From 578688a25ba784d839512fefafab4cabdaf32fc5 Mon Sep 17 00:00:00 2001 From: Jeff Leung Date: Sun, 6 Dec 2015 03:16:38 -0500 Subject: Simpilfy the operational commands Instead of trying to parse the outout of ipsec or swanctl, just dump whatever swanctl outputs. --- templates/show/vpn/ipsec/sa/detail/node.def | 3 --- templates/show/vpn/ipsec/sa/detail/peer/node.def | 1 - templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def | 3 --- templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.def | 1 - .../vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def | 3 --- templates/show/vpn/ipsec/sa/detail/profile/node.def | 1 - templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def | 3 --- .../show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.def | 1 - .../ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def | 3 --- templates/show/vpn/ipsec/sa/nat-traversal/node.def | 2 -- templates/show/vpn/ipsec/sa/node.def | 9 +++++++-- templates/show/vpn/ipsec/sa/peer/node.def | 1 - templates/show/vpn/ipsec/sa/peer/node.tag/node.def | 3 --- templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.def | 1 - .../show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def | 3 --- templates/show/vpn/ipsec/sa/profile/node.def | 1 - templates/show/vpn/ipsec/sa/profile/node.tag/node.def | 3 --- templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.def | 1 - .../show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def | 3 --- templates/show/vpn/ipsec/sa/statistics/node.def | 3 --- templates/show/vpn/ipsec/sa/statistics/peer/node.def | 1 - templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def | 3 --- .../show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.def | 1 - .../ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def | 3 --- templates/show/vpn/ipsec/sa/statistics/profile/node.def | 1 - templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def | 3 --- .../vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.def | 1 - .../sa/statistics/profile/node.tag/tunnel/node.tag/node.def | 3 --- 28 files changed, 7 insertions(+), 58 deletions(-) delete mode 100644 templates/show/vpn/ipsec/sa/detail/node.def delete mode 100644 templates/show/vpn/ipsec/sa/detail/peer/node.def delete mode 100644 templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def delete mode 100644 templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.def delete mode 100644 templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def delete mode 100644 templates/show/vpn/ipsec/sa/detail/profile/node.def delete mode 100644 templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def delete mode 100644 templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.def delete mode 100644 templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def delete mode 100644 templates/show/vpn/ipsec/sa/nat-traversal/node.def delete mode 100644 templates/show/vpn/ipsec/sa/peer/node.def delete mode 100644 templates/show/vpn/ipsec/sa/peer/node.tag/node.def delete mode 100644 templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.def delete mode 100644 templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def delete mode 100644 templates/show/vpn/ipsec/sa/profile/node.def delete mode 100644 templates/show/vpn/ipsec/sa/profile/node.tag/node.def delete mode 100644 templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.def delete mode 100644 templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def delete mode 100644 templates/show/vpn/ipsec/sa/statistics/node.def delete mode 100644 templates/show/vpn/ipsec/sa/statistics/peer/node.def delete mode 100644 templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def delete mode 100644 templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.def delete mode 100644 templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def delete mode 100644 templates/show/vpn/ipsec/sa/statistics/profile/node.def delete mode 100644 templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def delete mode 100644 templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.def delete mode 100644 templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def (limited to 'templates/show/vpn') diff --git a/templates/show/vpn/ipsec/sa/detail/node.def b/templates/show/vpn/ipsec/sa/detail/node.def deleted file mode 100644 index 1397817..0000000 --- a/templates/show/vpn/ipsec/sa/detail/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show details for all active IPsec Security Associations (SA) -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-detail - sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-detail diff --git a/templates/show/vpn/ipsec/sa/detail/peer/node.def b/templates/show/vpn/ipsec/sa/detail/peer/node.def deleted file mode 100644 index bbb34b8..0000000 --- a/templates/show/vpn/ipsec/sa/detail/peer/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show details for all active IPsec Security Associations (SA) for a peer diff --git a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def b/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def deleted file mode 100644 index cad43ba..0000000 --- a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show details for all active IPsec Security Associations (SA) for a peer -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-peers-for-cli -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-peer-detail="$7" diff --git a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.def b/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.def deleted file mode 100644 index 1bc4f2f..0000000 --- a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show details for the active IPsec Security Association (SA) for a peer's tunnel diff --git a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def deleted file mode 100644 index 470578e..0000000 --- a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show details for the active IPsec Security Associations (SA) for a peer's tunnel -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[6]} -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-conn-detail $7 $9 diff --git a/templates/show/vpn/ipsec/sa/detail/profile/node.def b/templates/show/vpn/ipsec/sa/detail/profile/node.def deleted file mode 100644 index 00a4e7c..0000000 --- a/templates/show/vpn/ipsec/sa/detail/profile/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show details for all active IPsec Security Associations (SA) for a profile diff --git a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def b/templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def deleted file mode 100644 index fbb6218..0000000 --- a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show details for all active IPsec Security Associations (SA) for a profile -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --get-profiles-for-cli -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-profile-detail="$7" diff --git a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.def b/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.def deleted file mode 100644 index 58100d8..0000000 --- a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show details for the active IPsec Security Association (SA) for a tunnel bound to profile diff --git a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def deleted file mode 100644 index ac5fd14..0000000 --- a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show details for the active IPsec Security Associations (SA) for a tunnel bound to profile -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --get-conn-for-cli=${COMP_WORDS[6]} -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-conn-detail $7 $9 diff --git a/templates/show/vpn/ipsec/sa/nat-traversal/node.def b/templates/show/vpn/ipsec/sa/nat-traversal/node.def deleted file mode 100644 index 7ea610b..0000000 --- a/templates/show/vpn/ipsec/sa/nat-traversal/node.def +++ /dev/null @@ -1,2 +0,0 @@ -help: Show all active IPsec Security Associations (SA) that are using NAT Traversal -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-natt diff --git a/templates/show/vpn/ipsec/sa/node.def b/templates/show/vpn/ipsec/sa/node.def index 287d489..be8f108 100644 --- a/templates/show/vpn/ipsec/sa/node.def +++ b/templates/show/vpn/ipsec/sa/node.def @@ -1,3 +1,8 @@ help: Show all active IPsec Security Associations (SA) -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa - sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa + +run: if pgrep charon >&/dev/null; then + sudo /usr/sbin/swanctl --list-sas + else + echo -e "IPSec Process NOT Running\n" + fi + diff --git a/templates/show/vpn/ipsec/sa/peer/node.def b/templates/show/vpn/ipsec/sa/peer/node.def deleted file mode 100644 index 7e5e913..0000000 --- a/templates/show/vpn/ipsec/sa/peer/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show all active IPsec Security Associations (SA) for a peer diff --git a/templates/show/vpn/ipsec/sa/peer/node.tag/node.def b/templates/show/vpn/ipsec/sa/peer/node.tag/node.def deleted file mode 100644 index 559bed5..0000000 --- a/templates/show/vpn/ipsec/sa/peer/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show all active IPsec Security Associations (SA) for a peer -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-peers-for-cli -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-peer="$6" diff --git a/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.def b/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.def deleted file mode 100644 index 0772ef3..0000000 --- a/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show the active IPsec Security Association (SA) for a peer's tunnel diff --git a/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def deleted file mode 100644 index 195f37a..0000000 --- a/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show the active IPsec Security Association (SA) for a peer's tunnel -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[5]} -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-conn $6 $8 diff --git a/templates/show/vpn/ipsec/sa/profile/node.def b/templates/show/vpn/ipsec/sa/profile/node.def deleted file mode 100644 index a0d7b44..0000000 --- a/templates/show/vpn/ipsec/sa/profile/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show all active IPsec Security Associations (SA) for a profile diff --git a/templates/show/vpn/ipsec/sa/profile/node.tag/node.def b/templates/show/vpn/ipsec/sa/profile/node.tag/node.def deleted file mode 100644 index 76e66a5..0000000 --- a/templates/show/vpn/ipsec/sa/profile/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show all active IPsec Security Associations (SA) for a profile -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --get-profiles-for-cli -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-profile="$6" diff --git a/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.def b/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.def deleted file mode 100644 index ca0ec72..0000000 --- a/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show the active IPsec Security Association (SA) for a profiles's tunnel diff --git a/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def deleted file mode 100644 index 3f0af98..0000000 --- a/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show the active IPsec Security Association (SA) for a profile's tunnel -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --get-conn-for-cli=${COMP_WORDS[5]} -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-conn $6 $8 diff --git a/templates/show/vpn/ipsec/sa/statistics/node.def b/templates/show/vpn/ipsec/sa/statistics/node.def deleted file mode 100644 index 84fa4b7..