/node.def +templates/show/vpn/ipsec/sa/peer/node.tag/node.def +templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def +templates/show/vpn/ipsec/sa/profile/node.tag/node.def +templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def +templates/show/vpn/ipsec/sa/statistics/node.def +templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def +templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def +templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def +templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def +templates/show/vpn/ipsec/status/node.def +/scripts/vyatta-gen-x509-keypair \ No newline at end of file diff --git a/Makefile.am b/Makefile.am index f15d7c0..490b1f1 100644 --- a/Makefile.am +++ b/Makefile.am @@ -21,11 +21,9 @@ cpiop = find . ! -regex '\(.*~\|.*\.bak\|.*\.swp\|.*\#.*\#\)' -print0 | \ cpio -0pd install-exec-hook: - mkdir -p $(DESTDIR)${sysconfdir} - mkdir -p $(DESTDIR)${sbindir} - cp scripts/vyatta-gen-x509-keypair.sh $(DESTDIR)${sbindir}/vyatta-gen-x509-keypair + mkdir -p $(DESTDIR)${sysconfdir} $(DESTDIR)${sbindir} $(DESTDIR)$(opdir) + cp scripts/vyatta-gen-x509-keypair $(DESTDIR)${sbindir}/ cp scripts/key-pair.template $(DESTDIR)${sysconfdir} - mkdir -p $(DESTDIR)$(opdir) cd templates; $(cpiop) $(DESTDIR)$(opdir) diff --git a/configure.ac b/configure.ac index 3d9a504..6002c2d 100644 --- a/configure.ac +++ b/configure.ac @@ -1,7 +1,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.59) -m4_define([DEFAULT_PREFIX], "/opt/vyatta") +m4_define([DEFAULT_PREFIX], [/opt/vyatta]) m4_define([VERSION_ID], [m4_esyscmd([ if test -f .version ; then @@ -24,6 +24,9 @@ else XSLDIR="$prefix/share/xsl/" fi +adl_RECURSIVE_EVAL([$bindir/sudo-users/],[SUDOUSRDIR]) +adl_RECURSIVE_EVAL([$sbindir/],[SBINDIR]) + AC_PROG_CC AC_PROG_CXX AM_PROG_AS @@ -39,14 +42,56 @@ AC_ARG_ENABLE([nostrip], AC_SUBST(NOSTRIP) AC_SUBST(XSLDIR) +AC_SUBST(SUDOUSRDIR) +AC_SUBST(SBINDIR) AC_OUTPUT([ Makefile - scripts/vyatta-gen-x509-keypair.sh + scripts/vyatta-gen-x509-keypair + templates/restart/vpn/node.def + templates/generate/vpn/x509/key-pair/node.tag/node.def + templates/generate/vpn/rsa-key/node.def + templates/generate/vpn/rsa-key/bits/node.tag/node.def + templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def + templates/show/vpn/ipsec/status/node.def + templates/show/vpn/ipsec/sa/node.def + templates/show/vpn/ipsec/sa/nat-traversal/node.def + templates/show/vpn/ipsec/sa/statistics/node.def + templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def + templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def + templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def + templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def + templates/show/vpn/ipsec/sa/detail/node.def + templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def + templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def + templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def + templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def + templates/show/vpn/ipsec/sa/profile/node.tag/node.def + templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def + templates/show/vpn/ipsec/sa/peer/node.tag/node.def + templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def + templates/show/vpn/debug/node.def + templates/show/vpn/debug/detail/node.def + templates/show/vpn/debug/peer/node.tag/node.def + templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def + templates/show/vpn/ike/secrets/node.def + templates/show/vpn/ike/status/node.def + templates/show/vpn/ike/sa/node.def + templates/show/vpn/ike/sa/nat-traversal/node.def + templates/show/vpn/ike/sa/peer/node.tag/node.def + templates/show/vpn/ike/rsa-keys/node.def + templates/reset/vpn/ipsec-profile/node.tag/node.def + templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def + templates/reset/vpn/ipsec-peer/node.tag/node.def + templates/reset/vpn/ipsec-peer/node.tag/vti/node.def + templates/reset/vpn/ipsec-peer/node.tag/tunnel/node.tag/node.def ]) -echo "prefix: ${prefix}" -echo "sysconfdir: ${sysconfdir}" +echo "prefix: ${prefix}" +echo "sbindir: ${sbindir}" +echo "sysconfdir: ${sysconfdir}" echo "datarootdir: ${datarootdir}" -echo "XSLDIR: ${XSLDIR}" +echo "XSLDIR: ${XSLDIR}" +echo "SBINDIR: ${SBINDIR}" +echo "SUDOUSRDIR: ${SUDOUSRDIR}" diff --git a/debian/autogen.sh b/debian/autogen.sh index 92719c8..70ecdeb 100755 --- a/debian/autogen.sh +++ b/debian/autogen.sh @@ -1,10 +1,10 @@ #!/bin/sh -rm -rf config m4 +rm -rf config rm -f aclocal.m4 config.guess config.statusconfig.sub configure INSTALL -mkdir -p m4 +mkdir -p autoreconf --force --install rm -f config.sub config.guess diff --git a/m4/relpaths.m4 b/m4/relpaths.m4 new file mode 100644 index 0000000..15f24b3 --- /dev/null +++ b/m4/relpaths.m4 @@ -0,0 +1,155 @@ +dnl @synopsis adl_COMPUTE_RELATIVE_PATHS(PATH_LIST) +dnl +dnl PATH_LIST is a space-separated list of colon-separated triplets of +dnl the form 'FROM:TO:RESULT'. This function iterates over these +dnl triplets and set $RESULT to the relative path from $FROM to $TO. +dnl Note that $FROM and $TO needs to be absolute filenames for this +dnl macro to success. +dnl +dnl For instance, +dnl +dnl first=/usr/local/bin +dnl second=/usr/local/share +dnl adl_COMPUTE_RELATIVE_PATHS([first:second:fs second:first:sf]) +dnl # $fs is set to ../share +dnl # $sf is set to ../bin +dnl +dnl $FROM and $TO are both eval'ed recursively and normalized, this +dnl means that you can call this macro with autoconf's dirnames like +dnl `prefix' or `datadir'. For example: +dnl +dnl adl_COMPUTE_RELATIVE_PATHS([bindir:datadir:bin_to_data]) +dnl +dnl adl_COMPUTE_RELATIVE_PATHS should also works with DOS filenames. +dnl +dnl You may want to use this macro in order to make your package +dnl relocatable. Instead of hardcoding $datadir into your programs just +dnl encode $bin_to_data and try to determine $bindir at run-time. +dnl +dnl This macro requires adl_NORMALIZE_PATH. +dnl +dnl @category Misc +dnl @author Alexandre Duret-Lutz +dnl @version 2001-05-25 +dnl @license GPLWithACException + +AC_DEFUN([adl_COMPUTE_RELATIVE_PATHS], +[for _lcl_i in $1; do + _lcl_from=\[$]`echo "[$]_lcl_i" | sed 's,:.