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show statistics of all active tunnels that have IPsec Security Associations (SA) -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-stats - sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-stats diff --git a/templates/show/vpn/ipsec/sa/statistics/peer/node.def b/templates/show/vpn/ipsec/sa/statistics/peer/node.def deleted file mode 100644 index b104a83..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/peer/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show stats for all active IPsec Security Associations (SA) for a peer diff --git a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def b/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def deleted file mode 100644 index 758333e..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show stats for all active IPsec Security Associations (SA) for a peer -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-peers-for-cli -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-stats-peer="$7" diff --git a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.def b/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.def deleted file mode 100644 index 561cd42..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show stats for the active IPsec Security Association (SA) for a peer's tunnel diff --git a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def deleted file mode 100644 index 1902c22..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show stats for the active IPsec Security Association (SA) for a peer's tunnel -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[6]} -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-stats-conn $7 $9 diff --git a/templates/show/vpn/ipsec/sa/statistics/profile/node.def b/templates/show/vpn/ipsec/sa/statistics/profile/node.def deleted file mode 100644 index 7b5e040..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/profile/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show stats for all active IPsec Security Associations (SA) for a profile diff --git a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def b/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def deleted file mode 100644 index 9d49f44..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show stats for all active IPsec Security Associations (SA) for a profile -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --get-profiles-for-cli -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-stats-profile="$7" diff --git a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.def b/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.def deleted file mode 100644 index 4b131c5..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show stats for the active IPsec Security Association (SA) for a tunnel bound to profile diff --git a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def deleted file mode 100644 index b8aa7dc..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show stats for the active IPsec Security Association (SA) for a tunnel bound to profile -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --get-conn-for-cli=${COMP_WORDS[6]} -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-stats-conn $7 $9 -- cgit v1.2.3 From 12b2b88d03ce3527a46abc3c1e5cf9e8b8cd5238 Mon Sep 17 00:00:00 2001 From: Jeff Leung Date: Wed, 28 Jan 2015 08:26:51 +0000 Subject: Update pluto.pid references to charon.pid Since pluto doesn't exist anymore in strongSwan 5.0 and later series, we are updating references from pluto* to charon*. --- lib/OPMode.pm | 2 +- scripts/vyatta-show-ipsec-status.pl | 2 +- templates/restart/vpn/node.def | 2 +- templates/show/vpn/debug/detail/node.def | 2 +- templates/show/vpn/debug/node.def | 2 +- templates/show/vpn/debug/peer/node.tag/node.def | 2 +- templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def | 2 +- templates/show/vpn/ipsec/status/node.def | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) (limited to 'templates/show/vpn') diff --git a/lib/OPMode.pm b/lib/OPMode.pm index 49bc966..7502788 100644 --- a/lib/OPMode.pm +++ b/lib/OPMode.pm @@ -870,7 +870,7 @@ sub show_ipsec_sa_natt display_ipsec_sa_brief(\%tmphash); } sub show_ike_status{ - my $process_id = `sudo cat /var/run/pluto.pid`; + my $process_id = `sudo cat /var/run/charon.pid`; chomp $process_id; print </dev/null | grep 'newest IPsec SA: #' | grep -v 'newest IPsec SA: #0' | wc -l`; chomp $process_id; chomp $active_tunnels; diff --git a/templates/restart/vpn/node.def b/templates/restart/vpn/node.def index 7cb9387..6d0f50c 100644 --- a/templates/restart/vpn/node.def +++ b/templates/restart/vpn/node.def @@ -1,7 +1,7 @@ help: Restart IPsec VPN run: if [ -n "$(cli-shell-api returnActiveValues \ vpn ipsec ipsec-interfaces interface)" ]; then - if pgrep pluto > /dev/null + if pgrep charon > /dev/null then /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=clear-vpn-ipsec-process else diff --git a/templates/show/vpn/debug/detail/node.def b/templates/show/vpn/debug/detail/node.def index ee3604d..0f88f1e 100644 --- a/templates/show/vpn/debug/detail/node.def +++ b/templates/show/vpn/debug/detail/node.def @@ -1,7 +1,7 @@ help: Show detailed VPN debugging information run: if [ -n "$(cli-shell-api returnActiveValues \ vpn ipsec ipsec-interfaces interface)" ]; then - if pgrep pluto > /dev/null + if pgrep charon > /dev/null then /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=show-vpn-debug-detail else diff --git a/templates/show/vpn/debug/node.def b/templates/show/vpn/debug/node.def index 7a33888..281228a 100644 --- a/templates/show/vpn/debug/node.def +++ b/templates/show/vpn/debug/node.def @@ -1,7 +1,7 @@ help: Show VPN debugging information run: if [ -n "$(cli-shell-api returnActiveValues \ vpn ipsec ipsec-interfaces interface)" ]; then - if pgrep pluto > /dev/null + if pgrep charon > /dev/null then /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=show-vpn-debug else diff --git a/templates/show/vpn/debug/peer/node.tag/node.def b/templates/show/vpn/debug/peer/node.tag/node.def index a27063a..a3a9573 100644 --- a/templates/show/vpn/debug/peer/node.tag/node.def +++ b/templates/show/vpn/debug/peer/node.tag/node.def @@ -2,7 +2,7 @@ help: Show debugging information for a peer allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-peers-for-cli run: if [ -n "$(cli-shell-api returnActiveValues \ vpn ipsec ipsec-interfaces interface)" ]; then - if pgrep pluto > /dev/null + if pgrep charon > /dev/null then /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=show-vpn-debug | grep peer-$5 else diff --git a/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def index c141ac0..3c96973 100644 --- a/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def +++ b/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def @@ -2,7 +2,7 @@ help: Show debugging information for a peer's tunnel allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[4]} run: if [ -n "$(cli-shell-api returnActiveValues \ vpn ipsec ipsec-interfaces interface)" ]; then - if pgrep pluto > /dev/null + if pgrep charon > /dev/null then /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=show-vpn-debug | grep "peer-$5-tunnel-$7" else diff --git a/templates/show/vpn/ipsec/status/node.def b/templates/show/vpn/ipsec/status/node.def index bf4ebf7..3c48c60 100644 --- a/templates/show/vpn/ipsec/status/node.def +++ b/templates/show/vpn/ipsec/status/node.def @@ -1,5 +1,5 @@ help: Show status of IPsec process -run: if pgrep pluto >&/dev/null; then +run: if pgrep charon >&/dev/null; then /opt/vyatta/bin/sudo-users/vyatta-show-ipsec-status.pl else echo -e "IPSec Process NOT Running\n" -- cgit v1.2.3 From 020165ce5b9643ff3b9c96bd4a30c981a5d5d78d Mon Sep 17 00:00:00 2001 From: "C.J. Collier" Date: Wed, 11 May 2016 06:42:43 +0000 Subject: vyatta-op-vpn (0.15.0+vyos2+current2+nmu1) UNRELEASED; urgency=low * Non-maintainer upload. * address lintian issues - script-not-executable: removed #!/usr/bin/perl from .pm files - debhelper-but-no-misc-depends: added ${misc:Depends} to Depends: field - debian-rules-missing-recommended-target: added build-arch build-indep - out-of-date-standards-version: updated standards version to 3.9.4 - package-contains-linda-override: removed linda override - file-in-unusual-dir: not triggering, removed from override - script-with-language-extension: renamed vyatta-gen-x509-keypair.sh vyatta-gen-x509-keypair * address dpkg-gencontrol issue: - unknown substitution variable ${shlibs:Depends} - removed * address dpkg-source issue: - debian/source/format set to "3.0 (native)" * removed all references to /opt/vyatta but one from source Signed-off-by: C.J. Collier --- .gitignore | 42 +++++- Makefile.am | 6 +- configure.ac | 55 +++++++- debian/autogen.sh | 4 +- m4/relpaths.m4 | 155 +++++++++++++++++++++ scripts/vyatta-gen-x509-keypair.in | 11 ++ scripts/vyatta-gen-x509-keypair.sh.in | 11 -- .../generate/vpn/rsa-key/bits/node.tag/node.def | 3 - .../generate/vpn/rsa-key/bits/node.tag/node.def.in | 3 + .../rsa-key/bits/node.tag/random/node.tag/node.def | 3 - .../bits/node.tag/random/node.tag/node.def.in | 3 + templates/generate/vpn/rsa-key/node.def | 2 - templates/generate/vpn/rsa-key/node.def.in | 2 + .../generate/vpn/x509/key-pair/node.tag/node.def | 4 - .../vpn/x509/key-pair/node.tag/node.def.in | 4 + templates/reset/vpn/ipsec-peer/node.tag/node.def | 6 - .../reset/vpn/ipsec-peer/node.tag/node.def.in | 6 + .../ipsec-peer/node.tag/tunnel/node.tag/node.def | 10 -- .../node.tag/tunnel/node.tag/node.def.in | 10 ++ .../reset/vpn/ipsec-peer/node.tag/vti/node.def | 5 - .../reset/vpn/ipsec-peer/node.tag/vti/node.def.in | 5 + .../reset/vpn/ipsec-profile/node.tag/node.def | 6 - .../reset/vpn/ipsec-profile/node.tag/node.def.in | 6 + .../node.tag/tunnel/node.tag/node.def | 10 -- .../node.tag/tunnel/node.tag/node.def.in | 10 ++ templates/restart/vpn/node.def | 12 -- templates/restart/vpn/node.def.in | 12 ++ templates/show/vpn/debug/detail/node.def | 12 -- templates/show/vpn/debug/detail/node.def.in | 12 ++ templates/show/vpn/debug/node.def | 12 -- templates/show/vpn/debug/node.def.in | 12 ++ templates/show/vpn/debug/peer/node.tag/node.def | 14 -- templates/show/vpn/debug/peer/node.tag/node.def.in | 14 ++ .../debug/peer/node.tag/tunnel/node.tag/node.def | 14 -- .../peer/node.tag/tunnel/node.tag/node.def.in | 14 ++ templates/show/vpn/ike/rsa-keys/node.def | 2 - templates/show/vpn/ike/rsa-keys/node.def.in | 2 + templates/show/vpn/ike/sa/nat-traversal/node.def | 2 - .../show/vpn/ike/sa/nat-traversal/node.def.in | 2 + templates/show/vpn/ike/sa/node.def | 2 - templates/show/vpn/ike/sa/node.def.in | 2 + templates/show/vpn/ike/sa/peer/node.tag/node.def | 3 - .../show/vpn/ike/sa/peer/node.tag/node.def.in | 3 + templates/show/vpn/ike/secrets/node.def | 2 - templates/show/vpn/ike/secrets/node.def.in | 2 + templates/show/vpn/ike/status/node.def | 2 - templates/show/vpn/ike/status/node.def.in | 2 + templates/show/vpn/ipsec/sa/detail/node.def | 3 - templates/show/vpn/ipsec/sa/detail/node.def.in | 3 + .../vpn/ipsec/sa/detail/peer/node.tag/node.def | 3 - .../vpn/ipsec/sa/detail/peer/node.tag/node.def.in | 3 + .../detail/peer/node.tag/tunnel/node.tag/node.def | 3 - .../peer/node.tag/tunnel/node.tag/node.def.in | 3 + .../vpn/ipsec/sa/detail/profile/node.tag/node.def | 3 - .../ipsec/sa/detail/profile/node.tag/node.def.in | 3 + .../profile/node.tag/tunnel/node.tag/node.def | 3 - .../profile/node.tag/tunnel/node.tag/node.def.in | 3 + templates/show/vpn/ipsec/sa/nat-traversal/node.def | 2 - .../show/vpn/ipsec/sa/nat-traversal/node.def.in | 2 + templates/show/vpn/ipsec/sa/node.def | 3 - templates/show/vpn/ipsec/sa/node.def.in | 3 + templates/show/vpn/ipsec/sa/peer/node.tag/node.def | 3 - .../show/vpn/ipsec/sa/peer/node.tag/node.def.in | 3 + .../sa/peer/node.tag/tunnel/node.tag/node.def | 3 - .../sa/peer/node.tag/tunnel/node.tag/node.def.in | 3 + .../show/vpn/ipsec/sa/profile/node.tag/node.def | 3 - .../show/vpn/ipsec/sa/profile/node.tag/node.def.in | 3 + .../sa/profile/node.tag/tunnel/node.tag/node.def | 3 - .../profile/node.tag/tunnel/node.tag/node.def.in | 3 + templates/show/vpn/ipsec/sa/statistics/node.def | 3 - templates/show/vpn/ipsec/sa/statistics/node.def.in | 3 + .../vpn/ipsec/sa/statistics/peer/node.tag/node.def | 3 - .../ipsec/sa/statistics/peer/node.tag/node.def.in | 3 + .../peer/node.tag/tunnel/node.tag/node.def | 3 - .../peer/node.tag/tunnel/node.tag/node.def.in | 3 + .../ipsec/sa/statistics/profile/node.tag/node.def | 3 - .../sa/statistics/profile/node.tag/node.def.in | 3 + .../profile/node.tag/tunnel/node.tag/node.def | 3 - .../profile/node.tag/tunnel/node.tag/node.def.in | 3 + templates/show/vpn/ipsec/status/node.def | 6 - templates/show/vpn/ipsec/status/node.def.in | 6 + 81 files changed, 439 insertions(+), 203 deletions(-) create mode 100644 m4/relpaths.m4 create mode 100755 scripts/vyatta-gen-x509-keypair.in delete mode 100755 scripts/vyatta-gen-x509-keypair.sh.in delete mode 100644 templates/generate/vpn/rsa-key/bits/node.tag/node.def create mode 100644 templates/generate/vpn/rsa-key/bits/node.tag/node.def.in delete mode 100644 templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def create mode 100644 templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def.in delete mode 100644 templates/generate/vpn/rsa-key/node.def create mode 100644 templates/generate/vpn/rsa-key/node.def.in delete mode 100644 templates/generate/vpn/x509/key-pair/node.tag/node.def create mode 100644 templates/generate/vpn/x509/key-pair/node.tag/node.def.in delete mode 100644 templates/reset/vpn/ipsec-peer/node.tag/node.def create mode 100644 templates/reset/vpn/ipsec-peer/node.tag/node.def.in delete mode 100644 templates/reset/vpn/ipsec-peer/node.tag/tunnel/node.tag/node.def create mode 100644 templates/reset/vpn/ipsec-peer/node.tag/tunnel/node.tag/node.def.in delete mode 100644 templates/reset/vpn/ipsec-peer/node.tag/vti/node.def create mode 100644 templates/reset/vpn/ipsec-peer/node.tag/vti/node.def.in delete mode 100644 templates/reset/vpn/ipsec-profile/node.tag/node.def create mode 100644 templates/reset/vpn/ipsec-profile/node.tag/node.def.in delete mode 100644 templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def create mode 100644 templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def.in delete mode 100644 templates/restart/vpn/node.def create mode 100644 templates/restart/vpn/node.def.in delete mode 100644 templates/show/vpn/debug/detail/node.def create mode 100644 templates/show/vpn/debug/detail/node.def.in delete mode 100644 templates/show/vpn/debug/node.def create mode 100644 templates/show/vpn/debug/node.def.in delete mode 100644 templates/show/vpn/debug/peer/node.tag/node.def create mode 100644 templates/show/vpn/debug/peer/node.tag/node.def.in delete mode 100644 templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def create mode 100644 templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def.in delete mode 100644 templates/show/vpn/ike/rsa-keys/node.def create mode 100644 templates/show/vpn/ike/rsa-keys/node.def.in delete mode 100644 templates/show/vpn/ike/sa/nat-traversal/node.def create mode 100644 templates/show/vpn/ike/sa/nat-traversal/node.def.in delete mode 100644 templates/show/vpn/ike/sa/node.def create mode 100644 templates/show/vpn/ike/sa/node.def.in delete mode 100644 templates/show/vpn/ike/sa/peer/node.tag/node.def create mode 100644 templates/show/vpn/ike/sa/peer/node.tag/node.def.in delete mode 100644 templates/show/vpn/ike/secrets/node.def create mode 100644 templates/show/vpn/ike/secrets/node.def.in delete mode 100644 templates/show/vpn/ike/status/node.def create mode 100644 templates/show/vpn/ike/status/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/detail/node.def create mode 100644 templates/show/vpn/ipsec/sa/detail/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def create mode 100644 templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def create mode 100644 templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def create mode 100644 templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def create mode 100644 templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/nat-traversal/node.def create mode 100644 templates/show/vpn/ipsec/sa/nat-traversal/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/node.def create mode 100644 templates/show/vpn/ipsec/sa/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/peer/node.tag/node.def create mode 100644 templates/show/vpn/ipsec/sa/peer/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def create mode 100644 templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/profile/node.tag/node.def create mode 100644 templates/show/vpn/ipsec/sa/profile/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def create mode 100644 templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/statistics/node.def create mode 100644 templates/show/vpn/ipsec/sa/statistics/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def create mode 100644 templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def create mode 100644 templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def create mode 100644 templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def create mode 100644 templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/status/node.def create mode 100644 templates/show/vpn/ipsec/status/node.def.in (limited to 'templates/show/vpn') diff --git a/.gitignore b/.gitignore index 67bea90..470b73c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ *~ -/m4 +m4/lt*.m4 +m4/libtool.m4 .*.swp *.[oa] *.l[oa] @@ -27,4 +28,41 @@ libtool /Makefile /command_proc_show_vpn -/scripts/vyatta-gen-x509-keypair.sh \ No newline at end of file +templates/generate/vpn/rsa-key/bits/node.tag/node.def +templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def +templates/generate/vpn/rsa-key/node.def +templates/generate/vpn/x509/key-pair/node.tag/node.def +templates/reset/vpn/ipsec-peer/node.tag/node.def +templates/reset/vpn/ipsec-peer/node.tag/tunnel/node.tag/node.def +templates/reset/vpn/ipsec-peer/node.tag/vti/node.def +templates/reset/vpn/ipsec-profile/node.tag/node.def +templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def +templates/restart/vpn/node.def +templates/show/vpn/debug/detail/node.def +templates/show/vpn/debug/node.def +templates/show/vpn/debug/peer/node.tag/node.def +templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def +templates/show/vpn/ike/rsa-keys/node.def +templates/show/vpn/ike/sa/nat-traversal/node.def +templates/show/vpn/ike/sa/node.def +templates/show/vpn/ike/sa/peer/node.tag/node.def +templates/show/vpn/ike/secrets/node.def +templates/show/vpn/ike/status/node.def +templates/show/vpn/ipsec/sa/detail/node.def +templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def +templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def +templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def +templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def +templates/show/vpn/ipsec/sa/nat-traversal/node.def +templates/show/vpn/ipsec/sa/node.def +templates/show/vpn/ipsec/sa/peer/node.tag/node.def +templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def +templates/show/vpn/ipsec/sa/profile/node.tag/node.def +templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def +templates/show/vpn/ipsec/sa/statistics/node.def +templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def +templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def +templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def +templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def +templates/show/vpn/ipsec/status/node.def +/scripts/vyatta-gen-x509-keypair \ No newline at end of file diff --git a/Makefile.am b/Makefile.am index f15d7c0..490b1f1 100644 --- a/Makefile.am +++ b/Makefile.am @@ -21,11 +21,9 @@ cpiop = find . ! -regex '\(.*~\|.*\.bak\|.*\.swp\|.*\#.*\#\)' -print0 | \ cpio -0pd install-exec-hook: - mkdir -p $(DESTDIR)${sysconfdir} - mkdir -p $(DESTDIR)${sbindir} - cp scripts/vyatta-gen-x509-keypair.sh $(DESTDIR)${sbindir}/vyatta-gen-x509-keypair + mkdir -p $(DESTDIR)${sysconfdir} $(DESTDIR)${sbindir} $(DESTDIR)$(opdir) + cp scripts/vyatta-gen-x509-keypair $(DESTDIR)${sbindir}/ cp scripts/key-pair.template $(DESTDIR)${sysconfdir} - mkdir -p $(DESTDIR)$(opdir) cd templates; $(cpiop) $(DESTDIR)$(opdir) diff --git a/configure.ac b/configure.ac index 3d9a504..6002c2d 100644 --- a/configure.ac +++ b/configure.ac @@ -1,7 +1,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.59) -m4_define([DEFAULT_PREFIX], "/opt/vyatta") +m4_define([DEFAULT_PREFIX], [/opt/vyatta]) m4_define([VERSION_ID], [m4_esyscmd([ if test -f .version ; then @@ -24,6 +24,9 @@ else XSLDIR="$prefix/share/xsl/" fi +adl_RECURSIVE_EVAL([$bindir/sudo-users/],[SUDOUSRDIR]) +adl_RECURSIVE_EVAL([$sbindir/],[SBINDIR]) + AC_PROG_CC AC_PROG_CXX AM_PROG_AS @@ -39,14 +42,56 @@ AC_ARG_ENABLE([nostrip], AC_SUBST(NOSTRIP) AC_SUBST(XSLDIR) +AC_SUBST(SUDOUSRDIR) +AC_SUBST(SBINDIR) AC_OUTPUT([ Makefile - scripts/vyatta-gen-x509-keypair.sh + scripts/vyatta-gen-x509-keypair + templates/restart/vpn/node.def + templates/generate/vpn/x509/key-pair/node.tag/node.def + templates/generate/vpn/rsa-key/node.def + templates/generate/vpn/rsa-key/bits/node.tag/node.def + templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def + templates/show/vpn/ipsec/status/node.def + templates/show/vpn/ipsec/sa/node.def + templates/show/vpn/ipsec/sa/nat-traversal/node.def + templates/show/vpn/ipsec/sa/statistics/node.def + templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def + templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def + templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def + templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def + templates/show/vpn/ipsec/sa/detail/node.def + templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def + templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def + templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def + templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def + templates/show/vpn/ipsec/sa/profile/node.tag/node.def + templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def + templates/show/vpn/ipsec/sa/peer/node.tag/node.def + templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def + templates/show/vpn/debug/node.def + templates/show/vpn/debug/detail/node.def + templates/show/vpn/debug/peer/node.tag/node.def + templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def + templates/show/vpn/ike/secrets/node.def + templates/show/vpn/ike/status/node.def + templates/show/vpn/ike/sa/node.def + templates/show/vpn/ike/sa/nat-traversal/node.def + templates/show/vpn/ike/sa/peer/node.tag/node.def + templates/show/vpn/ike/rsa-keys/node.def + templates/reset/vpn/ipsec-profile/node.tag/node.def + templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def + templates/reset/vpn/ipsec-peer/node.tag/node.def + templates/reset/vpn/ipsec-peer/node.tag/vti/node.def + templates/reset/vpn/ipsec-peer/node.tag/tunnel/node.tag/node.def ]) -echo "prefix: ${prefix}" -echo "sysconfdir: ${sysconfdir}" +echo "prefix: ${prefix}" +echo "sbindir: ${sbindir}" +echo "sysconfdir: ${sysconfdir}" echo "datarootdir: ${datarootdir}" -echo "XSLDIR: ${XSLDIR}" +echo "XSLDIR: ${XSLDIR}" +echo "SBINDIR: ${SBINDIR}" +echo "SUDOUSRDIR: ${SUDOUSRDIR}" diff --git a/debian/autogen.sh b/debian/autogen.sh index 92719c8..70ecdeb 100755 --- a/debian/autogen.sh +++ b/debian/autogen.sh @@ -1,10 +1,10 @@ #!