*$,,'` + _lcl_to=\[$]`echo "[$]_lcl_i" | sed 's,^[[^:]]*:,,' | sed 's,:[[^:]]*$,,'` + _lcl_result_var=`echo "[$]_lcl_i" | sed 's,^.*:,,'` + adl_RECURSIVE_EVAL([[$]_lcl_from], [_lcl_from]) + adl_RECURSIVE_EVAL([[$]_lcl_to], [_lcl_to]) + _lcl_notation="$_lcl_from$_lcl_to" + adl_NORMALIZE_PATH([_lcl_from],['/']) + adl_NORMALIZE_PATH([_lcl_to],['/']) + adl_COMPUTE_RELATIVE_PATH([_lcl_from], [_lcl_to], [_lcl_result_tmp]) + adl_NORMALIZE_PATH([_lcl_result_tmp],["[$]_lcl_notation"]) + eval $_lcl_result_var='[$]_lcl_result_tmp' +done]) + +## Note: +## ***** +## The following helper macros are too fragile to be used out +## of adl_COMPUTE_RELATIVE_PATHS (mainly because they assume that +## paths are normalized), that's why I'm keeping them in the same file. +## Still, some of them maybe worth to reuse. + +dnl adl_COMPUTE_RELATIVE_PATH(FROM, TO, RESULT) +dnl =========================================== +dnl Compute the relative path to go from $FROM to $TO and set the value +dnl of $RESULT to that value. This function work on raw filenames +dnl (for instead it will considerate /usr//local and /usr/local as +dnl two distinct paths), you should really use adl_COMPUTE_REALTIVE_PATHS +dnl instead to have the paths sanitized automatically. +dnl +dnl For instance: +dnl first_dir=/somewhere/on/my/disk/bin +dnl second_dir=/somewhere/on/another/disk/share +dnl adl_COMPUTE_RELATIVE_PATH(first_dir, second_dir, first_to_second) +dnl will set $first_to_second to '../../../another/disk/share'. +AC_DEFUN([adl_COMPUTE_RELATIVE_PATH], +[adl_COMPUTE_COMMON_PATH([$1], [$2], [_lcl_common_prefix]) +adl_COMPUTE_BACK_PATH([$1], [_lcl_common_prefix], [_lcl_first_rel]) +adl_COMPUTE_SUFFIX_PATH([$2], [_lcl_common_prefix], [_lcl_second_suffix]) +$3="[$]_lcl_first_rel[$]_lcl_second_suffix"]) + +dnl adl_COMPUTE_COMMON_PATH(LEFT, RIGHT, RESULT) +dnl ============================================ +dnl Compute the common path to $LEFT and $RIGHT and set the result to $RESULT. +dnl +dnl For instance: +dnl first_path=/somewhere/on/my/disk/bin +dnl second_path=/somewhere/on/another/disk/share +dnl adl_COMPUTE_COMMON_PATH(first_path, second_path, common_path) +dnl will set $common_path to '/somewhere/on'. +AC_DEFUN([adl_COMPUTE_COMMON_PATH], +[$3='' +_lcl_second_prefix_match='' +while test "[$]_lcl_second_prefix_match" != 0; do + _lcl_first_prefix=`expr "x[$]$1" : "x\([$]$3/*[[^/]]*\)"` + _lcl_second_prefix_match=`expr "x[$]$2" : "x[$]_lcl_first_prefix"` + if test "[$]_lcl_second_prefix_match" != 0; then + if test "[$]_lcl_first_prefix" != "[$]$3"; then + $3="[$]_lcl_first_prefix" + else + _lcl_second_prefix_match=0 + fi + fi +done]) + +dnl adl_COMPUTE_SUFFIX_PATH(PATH, SUBPATH, RESULT) +dnl ============================================== +dnl Substrack $SUBPATH from $PATH, and set the resulting suffix +dnl (or the empty string if $SUBPATH is not a subpath of $PATH) +dnl to $RESULT. +dnl +dnl For instace: +dnl first_path=/somewhere/on/my/disk/bin +dnl second_path=/somewhere/on +dnl adl_COMPUTE_SUFFIX_PATH(first_path, second_path, common_path) +dnl will set $common_path to '/my/disk/bin'. +AC_DEFUN([adl_COMPUTE_SUFFIX_PATH], +[$3=`expr "x[$]$1" : "x[$]$2/*\(.*\)"`]) + +dnl adl_COMPUTE_BACK_PATH(PATH, SUBPATH, RESULT) +dnl ============================================ +dnl Compute the relative path to go from $PATH to $SUBPATH, knowing that +dnl $SUBPATH is a subpath of $PATH (any other words, only repeated '../' +dnl should be needed to move from $PATH to $SUBPATH) and set the value +dnl of $RESULT to that value. If $SUBPATH is not a subpath of PATH, +dnl set $RESULT to the empty string. +dnl +dnl For instance: +dnl first_path=/somewhere/on/my/disk/bin +dnl second_path=/somewhere/on +dnl adl_COMPUTE_BACK_PATH(first_path, second_path, back_path) +dnl will set $back_path to '../../../'. +AC_DEFUN([adl_COMPUTE_BACK_PATH], +[adl_COMPUTE_SUFFIX_PATH([$1], [$2], [_lcl_first_suffix]) +$3='' +_lcl_tmp='xxx' +while test "[$]_lcl_tmp" != ''; do + _lcl_tmp=`expr "x[$]_lcl_first_suffix" : "x[[^/]]*/*\(.*\)"` + if test "[$]_lcl_first_suffix" != ''; then + _lcl_first_suffix="[$]_lcl_tmp" + $3="../[$]$3" + fi +done]) + + +dnl adl_RECURSIVE_EVAL(VALUE, RESULT) +dnl ================================= +dnl Interpolate the VALUE in loop until it doesn't change, +dnl and set the result to $RESULT. +dnl WARNING: It's easy to get an infinite loop with some unsane input. +AC_DEFUN([adl_RECURSIVE_EVAL], +[_lcl_receval="$1" +$2=`(test "x$prefix" = xNONE && prefix="$ac_default_prefix" + test "x$exec_prefix" = xNONE && exec_prefix="${prefix}" + _lcl_receval_old='' + while test "[$]_lcl_receval_old" != "[$]_lcl_receval"; do + _lcl_receval_old="[$]_lcl_receval" + eval _lcl_receval="\"[$]_lcl_receval\"" + done + echo "[$]_lcl_receval")`]) diff --git a/scripts/vyatta-gen-x509-keypair.in b/scripts/vyatta-gen-x509-keypair.in new file mode 100755 index 0000000..194ac4f --- /dev/null +++ b/scripts/vyatta-gen-x509-keypair.in @@ -0,0 +1,11 @@ +#!/bin/bash +CN=$1 +genkeypair (){ + openssl req -new -nodes -keyout /config/auth/$CN.key -out /config/auth/$CN.csr -config @sysconfdir@/key-pair.template +} +if [ -f /config/auth/$CN.csr ]; then + read -p "A certificate request named $CN.csr already exists. Overwrite (y/n)?" + [[ $REPLY != y && $REPLY != Y ]] || genkeypair +else + genkeypair +fi diff --git a/scripts/vyatta-gen-x509-keypair.sh.in b/scripts/vyatta-gen-x509-keypair.sh.in deleted file mode 100755 index 194ac4f..0000000 --- a/scripts/vyatta-gen-x509-keypair.sh.in +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -CN=$1 -genkeypair (){ - openssl req -new -nodes -keyout /config/auth/$CN.key -out /config/auth/$CN.csr -config @sysconfdir@/key-pair.template -} -if [ -f /config/auth/$CN.csr ]; then - read -p "A certificate request named $CN.csr already exists. Overwrite (y/n)?" - [[ $REPLY != y && $REPLY != Y ]] || genkeypair -else - genkeypair -fi diff --git a/templates/generate/vpn/rsa-key/bits/node.tag/node.def b/templates/generate/vpn/rsa-key/bits/node.tag/node.def deleted file mode 100644 index fa2fed2..0000000 --- a/templates/generate/vpn/rsa-key/bits/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Generate local RSA key with specified number of bits -run: sudo /opt/vyatta/bin/sudo-users/gen_local_rsa_key.pl "$5" /dev/random -allowed: echo -n '<16-4096>' diff --git a/templates/generate/vpn/rsa-key/bits/node.tag/node.def.in b/templates/generate/vpn/rsa-key/bits/node.tag/node.def.in new file mode 100644 index 0000000..2eae9cc --- /dev/null +++ b/templates/generate/vpn/rsa-key/bits/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Generate local RSA key with specified number of bits +run: sudo @SUDOUSRDIR@/gen_local_rsa_key.pl "$5" /dev/random +allowed: echo -n '<16-4096>' diff --git a/templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def b/templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def deleted file mode 100644 index eb11433..0000000 --- a/templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Generate local RSA key with specified number of bits and random device -run: sudo /opt/vyatta/bin/sudo-users/gen_local_rsa_key.pl "$5" "$7" -allowed: echo -n '/dev/random /dev/urandom' diff --git a/templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def.in b/templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def.in new file mode 100644 index 0000000..81a9633 --- /dev/null +++ b/templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Generate local RSA key with specified number of bits and random device +run: sudo @SUDOUSRDIR@/gen_local_rsa_key.pl "$5" "$7" +allowed: echo -n '/dev/random /dev/urandom' diff --git a/templates/generate/vpn/rsa-key/node.def b/templates/generate/vpn/rsa-key/node.def deleted file mode 100644 index 60296f2..0000000 --- a/templates/generate/vpn/rsa-key/node.def +++ /dev/null @@ -1,2 +0,0 @@ -help: Generate local RSA key (default: bits=2192 device=/dev/random) -run: sudo /opt/vyatta/bin/sudo-users/gen_local_rsa_key.pl 2192 /dev/random diff --git a/templates/generate/vpn/rsa-key/node.def.in b/templates/generate/vpn/rsa-key/node.def.in new file mode 100644 index 0000000..482f32c --- /dev/null +++ b/templates/generate/vpn/rsa-key/node.def.in @@ -0,0 +1,2 @@ +help: Generate local RSA key (default: bits=2192 device=/dev/random) +run: sudo @SUDOUSRDIR@/gen_local_rsa_key.pl 2192 /dev/random diff --git a/templates/generate/vpn/x509/key-pair/node.tag/node.def b/templates/generate/vpn/x509/key-pair/node.tag/node.def deleted file mode 100644 index dc21935..0000000 --- a/templates/generate/vpn/x509/key-pair/node.tag/node.def +++ /dev/null @@ -1,4 +0,0 @@ -help: Generate x509 key-pair -run: - sudo /opt/vyatta/sbin/vyatta-gen-x509-keypair $5 -allowed: echo -n '' diff --git a/templates/generate/vpn/x509/key-pair/node.tag/node.def.in b/templates/generate/vpn/x509/key-pair/node.tag/node.def.in new file mode 100644 index 0000000..2c87956 --- /dev/null +++ b/templates/generate/vpn/x509/key-pair/node.tag/node.def.in @@ -0,0 +1,4 @@ +help: Generate x509 key-pair +run: + sudo @SBINDIR@/vyatta-gen-x509-keypair $5 +allowed: echo -n '' diff --git a/templates/reset/vpn/ipsec-peer/node.tag/node.def b/templates/reset/vpn/ipsec-peer/node.tag/node.def deleted file mode 100644 index fa55d52..0000000 --- a/templates/reset/vpn/ipsec-peer/node.tag/node.def +++ /dev/null @@ -1,6 +0,0 @@ -help: Reset all tunnels for given peer - -allowed: /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=get-all-peers - -run: /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl \ - --op=clear-tunnels-for-peer --peer="$4" diff --git a/templates/reset/vpn/ipsec-peer/node.tag/node.def.in b/templates/reset/vpn/ipsec-peer/node.tag/node.def.in new file mode 100644 index 0000000..621c40a --- /dev/null +++ b/templates/reset/vpn/ipsec-peer/node.tag/node.def.in @@ -0,0 +1,6 @@ +help: Reset all tunnels for given peer + +allowed: @SUDOUSRDIR@/vyatta-vpn-op.pl --op=get-all-peers + +run: @SUDOUSRDIR@/vyatta-vpn-op.pl \ + --op=clear-tunnels-for-peer --peer="$4" diff --git a/templates/reset/vpn/ipsec-peer/node.tag/tunnel/node.tag/node.def b/templates/reset/vpn/ipsec-peer/node.tag/tunnel/node.tag/node.def deleted file mode 100644 index eecb740..0000000 --- a/templates/reset/vpn/ipsec-peer/node.tag/tunnel/node.tag/node.def +++ /dev/null @@ -1,10 +0,0 @@ -help: Reset a specific tunnel for given peer - -allowed: /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl \ - --op=get-tunnels-for-peer \ - --peer="${COMP_WORDS[COMP_CWORD-2]}" - -run: /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl \ - --op=clear-specific-tunnel-for-peer \ - --peer="$4" \ - --tunnel="$6" diff --git a/templates/reset/vpn/ipsec-peer/node.tag/tunnel/node.tag/node.def.in b/templates/reset/vpn/ipsec-peer/node.tag/tunnel/node.tag/node.def.in new file mode 100644 index 0000000..4407515 --- /dev/null +++ b/templates/reset/vpn/ipsec-peer/node.tag/tunnel/node.tag/node.def.in @@ -0,0 +1,10 @@ +help: Reset a specific tunnel for given peer + +allowed: @SUDOUSRDIR@/vyatta-vpn-op.pl \ + --op=get-tunnels-for-peer \ + --peer="${COMP_WORDS[COMP_CWORD-2]}" + +run: @SUDOUSRDIR@/vyatta-vpn-op.pl \ + --op=clear-specific-tunnel-for-peer \ + --peer="$4" \ + --tunnel="$6" diff --git a/templates/reset/vpn/ipsec-peer/node.tag/vti/node.def b/templates/reset/vpn/ipsec-peer/node.tag/vti/node.def deleted file mode 100644 index f0f39a8..0000000 --- a/templates/reset/vpn/ipsec-peer/node.tag/vti/node.def +++ /dev/null @@ -1,5 +0,0 @@ -help: Reset a vti tunnel for given peer - -run: /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl \ - --op=clear-vtis-for-peer \ - --peer="$4" diff --git a/templates/reset/vpn/ipsec-peer/node.tag/vti/node.def.in b/templates/reset/vpn/ipsec-peer/node.tag/vti/node.def.in new file mode 100644 index 0000000..2e8e9be --- /dev/null +++ b/templates/reset/vpn/ipsec-peer/node.tag/vti/node.def.in @@ -0,0 +1,5 @@ +help: Reset a vti tunnel for given peer + +run: @SUDOUSRDIR@/vyatta-vpn-op.pl \ + --op=clear-vtis-for-peer \ + --peer="$4" diff --git a/templates/reset/vpn/ipsec-profile/node.tag/node.def b/templates/reset/vpn/ipsec-profile/node.tag/node.def deleted file mode 100644 index 639fac3..0000000 --- a/templates/reset/vpn/ipsec-profile/node.tag/node.def +++ /dev/null @@ -1,6 +0,0 @@ -help: Reset all tunnels for given profile - -allowed: /opt/vyatta/bin/sudo-users/vyatta-dmvpn-op.pl --op=get-all-profiles - -run: /opt/vyatta/bin/sudo-users/vyatta-dmvpn-op.pl \ - --op=clear-tunnels-for-profile --profile="$4" diff --git a/templates/reset/vpn/ipsec-profile/node.tag/node.def.in b/templates/reset/vpn/ipsec-profile/node.tag/node.def.in new file mode 100644 index 0000000..ea90853 --- /dev/null +++ b/templates/reset/vpn/ipsec-profile/node.tag/node.def.in @@ -0,0 +1,6 @@ +help: Reset all tunnels for given profile + +allowed: @SUDOUSRDIR@/vyatta-dmvpn-op.pl --op=get-all-profiles + +run: @SUDOUSRDIR@/vyatta-dmvpn-op.pl \ + --op=clear-tunnels-for-profile --profile="$4" diff --git a/templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def b/templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def deleted file mode 100644 index 08e299f..0000000 --- a/templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def +++ /dev/null @@ -1,10 +0,0 @@ -help: Reset a specific tunnel for given profile - -allowed: /opt/vyatta/bin/sudo-users/vyatta-dmvpn-op.pl \ - --op=get-tunnels-for-profile \ - --profile="${COMP_WORDS[COMP_CWORD-2]}" - -run: /opt/vyatta/bin/sudo-users/vyatta-dmvpn-op.pl \ - --op=clear-specific-tunnel-for-profile \ - --profile="$4" \ - --tunnel="$6" diff --git a/templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def.in b/templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def.in new file mode 100644 index 0000000..f5eda6c --- /dev/null +++ b/templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def.in @@ -0,0 +1,10 @@ +help: Reset a specific tunnel for given profile + +allowed: @SUDOUSRDIR@/vyatta-dmvpn-op.pl \ + --op=get-tunnels-for-profile \ + --profile="${COMP_WORDS[COMP_CWORD-2]}" + +run: @SUDOUSRDIR@/vyatta-dmvpn-op.pl \ + --op=clear-specific-tunnel-for-profile \ + --profile="$4" \ + --tunnel="$6" diff --git a/templates/restart/vpn/node.def b/templates/restart/vpn/node.def deleted file mode 100644 index 7cb9387..0000000 --- a/templates/restart/vpn/node.def +++ /dev/null @@ -1,12 +0,0 @@ -help: Restart IPsec VPN -run: if [ -n "$(cli-shell-api returnActiveValues \ - vpn ipsec ipsec-interfaces interface)" ]; then - if pgrep pluto > /dev/null - then - /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=clear-vpn-ipsec-process - else - echo IPsec process not running - fi - else - echo IPsec VPN not configured - fi diff --git a/templates/restart/vpn/node.def.in b/templates/restart/vpn/node.def.in new file mode 100644 index 0000000..3e3566a --- /dev/null +++ b/templates/restart/vpn/node.def.in @@ -0,0 +1,12 @@ +help: Restart IPsec VPN +run: if [ -n "$(cli-shell-api returnActiveValues \ + vpn ipsec ipsec-interfaces interface)" ]; then + if pgrep pluto > /dev/null + then + @SUDOUSRDIR@/vyatta-vpn-op.pl --op=clear-vpn-ipsec-process + else + echo IPsec process not running + fi + else + echo IPsec VPN not configured + fi diff --git a/templates/show/vpn/debug/detail/node.def b/templates/show/vpn/debug/detail/node.def deleted file mode 100644 index ee3604d..0000000 --- a/templates/show/vpn/debug/detail/node.def +++ /dev/null @@ -1,12 +0,0 @@ -help: Show detailed VPN debugging information -run: if [ -n "$(cli-shell-api returnActiveValues \ - vpn ipsec ipsec-interfaces interface)" ]; then - if pgrep pluto > /dev/null - then - /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=show-vpn-debug-detail - else - echo IPsec process not running - fi - else - echo VPN ipsec not configured - fi diff --git a/templates/show/vpn/debug/detail/node.def.in b/templates/show/vpn/debug/detail/node.def.in new file mode 100644 index 0000000..9271328 --- /dev/null +++ b/templates/show/vpn/debug/detail/node.def.in @@ -0,0 +1,12 @@ +help: Show detailed VPN debugging information +run: if [ -n "$(cli-shell-api returnActiveValues \ + vpn ipsec ipsec-interfaces interface)" ]; then + if pgrep pluto > /dev/null + then + @SUDOUSRDIR@/vyatta-vpn-op.pl --op=show-vpn-debug-detail + else + echo IPsec process not running + fi + else + echo VPN ipsec not configured + fi diff --git a/templates/show/vpn/debug/node.def b/templates/show/vpn/debug/node.def deleted file mode 100644 index 7a33888..0000000 --- a/templates/show/vpn/debug/node.def +++ /dev/null @@ -1,12 +0,0 @@ -help: Show VPN debugging information -run: if [ -n "$(cli-shell-api returnActiveValues \ - vpn ipsec ipsec-interfaces interface)" ]; then - if pgrep pluto > /dev/null - then - /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=show-vpn-debug - else - echo IPsec process not running - fi - else - echo VPN ipsec not configured - fi diff --git a/templates/show/vpn/debug/node.def.in b/templates/show/vpn/debug/node.def.in new file mode 100644 index 0000000..1f6c829 --- /dev/null +++ b/templates/show/vpn/debug/node.def.in @@ -0,0 +1,12 @@ +help: Show VPN debugging information +run: if [ -n "$(cli-shell-api returnActiveValues \ + vpn ipsec ipsec-interfaces interface)" ]; then + if pgrep pluto > /dev/null + then + @SUDOUSRDIR@/vyatta-vpn-op.pl --op=show-vpn-debug + else + echo IPsec process not running + fi + else + echo VPN ipsec not configured + fi diff --git a/templates/show/vpn/debug/peer/node.tag/node.def b/templates/show/vpn/debug/peer/node.tag/node.def deleted file mode 100644 index a27063a..0000000 --- a/templates/show/vpn/debug/peer/node.tag/node.def +++ /dev/null @@ -1,14 +0,0 @@ -help: Show debugging information for a peer -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-peers-for-cli -run: if [ -n "$(cli-shell-api returnActiveValues \ - vpn ipsec ipsec-interfaces interface)" ]; then - if pgrep pluto > /dev/null - then - /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=show-vpn-debug | grep peer-$5 - else - echo IPsec process not running - fi - else - echo VPN ipsec not configured - fi - diff --git a/templates/show/vpn/debug/peer/node.tag/node.def.in b/templates/show/vpn/debug/peer/node.tag/node.def.in new file mode 100644 index 0000000..d201746 --- /dev/null +++ b/templates/show/vpn/debug/peer/node.tag/node.def.in @@ -0,0 +1,14 @@ +help: Show debugging information for a peer +allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-peers-for-cli +run: if [ -n "$(cli-shell-api returnActiveValues \ + vpn ipsec ipsec-interfaces interface)" ]; then + if pgrep pluto > /dev/null + then + @SUDOUSRDIR@/vyatta-vpn-op.pl --op=show-vpn-debug | grep peer-$5 + else + echo IPsec process not running + fi + else + echo VPN ipsec not configured + fi + diff --git a/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def deleted file mode 