/bin/sh -rm -rf config m4 +rm -rf config rm -f aclocal.m4 config.guess config.statusconfig.sub configure INSTALL -mkdir -p m4 +mkdir -p autoreconf --force --install rm -f config.sub config.guess diff --git a/m4/relpaths.m4 b/m4/relpaths.m4 new file mode 100644 index 0000000..15f24b3 --- /dev/null +++ b/m4/relpaths.m4 @@ -0,0 +1,155 @@ +dnl @synopsis adl_COMPUTE_RELATIVE_PATHS(PATH_LIST) +dnl +dnl PATH_LIST is a space-separated list of colon-separated triplets of +dnl the form 'FROM:TO:RESULT'. This function iterates over these +dnl triplets and set $RESULT to the relative path from $FROM to $TO. +dnl Note that $FROM and $TO needs to be absolute filenames for this +dnl macro to success. +dnl +dnl For instance, +dnl +dnl first=/usr/local/bin +dnl second=/usr/local/share +dnl adl_COMPUTE_RELATIVE_PATHS([first:second:fs second:first:sf]) +dnl # $fs is set to ../share +dnl # $sf is set to ../bin +dnl +dnl $FROM and $TO are both eval'ed recursively and normalized, this +dnl means that you can call this macro with autoconf's dirnames like +dnl `prefix' or `datadir'. For example: +dnl +dnl adl_COMPUTE_RELATIVE_PATHS([bindir:datadir:bin_to_data]) +dnl +dnl adl_COMPUTE_RELATIVE_PATHS should also works with DOS filenames. +dnl +dnl You may want to use this macro in order to make your package +dnl relocatable. Instead of hardcoding $datadir into your programs just +dnl encode $bin_to_data and try to determine $bindir at run-time. +dnl +dnl This macro requires adl_NORMALIZE_PATH. +dnl +dnl @category Misc +dnl @author Alexandre Duret-Lutz +dnl @version 2001-05-25 +dnl @license GPLWithACException + +AC_DEFUN([adl_COMPUTE_RELATIVE_PATHS], +[for _lcl_i in $1; do + _lcl_from=\[$]`echo "[$]_lcl_i" | sed 's,:.*$,,'` + _lcl_to=\[$]`echo "[$]_lcl_i" | sed 's,^[[^:]]*:,,' | sed 's,:[[^:]]*$,,'` + _lcl_result_var=`echo "[$]_lcl_i" | sed 's,^.*:,,'` + adl_RECURSIVE_EVAL([[$]_lcl_from], [_lcl_from]) + adl_RECURSIVE_EVAL([[$]_lcl_to], [_lcl_to]) + _lcl_notation="$_lcl_from$_lcl_to" + adl_NORMALIZE_PATH([_lcl_from],['/']) + adl_NORMALIZE_PATH([_lcl_to],['/']) + adl_COMPUTE_RELATIVE_PATH([_lcl_from], [_lcl_to], [_lcl_result_tmp]) + adl_NORMALIZE_PATH([_lcl_result_tmp],["[$]_lcl_notation"]) + eval $_lcl_result_var='[$]_lcl_result_tmp' +done]) + +## Note: +## ***** +## The following helper macros are too fragile to be used out +## of adl_COMPUTE_RELATIVE_PATHS (mainly because they assume that +## paths are normalized), that's why I'm keeping them in the same file. +## Still, some of them maybe worth to reuse. + +dnl adl_COMPUTE_RELATIVE_PATH(FROM, TO, RESULT) +dnl =========================================== +dnl Compute the relative path to go from $FROM to $TO and set the value +dnl of $RESULT to that value. This function work on raw filenames +dnl (for instead it will considerate /usr//local and /usr/local as +dnl two distinct paths), you should really use adl_COMPUTE_REALTIVE_PATHS +dnl instead to have the paths sanitized automatically. +dnl +dnl For instance: +dnl first_dir=/somewhere/on/my/disk/bin +dnl second_dir=/somewhere/on/another/disk/share +dnl adl_COMPUTE_RELATIVE_PATH(first_dir, second_dir, first_to_second) +dnl will set $first_to_second to '../../../another/disk/share'. +AC_DEFUN([adl_COMPUTE_RELATIVE_PATH], +[adl_COMPUTE_COMMON_PATH([$1], [$2], [_lcl_common_prefix]) +adl_COMPUTE_BACK_PATH([$1], [_lcl_common_prefix], [_lcl_first_rel]) +adl_COMPUTE_SUFFIX_PATH([$2], [_lcl_common_prefix], [_lcl_second_suffix]) +$3="[$]_lcl_first_rel[$]_lcl_second_suffix"]) + +dnl adl_COMPUTE_COMMON_PATH(LEFT, RIGHT, RESULT) +dnl ============================================ +dnl Compute the common path to $LEFT and $RIGHT and set the result to $RESULT. +dnl +dnl For instance: +dnl first_path=/somewhere/on/my/disk/bin +dnl second_path=/somewhere/on/another/disk/share +dnl adl_COMPUTE_COMMON_PATH(first_path, second_path, common_path) +dnl will set $common_path to '/somewhere/on'. +AC_DEFUN([adl_COMPUTE_COMMON_PATH], +[$3='' +_lcl_second_prefix_match='' +while test "[$]_lcl_second_prefix_match" != 0; do + _lcl_first_prefix=`expr "x[$]$1" : "x\([$]$3/*[[^/]]*\)"` + _lcl_second_prefix_match=`expr "x[$]$2" : "x[$]_lcl_first_prefix"` + if test "[$]_lcl_second_prefix_match" != 0; then + if test "[$]_lcl_first_prefix" != "[$]$3"; then + $3="[$]_lcl_first_prefix" + else + _lcl_second_prefix_match=0 + fi + fi +done]) + +dnl adl_COMPUTE_SUFFIX_PATH(PATH, SUBPATH, RESULT) +dnl ============================================== +dnl Substrack $SUBPATH from $PATH, and set the resulting suffix +dnl (or the empty string if $SUBPATH is not a subpath of $PATH) +dnl to $RESULT. +dnl +dnl For instace: +dnl first_path=/somewhere/on/my/disk/bin +dnl second_path=/somewhere/on +dnl adl_COMPUTE_SUFFIX_PATH(first_path, second_path, common_path) +dnl will set $common_path to '/my/disk/bin'. +AC_DEFUN([adl_COMPUTE_SUFFIX_PATH], +[$3=`expr "x[$]$1" : "x[$]$2/*\(.*\)"`]) + +dnl adl_COMPUTE_BACK_PATH(PATH, SUBPATH, RESULT) +dnl ============================================ +dnl Compute the relative path to go from $PATH to $SUBPATH, knowing that +dnl $SUBPATH is a subpath of $PATH (any other words, only repeated '../' +dnl should be needed to move from $PATH to $SUBPATH) and set the value +dnl of $RESULT to that value. If $SUBPATH is not a subpath of PATH, +dnl set $RESULT to the empty string. +dnl +dnl For instance: +dnl first_path=/somewhere/on/my/disk/bin +dnl second_path=/somewhere/on +dnl adl_COMPUTE_BACK_PATH(first_path, second_path, back_path) +dnl will set $back_path to '../../../'. +AC_DEFUN([adl_COMPUTE_BACK_PATH], +[adl_COMPUTE_SUFFIX_PATH([$1], [$2], [_lcl_first_suffix]) +$3='' +_lcl_tmp='xxx' +while test "[$]_lcl_tmp" != ''; do + _lcl_tmp=`expr "x[$]_lcl_first_suffix" : "x[[^/]]*/*\(.*\)"` + if test "[$]_lcl_first_suffix" != ''; then + _lcl_first_suffix="[$]_lcl_tmp" + $3="../[$]$3" + fi +done]) + + +dnl adl_RECURSIVE_EVAL(VALUE, RESULT) +dnl ================================= +dnl Interpolate the VALUE in loop until it doesn't change, +dnl and set the result to $RESULT. +dnl WARNING: It's easy to get an infinite loop with some unsane input. +AC_DEFUN([adl_RECURSIVE_EVAL], +[_lcl_receval="$1" +$2=`(test "x$prefix" = xNONE && prefix="$ac_default_prefix" + test "x$exec_prefix" = xNONE && exec_prefix="${prefix}" + _lcl_receval_old='' + while test "[$]_lcl_receval_old" != "[$]_lcl_receval"; do + _lcl_receval_old="[$]_lcl_receval" + eval _lcl_receval="\"[$]_lcl_receval\"" + done + echo "[$]_lcl_receval")`]) diff --git a/scripts/vyatta-gen-x509-keypair.in b/scripts/vyatta-gen-x509-keypair.in new file mode 100755 index 0000000..194ac4f --- /dev/null +++ b/scripts/vyatta-gen-x509-keypair.in @@ -0,0 +1,11 @@ +#!/bin/bash +CN=$1 +genkeypair (){ + openssl req -new -nodes -keyout /config/auth/$CN.key -out /config/auth/$CN.csr -config @sysconfdir@/key-pair.template +} +if [ -f /config/auth/$CN.csr ]; then + read -p "A certificate request named $CN.csr already exists. Overwrite (y/n)?" + [[ $REPLY != y && $REPLY != Y ]] || genkeypair +else + genkeypair +fi diff --git a/scripts/vyatta-gen-x509-keypair.sh.in b/scripts/vyatta-gen-x509-keypair.sh.in deleted file mode 100755 index 194ac4f..0000000 --- a/scripts/vyatta-gen-x509-keypair.sh.in +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -CN=$1 -genkeypair (){ - openssl req -new -nodes -keyout /config/auth/$CN.key -out /config/auth/$CN.csr -config @sysconfdir@/key-pair.template -} -if [ -f /config/auth/$CN.csr ]; then - read -p "A certificate request named $CN.csr already exists. Overwrite (y/n)?" - [[ $REPLY != y && $REPLY != Y ]] || genkeypair -else - genkeypair -fi diff --git a/templates/generate/vpn/rsa-key/bits/node.tag/node.def b/templates/generate/vpn/rsa-key/bits/node.tag/node.def deleted file mode 100644 index fa2fed2..0000000 --- a/templates/generate/vpn/rsa-key/bits/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Generate local RSA key with specified number of bits -run: sudo /opt/vyatta/bin/sudo-users/gen_local_rsa_key.pl "$5" /dev/random -allowed: echo -n '<16-4096>' diff --git a/templates/generate/vpn/rsa-key/bits/node.tag/node.def.in b/templates/generate/vpn/rsa-key/bits/node.tag/node.def.in new file mode 100644 index 0000000..2eae9cc --- /dev/null +++ b/templates/generate/vpn/rsa-key/bits/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Generate local RSA key with specified number of bits +run: sudo @SUDOUSRDIR@/gen_local_rsa_key.pl "$5" /dev/random +allowed: echo -n '<16-4096>' diff --git a/templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def b/templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def deleted file mode 100644 index eb11433..0000000 --- a/templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Generate local RSA key with specified number of bits and random device -run: sudo /opt/vyatta/bin/sudo-users/gen_local_rsa_key.pl "$5" "$7" -allowed: echo -n '/dev/random /dev/urandom' diff --git a/templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def.in b/templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def.in new file mode 100644 index 0000000..81a9633 --- /dev/null +++ b/templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Generate local RSA key with specified number of bits and random device +run: sudo @SUDOUSRDIR@/gen_local_rsa_key.pl "$5" "$7" +allowed: echo -n '/dev/random /dev/urandom' diff --git a/templates/generate/vpn/rsa-key/node.def b/templates/generate/vpn/rsa-key/node.def deleted file mode 100644 index 60296f2..0000000 --- a/templates/generate/vpn/rsa-key/node.def +++ /dev/null @@ -1,2 +0,0 @@ -help: Generate local RSA key (default: bits=2192 device=/dev/random) -run: sudo /opt/vyatta/bin/sudo-users/gen_local_rsa_key.pl 2192 /dev/random diff --git a/templates/generate/vpn/rsa-key/node.def.in b/templates/generate/vpn/rsa-key/node.def.in new file mode 100644 index 0000000..482f32c --- /dev/null +++ b/templates/generate/vpn/rsa-key/node.def.in @@ -0,0 +1,2 @@ +help: Generate local RSA key (default: bits=2192 device=/dev/random) +run: sudo @SUDOUSRDIR@/gen_local_rsa_key.pl 2192 /dev/random diff --git a/templates/generate/vpn/x509/key-pair/node.tag/node.def b/templates/generate/vpn/x509/key-pair/node.tag/node.def deleted file mode 100644 index dc21935..0000000 --- a/templates/generate/vpn/x509/key-pair/node.tag/node.def +++ /dev/null @@ -1,4 +0,0 @@ -help: Generate x509 key-pair -run: - sudo /opt/vyatta/sbin/vyatta-gen-x509-keypair $5 -allowed: echo -n '' diff --git a/templates/generate/vpn/x509/key-pair/node.tag/node.def.in b/templates/generate/vpn/x509/key-pair/node.tag/node.def.in new file mode 100644 index 0000000..2c87956 --- /dev/null +++ b/templates/generate/vpn/x509/key-pair/node.tag/node.def.in @@ -0,0 +1,4 @@ +help: Generate x509 key-pair +run: + sudo @SBINDIR@/vyatta-gen-x509-keypair $5 +allowed: echo -n '' diff --git a/templates/reset/vpn/ipsec-peer/node.tag/node.def b/templates/reset/vpn/ipsec-peer/node.tag/node.def deleted file mode 100644 index fa55d52..0000000 --- a/templates/reset/vpn/ipsec-peer/node.tag/node.def +++ /dev/null @@ -1,6 +0,0 @@ -help: Reset all tunnels for given peer - -allowed: /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=get-all-peers - -run: /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl \ - --op=clear-tunnels-for-peer --peer="$4" diff --git a/templates/reset/vpn/ipsec-peer/node.tag/node.def.in b/templates/reset/vpn/ipsec-peer/node.tag/node.def.in new file mode 100644 index 0000000..621c40a --- /dev/null +++ b/templates/reset/vpn/ipsec-peer/node.tag/node.def.in @@ -0,0 +1,6 @@ +help: Reset all tunnels for given peer + +allowed: @SUDOUSRDIR@/vyatta-vpn-op.pl --op=get-all-peers + +run: @SUDOUSRDIR@/vyatta-vpn-op.pl \ + --op=clear-tunnels-for-peer --peer="$4" diff --git a/templates/reset/vpn/ipsec-peer/node.tag/tunnel/node.tag/node.def b/templates/reset/vpn/ipsec-peer/node.tag/tunnel/node.tag/node.def deleted file mode 100644 index eecb740..0000000 --- a/templates/reset/vpn/ipsec-peer/node.tag/tunnel/node.tag/node.def +++ /dev/null @@ -1,10 +0,0 @@ -help: Reset a specific tunnel for given peer - -allowed: /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl \ - --op=get-tunnels-for-peer \ - --peer="${COMP_WORDS[COMP_CWORD-2]}" - -run: /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl \ - --op=clear-specific-tunnel-for-peer \ - --peer="$4" \ - --tunnel="$6" diff --git a/templates/reset/vpn/ipsec-peer/node.tag/tunnel/node.tag/node.def.in b/templates/reset/vpn/ipsec-peer/node.tag/tunnel/node.tag/node.def.in new file mode 100644 index 0000000..4407515 --- /dev/null +++ b/templates/reset/vpn/ipsec-peer/node.tag/tunnel/node.tag/node.def.in @@ -0,0 +1,10 @@ +help: Reset a specific tunnel for given peer + +allowed: @SUDOUSRDIR@/vyatta-vpn-op.pl \ + --op=get-tunnels-for-peer \ + --peer="${COMP_WORDS[COMP_CWORD-2]}" + +run: @SUDOUSRDIR@/vyatta-vpn-op.pl \ + --op=clear-specific-tunnel-for-peer \ + --peer="$4" \ + --tunnel="$6" diff --git a/templates/reset/vpn/ipsec-peer/node.tag/vti/node.def b/templates/reset/vpn/ipsec-peer/node.tag/vti/node.def deleted file mode 100644 index f0f39a8..0000000 --- a/templates/reset/vpn/ipsec-peer/node.tag/vti/node.def +++ /dev/null @@ -1,5 +0,0 @@ -help: Reset a vti tunnel for given peer - -run: /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl \ - --op=clear-vtis-for-peer \ - --peer="$4" diff --git a/templates/reset/vpn/ipsec-peer/node.tag/vti/node.def.in b/templates/reset/vpn/ipsec-peer/node.tag/vti/node.def.in new file mode 100644 index 0000000..2e8e9be --- /dev/null +++ b/templates/reset/vpn/ipsec-peer/node.tag/vti/node.def.in @@ -0,0 +1,5 @@ +help: Reset a vti tunnel for given peer + +run: @SUDOUSRDIR@/vyatta-vpn-op.pl \ + --op=clear-vtis-for-peer \ + --peer="$4" diff --git a/templates/reset/vpn/ipsec-profile/node.tag/node.def b/templates/reset/vpn/ipsec-profile/node.tag/node.def deleted file mode 100644 index 639fac3..0000000 --- a/templates/reset/vpn/ipsec-profile/node.tag/node.def +++ /dev/null @@ -1,6 +0,0 @@ -help: Reset all tunnels for given profile - -allowed: /opt/vyatta/bin/sudo-users/vyatta-dmvpn-op.pl --op=get-all-profiles - -run: /opt/vyatta/bin/sudo-users/vyatta-dmvpn-op.pl \ - --op=clear-tunnels-for-profile --profile="$4" diff --git a/templates/reset/vpn/ipsec-profile/node.tag/node.def.in b/templates/reset/vpn/ipsec-profile/node.tag/node.def.in new file mode 100644 index 0000000..ea90853 --- /dev/null +++ b/templates/reset/vpn/ipsec-profile/node.tag/node.def.in @@ -0,0 +1,6 @@ +help: Reset all tunnels for given profile + +allowed: @SUDOUSRDIR@/vyatta-dmvpn-op.pl --op=get-all-profiles + +run: @SUDOUSRDIR@/vyatta-dmvpn-op.pl \ + --op=clear-tunnels-for-profile --profile="$4" diff --git a/templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def b/templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def deleted file mode 100644 index 08e299f..0000000 --- a/templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def +++ /dev/null @@ -1,10 +0,0 @@ -help: Reset a specific tunnel for given profile - -allowed: /opt/vyatta/bin/sudo-users/vyatta-dmvpn-op.pl \ - --op=get-tunnels-for-profile \ - --profile="${COMP_WORDS[COMP_CWORD-2]}" - -run: /opt/vyatta/bin/sudo-users/vyatta-dmvpn-op.pl \ - --op=clear-specific-tunnel-for-profile \ - --profile="$4" \ - --tunnel="$6" diff --git a/templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def.in b/templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def.in new file mode 100644 index 0000000..f5eda6c --- /dev/null +++ b/templates/reset/vpn/ipsec-profile/node.tag/tunnel/node.tag/node.def.in @@ -0,0 +1,10 @@ +help: Reset a specific tunnel for given profile + +allowed: @SUDOUSRDIR@/vyatta-dmvpn-op.pl \ + --op=get-tunnels-for-profile \ + --profile="${COMP_WORDS[COMP_CWORD-2]}" + +run: @SUDOUSRDIR@/vyatta-dmvpn-op.pl \ + --op=clear-specific-tunnel-for-profile \ + --profile="$4" \ + --tunnel="$6" diff --git a/templates/restart/vpn/node.def b/templates/restart/vpn/node.def deleted file mode 100644 index 7cb9387..0000000 --- a/templates/restart/vpn/node.def +++ /dev/null @@ -1,12 +0,0 @@ -help: Restart IPsec VPN -run: if [ -n "$(cli-shell-api returnActiveValues \ - vpn ipsec ipsec-interfaces interface)" ]; then - if pgrep pluto > /dev/null - then - /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=clear-vpn-ipsec-process - else - echo IPsec process not running - fi - else - echo IPsec VPN not configured - fi diff --git a/templates/restart/vpn/node.def.in b/templates/restart/vpn/node.def.in new file mode 100644 index 0000000..3e3566a --- /dev/null +++ b/templates/restart/vpn/node.def.in @@ -0,0 +1,12 @@ +help: Restart IPsec VPN +run: if [ -n "$(cli-shell-api returnActiveValues \ + vpn ipsec ipsec-interfaces interface)" ]; then + if pgrep pluto > /dev/null + then + @SUDOUSRDIR@/vyatta-vpn-op.pl --op=clear-vpn-ipsec-process + else + echo IPsec process not running + fi + else + echo IPsec VPN not configured + fi diff --git a/templates/show/vpn/debug/detail/node.def b/templates/show/vpn/debug/detail/node.def deleted file mode 100644 index ee3604d..0000000 --- a/templates/show/vpn/debug/detail/node.def +++ /dev/null @@ -1,12 +0,0 @@ -help: Show detailed VPN debugging information -run: if [ -n "$(cli-shell-api returnActiveValues \ - vpn ipsec ipsec-interfaces interface)" ]; then - if pgrep pluto > /dev/null - then - /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=show-vpn-debug-detail - else - echo IPsec process not running - fi - else - echo VPN ipsec not configured - fi diff --git a/templates/show/vpn/debug/detail/node.def.in b/templates/show/vpn/debug/detail/node.def.in new file mode 100644 index 0000000..9271328 --- /dev/null +++ b/templates/show/vpn/debug/detail/node.def.in @@ -0,0 +1,12 @@ +help: Show detailed VPN debugging information +run: if [ -n "$(cli-shell-api returnActiveValues \ + vpn ipsec ipsec-interfaces interface)" ]; then + if pgrep pluto > /dev/null + then + @SUDOUSRDIR@/vyatta-vpn-op.pl --op=show-vpn-debug-detail + else + echo IPsec process not running + fi + else + echo VPN ipsec not configured + fi diff --git a/templates/show/vpn/debug/node.def b/templates/show/vpn/debug/node.def deleted file mode 100644 index 7a33888..0000000 --- a/templates/show/vpn/debug/node.def +++ /dev/null @@ -1,12 +0,0 @@ -help: Show VPN debugging information -run: if [ -n "$(cli-shell-api returnActiveValues \ - vpn ipsec ipsec-interfaces interface)" ]; then - if pgrep pluto > /dev/null - then - /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=show-vpn-debug - else - echo IPsec process not running - fi - else - echo VPN ipsec not configured - fi diff --git a/templates/show/vpn/debug/node.def.in b/templates/show/vpn/debug/node.def.in new file mode 100644 index 0000000..1f6c829 --- /dev/null +++ b/templates/show/vpn/debug/node.def.in @@ -0,0 +1,12 @@ +help: Show VPN debugging information +run: if [ -n "$(cli-shell-api returnActiveValues \ + vpn ipsec ipsec-interfaces interface)" ]; then + if pgrep pluto > /dev/null + then + @SUDOUSRDIR@/vyatta-vpn-op.pl --op=show-vpn-debug + else + echo IPsec process not running + fi + else + echo VPN ipsec not configured + fi diff --git a/templates/show/vpn/debug/peer/node.tag/node.def b/templates/show/vpn/debug/peer/node.tag/node.def deleted file mode 100644 index a27063a..0000000 --- a/templates/show/vpn/debug/peer/node.tag/node.def +++ /dev/null @@ -1,14 +0,0 @@ -help: Show debugging information for a peer -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-peers-for-cli -run: if [ -n "$(cli-shell-api returnActiveValues \ - vpn ipsec ipsec-interfaces interface)" ]; then - if pgrep pluto > /dev/null - then - /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=show-vpn-debug | grep peer-$5 - else - echo IPsec process not running - fi - else - echo VPN ipsec not configured - fi - diff --git a/templates/show/vpn/debug/peer/node.tag/node.def.in b/templates/show/vpn/debug/peer/node.tag/node.def.in new file mode 100644 index 0000000..d201746 --- /dev/null +++ b/templates/show/vpn/debug/peer/node.tag/node.def.in @@ -0,0 +1,14 @@ +help: Show debugging information for a peer +allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-peers-for-cli +run: if [ -n "$(cli-shell-api returnActiveValues \ + vpn ipsec ipsec-interfaces interface)" ]; then + if pgrep pluto > /dev/null + then + @SUDOUSRDIR@/vyatta-vpn-op.pl --op=show-vpn-debug | grep peer-$5 + else + echo IPsec process not running + fi + else + echo VPN ipsec not configured + fi + diff --git a/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def deleted file mode 100644 index c141ac0..0000000 --- a/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def +++ /dev/null @@ -1,14 +0,0 @@ -help: Show debugging information for a peer's tunnel -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[4]} -run: if [ -n "$(cli-shell-api returnActiveValues \ - vpn ipsec ipsec-interfaces interface)" ]; then - if pgrep pluto > /dev/null - then - /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=show-vpn-debug | grep "peer-$5-tunnel-$7" - else - echo IPsec process not running - fi - else - echo VPN ipsec not configured - fi - diff --git a/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def.in b/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def.in new file mode 100644 index 0000000..5906929 --- /dev/null +++ b/templates/show/vpn/debug/peer/node.tag/tunnel/node.tag/node.def.in @@ -0,0 +1,14 @@ +help: Show debugging information for a peer's tunnel +allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[4]} +run: if [ -n "$(cli-shell-api returnActiveValues \ + vpn ipsec ipsec-interfaces interface)" ]; then + if pgrep pluto > /dev/null + then + @SUDOUSRDIR@/vyatta-vpn-op.pl --op=show-vpn-debug | grep "peer-$5-tunnel-$7" + else + echo IPsec process not running + fi + else + echo VPN ipsec not configured + fi + diff --git a/templates/show/vpn/ike/rsa-keys/node.def b/templates/show/vpn/ike/rsa-keys/node.def deleted file mode 100644 index 6d3baa5..0000000 --- a/templates/show/vpn/ike/rsa-keys/node.def +++ /dev/null @@ -1,2 +0,0 @@ -help: Show VPN RSA keys -run: sudo /opt/vyatta/bin/sudo-users/vyatta-show-vpn.pl rsa-keys diff --git a/templates/show/vpn/ike/rsa-keys/node.def.in b/templates/show/vpn/ike/rsa-keys/node.def.in new file mode 100644 index 0000000..255ca18 --- /dev/null +++ b/templates/show/vpn/ike/rsa-keys/node.def.in @@ -0,0 +1,2 @@ +help: Show VPN RSA keys +run: sudo @SUDOUSRDIR@/vyatta-show-vpn.pl rsa-keys diff --git a/templates/show/vpn/ike/sa/nat-traversal/node.def b/templates/show/vpn/ike/sa/nat-traversal/node.def deleted file mode 100644 index 3855c49..0000000 --- a/templates/show/vpn/ike/sa/nat-traversal/node.def +++ /dev/null @@ -1,2 +0,0 @@ -help: Show all currently active IKE Security Associations (SA) that are using NAT Traversal -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ike-sa-natt diff --git a/templates/show/vpn/ike/sa/nat-traversal/node.def.in b/templates/show/vpn/ike/sa/nat-traversal/node.def.in new file mode 100644 index 0000000..6c62b12 --- /dev/null +++ b/templates/show/vpn/ike/sa/nat-traversal/node.def.in @@ -0,0 +1,2 @@ +help: Show all currently active IKE Security Associations (SA) that are using NAT Traversal +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ike-sa-natt diff --git a/templates/show/vpn/ike/sa/node.def b/templates/show/vpn/ike/sa/node.def deleted file mode 100644 index 051d657..0000000 --- a/templates/show/vpn/ike/sa/node.def +++ /dev/null @@ -1,2 +0,0 @@ -help: Show all currently active IKE Security Associations (SA) -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ike-sa diff --git a/templates/show/vpn/ike/sa/node.def.in b/templates/show/vpn/ike/sa/node.def.in new file mode 100644 index 0000000..e372ff7 --- /dev/null +++ b/templates/show/vpn/ike/sa/node.def.in @@ -0,0 +1,2 @@ +help: Show all currently active IKE Security Associations (SA) +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ike-sa diff --git a/templates/show/vpn/ike/sa/peer/node.tag/node.def b/templates/show/vpn/ike/sa/peer/node.tag/node.def deleted file mode 100644 index c76b71b..0000000 --- a/templates/show/vpn/ike/sa/peer/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show all currently active IKE Security Associations (SA) for a peer -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-peers-for-cli -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ike-sa-peer="$6" diff --git a/templates/show/vpn/ike/sa/peer/node.tag/node.def.in b/templates/show/vpn/ike/sa/peer/node.tag/node.def.in new file mode 100644 index 0000000..a9782ad --- /dev/null +++ b/templates/show/vpn/ike/sa/peer/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Show all currently active IKE Security Associations (SA) for a peer +allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-peers-for-cli +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ike-sa-peer="$6" diff --git a/templates/show/vpn/ike/secrets/node.def b/templates/show/vpn/ike/secrets/node.def deleted file mode 100644 index ec4073c..0000000 --- a/templates/show/vpn/ike/secrets/node.def +++ /dev/null @@ -1,2 +0,0 @@ -help: Show all the pre-shared key secrets -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ike-secrets diff --git a/templates/show/vpn/ike/secrets/node.def.in b/templates/show/vpn/ike/secrets/node.def.in new file mode 100644 index 0000000..3d1a32d --- /dev/null +++ b/templates/show/vpn/ike/secrets/node.def.in @@ -0,0 +1,2 @@ +help: Show all the pre-shared key secrets +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ike-secrets diff --git a/templates/show/vpn/ike/status/node.def b/templates/show/vpn/ike/status/node.def deleted file mode 100644 index e74a741..0000000 --- a/templates/show/vpn/ike/status/node.def +++ /dev/null @@ -1,2 +0,0 @@ -help: Show summary of IKE process information -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ike-status diff --git a/templates/show/vpn/ike/status/node.def.in b/templates/show/vpn/ike/status/node.def.in new file mode 100644 index 0000000..7cc9b10 --- /dev/null +++ b/templates/show/vpn/ike/status/node.def.in @@ -0,0 +1,2 @@ +help: Show summary of IKE process information +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ike-status diff --git a/templates/show/vpn/ipsec/sa/detail/node.def b/templates/show/vpn/ipsec/sa/detail/node.def deleted file mode 100644 index 1397817..0000000 --- a/templates/show/vpn/ipsec/sa/detail/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show details for all active IPsec Security Associations (SA) -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-detail - sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-detail diff --git a/templates/show/vpn/ipsec/sa/detail/node.def.in b/templates/show/vpn/ipsec/sa/detail/node.def.in new file mode 100644 index 0000000..781d61b --- /dev/null +++ b/templates/show/vpn/ipsec/sa/detail/node.def.in @@ -0,0 +1,3 @@ +help: Show details for all active IPsec Security Associations (SA) +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-detail + sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-detail diff --git a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def b/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def deleted file mode 100644 index cad43ba..0000000 --- a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show details for all active IPsec Security Associations (SA) for a peer -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-peers-for-cli -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-peer-detail="$7" diff --git a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def.in new file mode 100644 index 0000000..659acfa --- /dev/null +++ b/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Show details for all active IPsec Security Associations (SA) for a peer +allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-peers-for-cli +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-peer-detail="$7" diff --git a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def deleted file mode 100644 index 470578e..0000000 --- a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show details for the active IPsec Security Associations (SA) for a peer's tunnel -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[6]} -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-conn-detail $7 $9 diff --git a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def.in new file mode 100644 index 0000000..5c121c3 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Show details for the active IPsec Security Associations (SA) for a peer's tunnel +allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[6]} +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-conn-detail $7 $9 diff --git a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def b/templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def deleted file mode 100644 index fbb6218..0000000 --- a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show details for all active IPsec Security Associations (SA) for a profile -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --get-profiles-for-cli -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-profile-detail="$7" diff --git a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def.in new file mode 100644 index 0000000..bcbc520 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Show details for all active IPsec Security Associations (SA) for a profile +allowed: @SUDOUSRDIR@/vyatta-op-vpnprof.pl --get-profiles-for-cli +run: sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-profile-detail="$7" diff --git a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def deleted file mode 100644 index ac5fd14..0000000 --- a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show details for the active IPsec Security Associations (SA) for a tunnel bound to profile -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --get-conn-for-cli=${COMP_WORDS[6]} -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-conn-detail $7 $9 diff --git a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def.in new file mode 100644 index 0000000..e31b008 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Show details for the active IPsec Security Associations (SA) for a tunnel bound to profile +allowed: @SUDOUSRDIR@/vyatta-op-vpnprof.pl --get-conn-for-cli=${COMP_WORDS[6]} +run: sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-conn-detail $7 $9 diff --git a/templates/show/vpn/ipsec/sa/nat-traversal/node.def b/templates/show/vpn/ipsec/sa/nat-traversal/node.def deleted file mode 100644 index 7ea610b..0000000 --- a/templates/show/vpn/ipsec/sa/nat-traversal/node.def +++ /dev/null @@ -1,2 +0,0 @@ -help: Show all active IPsec Security Associations (SA) that are using NAT Traversal -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-natt diff --git a/templates/show/vpn/ipsec/sa/nat-traversal/node.def.in b/templates/show/vpn/ipsec/sa/nat-traversal/node.def.in new file mode 100644 index 0000000..f3bbe87 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/nat-traversal/node.def.in @@ -0,0 +1,2 @@ +help: Show all active IPsec Security Associations (SA) that are using NAT Traversal +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-natt diff --git a/templates/show/vpn/ipsec/sa/node.def b/templates/show/vpn/ipsec/sa/node.def deleted file mode 100644 index 287d489..0000000 --- a/templates/show/vpn/ipsec/sa/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show all active IPsec Security Associations (SA) -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa - sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa diff --git a/templates/show/vpn/ipsec/sa/node.def.in b/templates/show/vpn/ipsec/sa/node.def.in new file mode 100644 index 0000000..036a1d7 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/node.def.in @@ -0,0 +1,3 @@ +help: Show all active IPsec Security Associations (SA) +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa + sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa diff --git a/templates/show/vpn/ipsec/sa/peer/node.tag/node.def b/templates/show/vpn/ipsec/sa/peer/node.tag/node.def deleted file mode 100644 index 559bed5..0000000 --- a/templates/show/vpn/ipsec/sa/peer/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show all active IPsec Security Associations (SA) for a peer -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-peers-for-cli -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-peer="$6" diff --git a/templates/show/vpn/ipsec/sa/peer/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/peer/node.tag/node.def.in new file mode 100644 index 0000000..1cae596 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/peer/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Show all active IPsec Security Associations (SA) for a peer +allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-peers-for-cli +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-peer="$6" diff --git a/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def deleted file mode 100644 index 195f37a..0000000 --- a/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show the active IPsec Security Association (SA) for a peer's tunnel -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[5]} -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-conn $6 $8 diff --git a/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def.in new file mode 100644 index 0000000..8cc8a9c --- /dev/null +++ b/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Show the active IPsec Security Association (SA) for a peer's tunnel +allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[5]} +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-conn $6 $8 diff --git a/templates/show/vpn/ipsec/sa/profile/node.tag/node.def b/templates/show/vpn/ipsec/sa/profile/node.tag/node.def deleted file mode 100644 index 76e66a5..0000000 --- a/templates/show/vpn/ipsec/sa/profile/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show all active IPsec Security Associations (SA) for a profile -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --get-profiles-for-cli -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-profile="$6" diff --git a/templates/show/vpn/ipsec/sa/profile/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/profile/node.tag/node.def.in new file mode 100644 index 0000000..30ed853 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/profile/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Show all active IPsec Security Associations (SA) for a profile +allowed: @SUDOUSRDIR@/vyatta-op-vpnprof.pl --get-profiles-for-cli +run: sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-profile="$6" diff --git a/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def deleted file mode 100644 index 3f0af98..0000000 --- a/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show the active IPsec Security Association (SA) for a profile's tunnel -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --get-conn-for-cli=${COMP_WORDS[5]} -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-conn $6 $8 diff --git a/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def.in new file mode 100644 index 0000000..3d643bc --- /dev/null +++ b/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Show the active IPsec Security Association (SA) for a profile's tunnel +allowed: @SUDOUSRDIR@/vyatta-op-vpnprof.pl --get-conn-for-cli=${COMP_WORDS[5]} +run: sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-conn $6 $8 diff --git a/templates/show/vpn/ipsec/sa/statistics/node.def b/templates/show/vpn/ipsec/sa/statistics/node.def deleted file mode 100644 index 84fa4b7..