100644 index c141ac0..0000000 --- a/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def +++ /dev/null @@ -1,14 +0,0 @@ -help: Show debugging information for a peer's tunnel -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[4]} -run: if [ -n "$(cli-shell-api returnActiveValues \ - vpn ipsec ipsec-interfaces interface)" ]; then - if pgrep pluto > /dev/null - then - /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=show-vpn-debug | grep "peer-$5-tunnel-$7" - else - echo IPsec process not running - fi - else - echo VPN ipsec not configured - fi - diff --git a/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def.in b/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def.in new file mode 100644 index 0000000..5906929 --- /dev/null +++ b/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def.in @@ -0,0 +1,14 @@ +help: Show debugging information for a peer's tunnel +allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[4]} +run: if [ -n "$(cli-shell-api returnActiveValues \ + vpn ipsec ipsec-interfaces interface)" ]; then + if pgrep pluto > /dev/null + then + @SUDOUSRDIR@/vyatta-vpn-op.pl --op=show-vpn-debug | grep "peer-$5-tunnel-$7" + else + echo IPsec process not running + fi + else + echo VPN ipsec not configured + fi + diff --git a/templates/show/vpn/ike/rsa-keys/node.def b/templates/show/vpn/ike/rsa-keys/node.def deleted file mode 100644 index 6d3baa5..0000000 --- a/templates/show/vpn/ike/rsa-keys/node.def +++ /dev/null @@ -1,2 +0,0 @@ -help: Show VPN RSA keys -run: sudo /opt/vyatta/bin/sudo-users/vyatta-show-vpn.pl rsa-keys diff --git a/templates/show/vpn/ike/rsa-keys/node.def.in b/templates/show/vpn/ike/rsa-keys/node.def.in new file mode 100644 index 0000000..255ca18 --- /dev/null +++ b/templates/show/vpn/ike/rsa-keys/node.def.in @@ -0,0 +1,2 @@ +help: Show VPN RSA keys +run: sudo @SUDOUSRDIR@/vyatta-show-vpn.pl rsa-keys diff --git a/templates/show/vpn/ike/sa/nat-traversal/node.def b/templates/show/vpn/ike/sa/nat-traversal/node.def deleted file mode 100644 index 3855c49..0000000 --- a/templates/show/vpn/ike/sa/nat-traversal/node.def +++ /dev/null @@ -1,2 +0,0 @@ -help: Show all currently active IKE Security Associations (SA) that are using NAT Traversal -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ike-sa-natt diff --git a/templates/show/vpn/ike/sa/nat-traversal/node.def.in b/templates/show/vpn/ike/sa/nat-traversal/node.def.in new file mode 100644 index 0000000..6c62b12 --- /dev/null +++ b/templates/show/vpn/ike/sa/nat-traversal/node.def.in @@ -0,0 +1,2 @@ +help: Show all currently active IKE Security Associations (SA) that are using NAT Traversal +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ike-sa-natt diff --git a/templates/show/vpn/ike/sa/node.def b/templates/show/vpn/ike/sa/node.def deleted file mode 100644 index 051d657..0000000 --- a/templates/show/vpn/ike/sa/node.def +++ /dev/null @@ -1,2 +0,0 @@ -help: Show all currently active IKE Security Associations (SA) -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ike-sa diff --git a/templates/show/vpn/ike/sa/node.def.in b/templates/show/vpn/ike/sa/node.def.in new file mode 100644 index 0000000..e372ff7 --- /dev/null +++ b/templates/show/vpn/ike/sa/node.def.in @@ -0,0 +1,2 @@ +help: Show all currently active IKE Security Associations (SA) +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ike-sa diff --git a/templates/show/vpn/ike/sa/peer/node.tag/node.def b/templates/show/vpn/ike/sa/peer/node.tag/node.def deleted file mode 100644 index c76b71b..0000000 --- a/templates/show/vpn/ike/sa/peer/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show all currently active IKE Security Associations (SA) for a peer -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-peers-for-cli -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ike-sa-peer="$6" diff --git a/templates/show/vpn/ike/sa/peer/node.tag/node.def.in b/templates/show/vpn/ike/sa/peer/node.tag/node.def.in new file mode 100644 index 0000000..a9782ad --- /dev/null +++ b/templates/show/vpn/ike/sa/peer/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Show all currently active IKE Security Associations (SA) for a peer +allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-peers-for-cli +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ike-sa-peer="$6" diff --git a/templates/show/vpn/ike/secrets/node.def b/templates/show/vpn/ike/secrets/node.def deleted file mode 100644 index ec4073c..0000000 --- a/templates/show/vpn/ike/secrets/node.def +++ /dev/null @@ -1,2 +0,0 @@ -help: Show all the pre-shared key secrets -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ike-secrets diff --git a/templates/show/vpn/ike/secrets/node.def.in b/templates/show/vpn/ike/secrets/node.def.in new file mode 100644 index 0000000..3d1a32d --- /dev/null +++ b/templates/show/vpn/ike/secrets/node.def.in @@ -0,0 +1,2 @@ +help: Show all the pre-shared key secrets +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ike-secrets diff --git a/templates/show/vpn/ike/status/node.def b/templates/show/vpn/ike/status/node.def deleted file mode 100644 index e74a741..0000000 --- a/templates/show/vpn/ike/status/node.def +++ /dev/null @@ -1,2 +0,0 @@ -help: Show summary of IKE process information -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ike-status diff --git a/templates/show/vpn/ike/status/node.def.in b/templates/show/vpn/ike/status/node.def.in new file mode 100644 index 0000000..7cc9b10 --- /dev/null +++ b/templates/show/vpn/ike/status/node.def.in @@ -0,0 +1,2 @@ +help: Show summary of IKE process information +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ike-status diff --git a/templates/show/vpn/ipsec/sa/detail/node.def b/templates/show/vpn/ipsec/sa/detail/node.def deleted file mode 100644 index 1397817..0000000 --- a/templates/show/vpn/ipsec/sa/detail/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show details for all active IPsec Security Associations (SA) -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-detail - sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-detail diff --git a/templates/show/vpn/ipsec/sa/detail/node.def.in b/templates/show/vpn/ipsec/sa/detail/node.def.in new file mode 100644 index 0000000..781d61b --- /dev/null +++ b/templates/show/vpn/ipsec/sa/detail/node.def.in @@ -0,0 +1,3 @@ +help: Show details for all active IPsec Security Associations (SA) +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-detail + sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-detail diff --git a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def b/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def deleted file mode 100644 index cad43ba..0000000 --- a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show details for all active IPsec Security Associations (SA) for a peer -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-peers-for-cli -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-peer-detail="$7" diff --git a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def.in new file mode 100644 index 0000000..659acfa --- /dev/null +++ b/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Show details for all active IPsec Security Associations (SA) for a peer +allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-peers-for-cli +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-peer-detail="$7" diff --git a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def deleted file mode 100644 index 470578e..0000000 --- a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show details for the active IPsec Security Associations (SA) for a peer's tunnel -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[6]} -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-conn-detail $7 $9 diff --git a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def.in new file mode 100644 index 0000000..5c121c3 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Show details for the active IPsec Security Associations (SA) for a peer's tunnel +allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[6]} +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-conn-detail $7 $9 diff --git a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def b/templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def deleted file mode 100644 index fbb6218..0000000 --- a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show details for all active IPsec Security Associations (SA) for a profile -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --get-profiles-for-cli -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-profile-detail="$7" diff --git a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def.in new file mode 100644 index 0000000..bcbc520 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Show details for all active IPsec Security Associations (SA) for a profile +allowed: @SUDOUSRDIR@/vyatta-op-vpnprof.pl --get-profiles-for-cli +run: sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-profile-detail="$7" diff --git a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def deleted file mode 100644 index ac5fd14..0000000 --- a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show details for the active IPsec Security Associations (SA) for a tunnel bound to profile -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --get-conn-for-cli=${COMP_WORDS[6]} -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-conn-detail $7 $9 diff --git a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def.in new file mode 100644 index 0000000..e31b008 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Show details for the active IPsec Security Associations (SA) for a tunnel bound to profile +allowed: @SUDOUSRDIR@/vyatta-op-vpnprof.pl --get-conn-for-cli=${COMP_WORDS[6]} +run: sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-conn-detail $7 $9 diff --git a/templates/show/vpn/ipsec/sa/nat-traversal/node.def b/templates/show/vpn/ipsec/sa/nat-traversal/node.def deleted file mode 100644 index 7ea610b..0000000 --- a/templates/show/vpn/ipsec/sa/nat-traversal/node.def +++ /dev/null @@ -1,2 +0,0 @@ -help: Show all active IPsec Security Associations (SA) that are using NAT Traversal -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-natt diff --git a/templates/show/vpn/ipsec/sa/nat-traversal/node.def.in b/templates/show/vpn/ipsec/sa/nat-traversal/node.def.in new file mode 100644 index 0000000..f3bbe87 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/nat-traversal/node.def.in @@ -0,0 +1,2 @@ +help: Show all active IPsec Security Associations (SA) that are using NAT Traversal +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-natt diff --git a/templates/show/vpn/ipsec/sa/node.def b/templates/show/vpn/ipsec/sa/node.def deleted file mode 100644 index 287d489..0000000 --- a/templates/show/vpn/ipsec/sa/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show all active IPsec Security Associations (SA) -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa - sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa diff --git a/templates/show/vpn/ipsec/sa/node.def.in b/templates/show/vpn/ipsec/sa/node.def.in new file mode 100644 index 0000000..036a1d7 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/node.def.in @@ -0,0 +1,3 @@ +help: Show all active IPsec Security Associations (SA) +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa + sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa diff --git a/templates/show/vpn/ipsec/sa/peer/node.tag/node.def b/templates/show/vpn/ipsec/sa/peer/node.tag/node.def deleted file mode 100644 index 559bed5..0000000 --- a/templates/show/vpn/ipsec/sa/peer/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show all active IPsec Security Associations (SA) for a peer -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-peers-for-cli -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-peer="$6" diff --git a/templates/show/vpn/ipsec/sa/peer/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/peer/node.tag/node.def.in new file mode 100644 index 0000000..1cae596 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/peer/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Show all active IPsec Security Associations (SA) for a peer +allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-peers-for-cli +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-peer="$6" diff --git a/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def deleted file mode 100644 index 195f37a..0000000 --- a/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show the active IPsec Security Association (SA) for a peer's tunnel -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[5]} -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-conn $6 $8 diff --git a/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def.in new file mode 100644 index 0000000..8cc8a9c --- /dev/null +++ b/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Show the active IPsec Security Association (SA) for a peer's tunnel +allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[5]} +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-conn $6 $8 diff --git a/templates/show/vpn/ipsec/sa/profile/node.tag/node.def b/templates/show/vpn/ipsec/sa/profile/node.tag/node.def deleted file mode 100644 index 76e66a5..0000000 --- a/templates/show/vpn/ipsec/sa/profile/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show all active IPsec Security Associations (SA) for a profile -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --get-profiles-for-cli -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-profile="$6" diff --git a/templates/show/vpn/ipsec/sa/profile/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/profile/node.tag/node.def.in new file mode 100644 index 0000000..30ed853 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/profile/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Show all active IPsec Security Associations (SA) for a profile +allowed: @SUDOUSRDIR@/vyatta-op-vpnprof.pl --get-profiles-for-cli +run: sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-profile="$6" diff --git a/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def deleted file mode 100644 index 3f0af98..0000000 --- a/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show the active IPsec Security Association (SA) for a profile's tunnel -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --get-conn-for-cli=${COMP_WORDS[5]} -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-conn $6 $8 diff --git a/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def.in new file mode 100644 index 0000000..3d643bc --- /dev/null +++ b/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Show the active IPsec Security Association (SA) for a profile's tunnel +allowed: @SUDOUSRDIR@/vyatta-op-vpnprof.pl --get-conn-for-cli=${COMP_WORDS[5]} +run: sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-conn $6 $8 diff --git a/templates/show/vpn/ipsec/sa/statistics/node.def b/templates/show/vpn/ipsec/sa/statistics/node.def deleted file mode 100644 index 84fa4b7..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show statistics of all active tunnels that have IPsec Security Associations (SA) -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-stats - sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-stats diff --git a/templates/show/vpn/ipsec/sa/statistics/node.def.in b/templates/show/vpn/ipsec/sa/statistics/node.def.in new file mode 100644 index 0000000..5832f1a --- /dev/null +++ b/templates/show/vpn/ipsec/sa/statistics/node.def.in @@ -0,0 +1,3 @@ +help: Show statistics of all active tunnels that have IPsec Security Associations (SA) +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-stats + sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-stats diff --git a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def b/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def deleted file mode 100644 index 758333e..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show stats for all active IPsec Security Associations (SA) for a peer -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-peers-for-cli -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-stats-peer="$7" diff --git a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def.in new file mode 100644 index 0000000..8b72451 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Show stats for all active IPsec Security Associations (SA) for a peer +allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-peers-for-cli +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-stats-peer="$7" diff --git a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def deleted file mode 100644 index 1902c22..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show stats for the active IPsec Security Association (SA) for a peer's tunnel -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[6]} -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-stats-conn $7 $9 diff --git a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def.in new file mode 100644 index 0000000..6566a44 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Show stats for the active IPsec Security Association (SA) for a peer's tunnel +allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[6]} +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-stats-conn $7 $9 diff --git a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def b/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def deleted file mode 100644 index 9d49f44..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show stats for all active IPsec Security Associations (SA) for a profile -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --get-profiles-for-cli -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-stats-profile="$7" diff --git a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def.in new file mode 100644 index 0000000..1bc76d6 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Show stats for all active IPsec Security Associations (SA) for a profile +allowed: @SUDOUSRDIR@/vyatta-op-vpnprof.pl --get-profiles-for-cli +run: sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-stats-profile="$7" diff --git a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def deleted file mode 100644 index b8aa7dc..