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show statistics of all active tunnels that have IPsec Security Associations (SA) -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-stats - sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-stats diff --git a/templates/show/vpn/ipsec/sa/statistics/node.def.in b/templates/show/vpn/ipsec/sa/statistics/node.def.in new file mode 100644 index 0000000..5832f1a --- /dev/null +++ b/templates/show/vpn/ipsec/sa/statistics/node.def.in @@ -0,0 +1,3 @@ +help: Show statistics of all active tunnels that have IPsec Security Associations (SA) +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-stats + sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-stats diff --git a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def b/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def deleted file mode 100644 index 758333e..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show stats for all active IPsec Security Associations (SA) for a peer -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-peers-for-cli -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-stats-peer="$7" diff --git a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def.in new file mode 100644 index 0000000..8b72451 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Show stats for all active IPsec Security Associations (SA) for a peer +allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-peers-for-cli +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-stats-peer="$7" diff --git a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def deleted file mode 100644 index 1902c22..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show stats for the active IPsec Security Association (SA) for a peer's tunnel -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[6]} -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-stats-conn $7 $9 diff --git a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def.in new file mode 100644 index 0000000..6566a44 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Show stats for the active IPsec Security Association (SA) for a peer's tunnel +allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[6]} +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-stats-conn $7 $9 diff --git a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def b/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def deleted file mode 100644 index 9d49f44..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show stats for all active IPsec Security Associations (SA) for a profile -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --get-profiles-for-cli -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-stats-profile="$7" diff --git a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def.in new file mode 100644 index 0000000..1bc76d6 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Show stats for all active IPsec Security Associations (SA) for a profile +allowed: @SUDOUSRDIR@/vyatta-op-vpnprof.pl --get-profiles-for-cli +run: sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-stats-profile="$7" diff --git a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def b/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def deleted file mode 100644 index b8aa7dc..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show stats for the active IPsec Security Association (SA) for a tunnel bound to profile -allowed: /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --get-conn-for-cli=${COMP_WORDS[6]} -run: sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpnprof.pl --show-ipsec-sa-stats-conn $7 $9 diff --git a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def.in new file mode 100644 index 0000000..9ae35c8 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Show stats for the active IPsec Security Association (SA) for a tunnel bound to profile +allowed: @SUDOUSRDIR@/vyatta-op-vpnprof.pl --get-conn-for-cli=${COMP_WORDS[6]} +run: sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-stats-conn $7 $9 diff --git a/templates/show/vpn/ipsec/status/node.def b/templates/show/vpn/ipsec/status/node.def deleted file mode 100644 index bf4ebf7..0000000 --- a/templates/show/vpn/ipsec/status/node.def +++ /dev/null @@ -1,6 +0,0 @@ -help: Show status of IPsec process -run: if pgrep pluto >&/dev/null; then - /opt/vyatta/bin/sudo-users/vyatta-show-ipsec-status.pl - else - echo -e "IPSec Process NOT Running\n" - fi diff --git a/templates/show/vpn/ipsec/status/node.def.in b/templates/show/vpn/ipsec/status/node.def.in new file mode 100644 index 0000000..25f849b --- /dev/null +++ b/templates/show/vpn/ipsec/status/node.def.in @@ -0,0 +1,6 @@ +help: Show status of IPsec process +run: if pgrep pluto >&/dev/null; then + @SUDOUSRDIR@/vyatta-show-ipsec-status.pl + else + echo -e "IPSec Process NOT Running\n" + fi -- cgit v1.2.3 From 33e24e989996ec809e1be696866258ce987cc527 Mon Sep 17 00:00:00 2001 From: Kim Hagen Date: Thu, 15 Sep 2016 11:40:03 +0200 Subject: Reimplementation of TriJetScud's commit:578688a25ba784d839512fefafab4cabdaf32fc5. Simpilfy the operational commands Instead of trying to parse the outout of ipsec or swanctl, just dump whatever swanctl outputs. --- .gitignore | 18 +----------------- configure.ac | 16 ---------------- templates/show/vpn/ipsec/sa/detail/node.def.in | 3 --- .../show/vpn/ipsec/sa/detail/peer/node.tag/node.def.in | 3 --- .../detail/peer/node.tag/tunnel/node.tag/node.def.in | 3 --- .../vpn/ipsec/sa/detail/profile/node.tag/node.def.in | 3 --- .../profile/node.tag/tunnel/node.tag/node.def.in | 3 --- templates/show/vpn/ipsec/sa/nat-traversal/node.def.in | 2 -- templates/show/vpn/ipsec/sa/node.def | 6 ++++++ templates/show/vpn/ipsec/sa/node.def.in | 3 --- templates/show/vpn/ipsec/sa/peer/node.tag/node.def.in | 3 --- .../ipsec/sa/peer/node.tag/tunnel/node.tag/node.def.in | 3 --- .../show/vpn/ipsec/sa/profile/node.tag/node.def.in | 3 --- .../sa/profile/node.tag/tunnel/node.tag/node.def.in | 3 --- templates/show/vpn/ipsec/sa/statistics/node.def.in | 3 --- .../vpn/ipsec/sa/statistics/peer/node.tag/node.def.in | 3 --- .../peer/node.tag/tunnel/node.tag/node.def.in | 3 --- .../ipsec/sa/statistics/profile/node.tag/node.def.in | 3 --- .../profile/node.tag/tunnel/node.tag/node.def.in | 3 --- 19 files changed, 7 insertions(+), 80 deletions(-) delete mode 100644 templates/show/vpn/ipsec/sa/detail/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/nat-traversal/node.def.in create mode 100644 templates/show/vpn/ipsec/sa/node.def delete mode 100644 templates/show/vpn/ipsec/sa/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/peer/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/profile/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/statistics/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def.in (limited to 'templates/show/vpn') diff --git a/.gitignore b/.gitignore index 470b73c..cce2a86 100644 --- a/.gitignore +++ b/.gitignore @@ -48,21 +48,5 @@ templates/show/vpn/ike/sa/node.def templates/show/vpn/ike/sa/peer/node.tag/node.def templates/show/vpn/ike/secrets/node.def templates/show/vpn/ike/status/node.def -templates/show/vpn/ipsec/sa/detail/node.def -templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def -templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def -templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def -templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def -templates/show/vpn/ipsec/sa/nat-traversal/node.def -templates/show/vpn/ipsec/sa/node.def -templates/show/vpn/ipsec/sa/peer/node.tag/node.def -templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def -templates/show/vpn/ipsec/sa/profile/node.tag/node.def -templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def -templates/show/vpn/ipsec/sa/statistics/node.def -templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def -templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def -templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def -templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def templates/show/vpn/ipsec/status/node.def -/scripts/vyatta-gen-x509-keypair \ No newline at end of file +/scripts/vyatta-gen-x509-keypair diff --git a/configure.ac b/configure.ac index 6002c2d..19a356f 100644 --- a/configure.ac +++ b/configure.ac @@ -54,22 +54,6 @@ AC_OUTPUT([ templates/generate/vpn/rsa-key/bits/node.tag/node.def templates/generate/vpn/rsa-key/bits/node.tag/random/node.tag/node.def templates/show/vpn/ipsec/status/node.def - templates/show/vpn/ipsec/sa/node.def - templates/show/vpn/ipsec/sa/nat-traversal/node.def - templates/show/vpn/ipsec/sa/statistics/node.def - templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def - templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def - templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def - templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def - templates/show/vpn/ipsec/sa/detail/node.def - templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def - templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def - templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def - templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def - templates/show/vpn/ipsec/sa/profile/node.tag/node.def - templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def - templates/show/vpn/ipsec/sa/peer/node.tag/node.def - templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def templates/show/vpn/debug/node.def templates/show/vpn/debug/detail/node.def templates/show/vpn/debug/peer/node.tag/node.def diff --git a/templates/show/vpn/ipsec/sa/detail/node.def.in b/templates/show/vpn/ipsec/sa/detail/node.def.in deleted file mode 100644 index 781d61b..0000000 --- a/templates/show/vpn/ipsec/sa/detail/node.def.in +++ /dev/null @@ -1,3 +0,0 @@ -help: Show details for all active IPsec Security Associations (SA) -run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-detail - sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-detail diff --git a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def.in deleted file mode 100644 index 659acfa..0000000 --- a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def.in +++ /dev/null @@ -1,3 +0,0 @@ -help: Show details for all active IPsec Security Associations (SA) for a peer -allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-peers-for-cli -run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-peer-detail="$7" diff --git a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def.in deleted file mode 100644 index 5c121c3..0000000 --- a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/tunnel/node.tag/node.def.in +++ /dev/null @@ -1,3 +0,0 @@ -help: Show details for the active IPsec Security Associations (SA) for a peer's tunnel -allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[6]} -run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-conn-detail $7 $9 diff --git a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def.in deleted file mode 100644 index bcbc520..0000000 --- a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/node.def.in +++ /dev/null @@ -1,3 +0,0 @@ -help: Show details for all active IPsec Security Associations (SA) for a profile -allowed: @SUDOUSRDIR@/vyatta-op-vpnprof.pl --get-profiles-for-cli -run: sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-profile-detail="$7" diff --git a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def.in deleted file mode 100644 index e31b008..0000000 --- a/templates/show/vpn/ipsec/sa/detail/profile/node.tag/tunnel/node.tag/node.def.in +++ /dev/null @@ -1,3 +0,0 @@ -help: Show details for the active IPsec Security Associations (SA) for a tunnel bound to profile -allowed: @SUDOUSRDIR@/vyatta-op-vpnprof.pl --get-conn-for-cli=${COMP_WORDS[6]} -run: sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-conn-detail $7 $9 diff --git a/templates/show/vpn/ipsec/sa/nat-traversal/node.def.in b/templates/show/vpn/ipsec/sa/nat-traversal/node.def.in deleted file mode 100644 index f3bbe87..0000000 --- a/templates/show/vpn/ipsec/sa/nat-traversal/node.def.in +++ /dev/null @@ -1,2 +0,0 @@ -help: Show all active IPsec Security Associations (SA) that are