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show stats for the active IPsec Security Association (SA) for a tunnel bound to profile -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --get-conn-for-cli=${COMP_WORDS[6]} -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-stats-conn $7 $9 diff --git a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def.in new file mode 100644 index 0000000..9ae35c8 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Show stats for the active IPsec Security Association (SA) for a tunnel bound to profile +allowed: @SUDOUSRDIR@/vyatta-op-vpnprof.pl --get-conn-for-cli=${COMP_WORDS[6]} +run: sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-stats-conn $7 $9 diff --git a/templates/show/vpn/ipsec/status/node.def b/templates/show/vpn/ipsec/status/node.def deleted file mode 100644 index bf4ebf7..0000000 --- a/templates/show/vpn/ipsec/status/node.def +++ /dev/null @@ -1,6 +0,0 @@ -help: Show status of IPsec process -run: if pgrep pluto >&/dev/null; then - /opt/vyatta/bin/sudo-users/vyatta-show-ipsec-status.pl - else - echo -e "IPSec Process NOT Running\n" - fi diff --git a/templates/show/vpn/ipsec/status/node.def.in b/templates/show/vpn/ipsec/status/node.def.in new file mode 100644 index 0000000..25f849b --- /dev/null +++ b/templates/show/vpn/ipsec/status/node.def.in @@ -0,0 +1,6 @@ +help: Show status of IPsec process +run: if pgrep pluto >&/dev/null; then + @SUDOUSRDIR@/vyatta-show-ipsec-status.pl + else + echo -e "IPSec Process NOT Running\n" + fi -- cgit v1.2.3 From 9608b691012160836fd0fdcc1c8f9357d89c4de1 Mon Sep 17 00:00:00 2001 From: Kim Hagen Date: Wed, 8 Feb 2017 19:51:42 +0100 Subject: change ipsec newhostkey command with openssl command --- scripts/gen_local_rsa_key.pl | 20 +------------------- .../generate/vpn/rsa-key/bits/node.tag/node.def.in | 2 +- .../vpn/rsa-key/bits/node.tag/random/node.def | 1 - .../bits/node.tag/random/node.tag/node.def.in | 3 --- templates/generate/vpn/rsa-key/node.def.in | 4 ++-- 5 files changed, 4 insertions(+), 26 deletions(-) delete mode 100644 templates/generate/vpn/rsa-key/bits/node.tag/random/node.def delete mode 100644 templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def.in (limited to 'scripts') diff --git a/scripts/gen_local_rsa_key.pl b/scripts/gen_local_rsa_key.pl index ce3f69b..e874316 100755 --- a/scripts/gen_local_rsa_key.pl +++ b/scripts/gen_local_rsa_key.pl @@ -31,20 +31,12 @@ use Vyatta::Misc qw(get_short_config_path); # Defaults my $bits = 2192; -my $device = "/dev/random"; if ($#ARGV > 1) { die "Usage: gen_local_rsa_key.pl \n"; } $bits = $ARGV[0] if $#ARGV >= 0; -# -# The ipsec newhostkey command seems to support up to -# 20000 bits for key generation, but xorp currently -# can't handle a line that long when entered in the -# config. Xorp seems to be able to handle keys generated -# with up to 5840 bits. -# my ($bits_min, $bits_max) = (16, 4096); if ($bits > $bits_max) { @@ -56,10 +48,6 @@ if ($bits < $bits_min) { if ($bits % 16 != 0) { die "bits=$bits is not a multiple of 16\n"; } -$device = $ARGV[1] if $#ARGV >= 1; -unless (-r $device) { - die "invalid random number device $device\n"; -} my $local_key_file = rsa_get_local_key_file(); @@ -100,13 +88,7 @@ if (-e $temp_key_file) { } } -$cmd = "/usr/lib/ipsec/newhostkey --output $local_key_file --bits $bits"; -# -# The default random number generator is /dev/random, but it will block -# if there isn't enough system activity to provide enough "good" random -# bits. Try /dev/urandom if it's taking too long. -# -$cmd .= " --random $device"; +$cmd = "/usr/bin/openssl genrsa -out $local_key_file $bits"; # when presenting to users, show shortened /config path my $shortened_cfg_path_file = get_short_config_path($local_key_file); diff --git a/templates/generate/vpn/rsa-key/bits/node.tag/node.def.in b/templates/generate/vpn/rsa-key/bits/node.tag/node.def.in index 2eae9cc..198ec58 100644 --- a/templates/generate/vpn/rsa-key/bits/node.tag/node.def.in +++ b/templates/generate/vpn/rsa-key/bits/node.tag/node.def.in @@ -1,3 +1,3 @@ help: Generate local RSA key with specified number of bits -run: sudo @SUDOUSRDIR@/gen_local_rsa_key.pl "$5" /dev/random +run: sudo @SUDOUSRDIR@/gen_local_rsa_key.pl "$5" allowed: echo -n '<16-4096>' diff --git a/templates/generate/vpn/rsa-key/bits/node.tag/random/node.def b/templates/generate/vpn/rsa-key/bits/node.tag/random/node.def deleted file mode 100644 index 42118b5..0000000 --- a/templates/generate/vpn/rsa-key/bits/node.tag/random/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Generate local RSA key with specified number of bits and random device diff --git a/templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def.in b/templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def.in deleted file mode 100644 index 81a9633..0000000 --- a/templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def.in +++ /dev/null @@ -1,3 +0,0 @@ -help: Generate local RSA key with specified number of bits and random device -run: sudo @SUDOUSRDIR@/gen_local_rsa_key.pl "$5" "$7" -allowed: echo -n '/dev/random /dev/urandom' diff --git a/templates/generate/vpn/rsa-key/node.def.in b/templates/generate/vpn/rsa-key/node.def.in index 482f32c..eab5a4f 100644 --- a/templates/generate/vpn/rsa-key/node.def.in +++ b/templates/generate/vpn/rsa-key/node.def.in @@ -1,2 +1,2 @@ -help: Generate local RSA key (default: bits=2192 device=/dev/random) -run: sudo @SUDOUSRDIR@/gen_local_rsa_key.pl 2192 /dev/random +help: Generate local RSA key (default: bits=2192) +run: sudo @SUDOUSRDIR@/gen_local_rsa_key.pl 2192 -- cgit v1.2.3 From ce1c285359947d4af3c2713482ba4927c29b93cd Mon Sep 17 00:00:00 2001 From: jules-vyos Date: Mon, 3 Jul 2017 14:24:44 +0100 Subject: Fix for T319 - show vpn ipsec status returns incorrect information Strongswan 'ipsec status' command changed output format. --- scripts/vyatta-show-ipsec-status.pl | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/vyatta-show-ipsec-status.pl b/scripts/vyatta-show-ipsec-status.pl index a96d1dd..bff36c8 100644 --- a/scripts/vyatta-show-ipsec-status.pl +++ b/scripts/vyatta-show-ipsec-status.pl @@ -98,7 +98,10 @@ sub relate_intfs_with_localips { # my $process_id = `sudo cat /var/run/charon.pid`; -my $active_tunnels = `sudo ipsec status 2>/dev/null | grep 'newest IPsec SA: #' | grep -v 'newest IPsec SA: #0' | wc -l`; +# Update to deal with new strongswan syntax for ipsec status command. +my $sa_summary = `sudo ipsec status 2>/dev/null | grep "Security Associations" `; +my $active_tunnels; +($active_tunnels) = $sa_summary =~ /\((.*?) up/; chomp $process_id; chomp $active_tunnels; my @vpn_interfaces = get_vpn_intfs(); -- cgit v1.2.3