using NAT Traversal -run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-natt diff --git a/templates/show/vpn/ipsec/sa/node.def b/templates/show/vpn/ipsec/sa/node.def new file mode 100644 index 0000000..99a5cc1 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/node.def @@ -0,0 +1,6 @@ +help: Show all active IPsec Security Associations (SA) +run: if pgrep charon >&/dev/null; then + sudo /usr/sbin/swanctl --list-sas + else + echo -e "IPSec Process NOT Running\n" + fi diff --git a/templates/show/vpn/ipsec/sa/node.def.in b/templates/show/vpn/ipsec/sa/node.def.in deleted file mode 100644 index 036a1d7..0000000 --- a/templates/show/vpn/ipsec/sa/node.def.in +++ /dev/null @@ -1,3 +0,0 @@ -help: Show all active IPsec Security Associations (SA) -run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa - sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa diff --git a/templates/show/vpn/ipsec/sa/peer/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/peer/node.tag/node.def.in deleted file mode 100644 index 1cae596..0000000 --- a/templates/show/vpn/ipsec/sa/peer/node.tag/node.def.in +++ /dev/null @@ -1,3 +0,0 @@ -help: Show all active IPsec Security Associations (SA) for a peer -allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-peers-for-cli -run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-peer="$6" diff --git a/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def.in deleted file mode 100644 index 8cc8a9c..0000000 --- a/templates/show/vpn/ipsec/sa/peer/node.tag/tunnel/node.tag/node.def.in +++ /dev/null @@ -1,3 +0,0 @@ -help: Show the active IPsec Security Association (SA) for a peer's tunnel -allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[5]} -run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-conn $6 $8 diff --git a/templates/show/vpn/ipsec/sa/profile/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/profile/node.tag/node.def.in deleted file mode 100644 index 30ed853..0000000 --- a/templates/show/vpn/ipsec/sa/profile/node.tag/node.def.in +++ /dev/null @@ -1,3 +0,0 @@ -help: Show all active IPsec Security Associations (SA) for a profile -allowed: @SUDOUSRDIR@/vyatta-op-vpnprof.pl --get-profiles-for-cli -run: sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-profile="$6" diff --git a/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def.in deleted file mode 100644 index 3d643bc..0000000 --- a/templates/show/vpn/ipsec/sa/profile/node.tag/tunnel/node.tag/node.def.in +++ /dev/null @@ -1,3 +0,0 @@ -help: Show the active IPsec Security Association (SA) for a profile's tunnel -allowed: @SUDOUSRDIR@/vyatta-op-vpnprof.pl --get-conn-for-cli=${COMP_WORDS[5]} -run: sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-conn $6 $8 diff --git a/templates/show/vpn/ipsec/sa/statistics/node.def.in b/templates/show/vpn/ipsec/sa/statistics/node.def.in deleted file mode 100644 index 5832f1a..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/node.def.in +++ /dev/null @@ -1,3 +0,0 @@ -help: Show statistics of all active tunnels that have IPsec Security Associations (SA) -run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-stats - sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-stats diff --git a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def.in deleted file mode 100644 index 8b72451..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/node.def.in +++ /dev/null @@ -1,3 +0,0 @@ -help: Show stats for all active IPsec Security Associations (SA) for a peer -allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-peers-for-cli -run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-stats-peer="$7" diff --git a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def.in deleted file mode 100644 index 6566a44..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/peer/node.tag/tunnel/node.tag/node.def.in +++ /dev/null @@ -1,3 +0,0 @@ -help: Show stats for the active IPsec Security Association (SA) for a peer's tunnel -allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-conn-for-cli=${COMP_WORDS[6]} -run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-stats-conn $7 $9 diff --git a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def.in deleted file mode 100644 index 1bc76d6..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/node.def.in +++ /dev/null @@ -1,3 +0,0 @@ -help: Show stats for all active IPsec Security Associations (SA) for a profile -allowed: @SUDOUSRDIR@/vyatta-op-vpnprof.pl --get-profiles-for-cli -run: sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-stats-profile="$7" diff --git a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def.in deleted file mode 100644 index 9ae35c8..0000000 --- a/templates/show/vpn/ipsec/sa/statistics/profile/node.tag/tunnel/node.tag/node.def.in +++ /dev/null @@ -1,3 +0,0 @@ -help: Show stats for the active IPsec Security Association (SA) for a tunnel bound to profile -allowed: @SUDOUSRDIR@/vyatta-op-vpnprof.pl --get-conn-for-cli=${COMP_WORDS[6]} -run: sudo @SUDOUSRDIR@/vyatta-op-vpnprof.pl --show-ipsec-sa-stats-conn $7 $9 -- cgit v1.2.3 From 24c7ff03646d73767df9a0b5e20c483fcf9708a6 Mon Sep 17 00:00:00 2001 From: jules-vyos Date: Thu, 27 Jul 2017 15:38:31 +0100 Subject: Add templates for extended commands --- templates/show/vpn/ipsec/peer/node.def | 1 + templates/show/vpn/ipsec/peer/node.tag/detail/node.def.in | 3 +++ templates/show/vpn/ipsec/peer/node.tag/node.def.in | 3 +++ templates/show/vpn/ipsec/sa/detail/node.def.in | 6 ++++++ templates/show/vpn/ipsec/stats/node.def.in | 3 +++ templates/show/vpn/ipsec/stats/node.tag/node.def.in | 3 +++ templates/show/vpn/ipsec/stats/node.tag/tunnel/node.def | 1 + .../show/vpn/ipsec/stats/node.tag/tunnel/node.tag/node.def.in | 10 ++++++++++ templates/show/vpn/ipsec/verbose/node.def | 7 +++++++ 9 files changed, 37 insertions(+) create mode 100644 templates/show/vpn/ipsec/peer/node.def create mode 100644 templates/show/vpn/ipsec/peer/node.tag/detail/node.def.in create mode 100644 templates/show/vpn/ipsec/peer/node.tag/node.def.in create mode 100644 templates/show/vpn/ipsec/sa/detail/node.def.in create mode 100644 templates/show/vpn/ipsec/stats/node.def.in create mode 100644 templates/show/vpn/ipsec/stats/node.tag/node.def.in create mode 100644 templates/show/vpn/ipsec/stats/node.tag/tunnel/node.def create mode 100644 templates/show/vpn/ipsec/stats/node.tag/tunnel/node.tag/node.def.in create mode 100644 templates/show/vpn/ipsec/verbose/node.def (limited to 'templates/show/vpn') diff --git a/templates/show/vpn/ipsec/peer/node.def b/templates/show/vpn/ipsec/peer/node.def new file mode 100644 index 0000000..f77f46e --- /dev/null +++ b/templates/show/vpn/ipsec/peer/node.def @@ -0,0 +1 @@ +help: Show all currently active IPSec Security Associations (SA) for a peer diff --git a/templates/show/vpn/ipsec/peer/node.tag/detail/node.def.in b/templates/show/vpn/ipsec/peer/node.tag/detail/node.def.in new file mode 100644 index 0000000..e05a3c4 --- /dev/null +++ b/templates/show/vpn/ipsec/peer/node.tag/detail/node.def.in @@ -0,0 +1,3 @@ +help: Show detail on all currently active IPSec Security Associations (SA) for a peer +allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-peers-for-cli +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-peer-detail="$6" diff --git a/templates/show/vpn/ipsec/peer/node.tag/node.def.in b/templates/show/vpn/ipsec/peer/node.tag/node.def.in new file mode 100644 index 0000000..4b23f44 --- /dev/null +++ b/templates/show/vpn/ipsec/peer/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Show all currently active IPSec Security Associations (SA) for a peer +allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-peers-for-cli +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-peer="$6" diff --git a/templates/show/vpn/ipsec/sa/detail/node.def.in b/templates/show/vpn/ipsec/sa/detail/node.def.in new file mode 100644 index 0000000..3362e9b --- /dev/null +++ b/templates/show/vpn/ipsec/sa/detail/node.def.in @@ -0,0 +1,6 @@ +help: Show Detail on all active IPsec Security Associations (SA) +run: if pgrep charon >&/dev/null; then + @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa + else + echo -e "IPSec Process NOT Running\n" + fi diff --git a/templates/show/vpn/ipsec/stats/node.def.in b/templates/show/vpn/ipsec/stats/node.def.in new file mode 100644 index 0000000..d1d6ad0 --- /dev/null +++ b/templates/show/vpn/ipsec/stats/node.def.in @@ -0,0 +1,3 @@ +help: Show statistics for alll currently active IPSec Security Associations (SA) +run: @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-stats + diff --git a/templates/show/vpn/ipsec/stats/node.tag/node.def.in b/templates/show/vpn/ipsec/stats/node.tag/node.def.in new file mode 100644 index 0000000..9426469 --- /dev/null +++ b/templates/show/vpn/ipsec/stats/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Show Statistics for SAs associated with a specific peer +allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-peers-for-cli +#run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-peer="$6" diff --git a/templates/show/vpn/ipsec/stats/node.tag/tunnel/node.def b/templates/show/vpn/ipsec/stats/node.tag/tunnel/node.def new file mode 100644 index 0000000..0429324 --- /dev/null +++ b/templates/show/vpn/ipsec/stats/node.tag/tunnel/node.def @@ -0,0 +1 @@ +help: Get Stats for a specific tunnel diff --git a/templates/show/vpn/ipsec/stats/node.tag/tunnel/node.tag/node.def.in b/templates/show/vpn/ipsec/stats/node.tag/tunnel/node.tag/node.def.in new file mode 100644 index 0000000..92a8572 --- /dev/null +++ b/templates/show/vpn/ipsec/stats/node.tag/tunnel/node.tag/node.def.in @@ -0,0 +1,10 @@ +help: Reset a specific tunnel for given peer + +allowed: @SUDOUSRDIR@/vyatta-vpn-op.pl \ + --op=get-tunnels-for-peer \ + --peer="${COMP_WORDS[COMP_CWORD-2]}" + +run: @SUDOUSRDIR@/vyatta-op-vpn.pl \ + --op=show-ipsec-sa-stats-conn \ + --peer="$6" \ + --tunnel="$8" diff --git a/templates/show/vpn/ipsec/verbose/node.def b/templates/show/vpn/ipsec/verbose/node.def new file mode 100644 index 0000000..fac77a3 --- /dev/null +++ b/templates/show/vpn/ipsec/verbose/node.def @@ -0,0 +1,7 @@ +help: Show Verbose Detail on all active IPsec Security Associations (SA) +run: if pgrep charon >&/dev/null; then + /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-detail + else + echo -e "IPSec Process NOT Running\n" + fi + -- cgit v1.2.3 From 739d1c222a3c69d89bf299365c070f5bf7981232 Mon Sep 17 00:00:00 2001 From: jules-vyos Date: Thu, 27 Jul 2017 15:40:14 +0100 Subject: Move into the CORRECT tree location. --- templates/show/vpn/ipsec/peer/node.def | 1 - templates/show/vpn/ipsec/peer/node.tag/detail/node.def.in | 3 --- templates/show/vpn/ipsec/peer/node.tag/node.def.in | 3 --- templates/show/vpn/ipsec/sa/peer/node.def | 1 + templates/show/vpn/ipsec/sa/peer/node.tag/detail/node.def.in | 3 +++ templates/show/vpn/ipsec/sa/peer/node.tag/node.def.in | 3 +++ templates/show/vpn/ipsec/sa/stats/node.def.in | 3 +++ templates/show/vpn/ipsec/sa/stats/node.tag/node.def.in | 3 +++ templates/show/vpn/ipsec/sa/stats/node.tag/tunnel/node.def | 1 + .../vpn/ipsec/sa/stats/node.tag/tunnel/node.tag/node.def.in | 10 ++++++++++ templates/show/vpn/ipsec/sa/verbose/node.def | 7 +++++++ templates/show/vpn/ipsec/stats/node.def.in | 3 --- templates/show/vpn/ipsec/stats/node.tag/node.def.in | 3 --- templates/show/vpn/ipsec/stats/node.tag/tunnel/node.def | 1 - .../show/vpn/ipsec/stats/node.tag/tunnel/node.tag/node.def.in | 10 ---------- templates/show/vpn/ipsec/verbose/node.def | 7 ------- 16 files changed, 31 insertions(+), 31 deletions(-) delete mode 100644 templates/show/vpn/ipsec/peer/node.def delete mode 100644 templates/show/vpn/ipsec/peer/node.tag/detail/node.def.in delete mode 100644 templates/show/vpn/ipsec/peer/node.tag/node.def.in create mode 100644 templates/show/vpn/ipsec/sa/peer/node.def create mode 100644 templates/show/vpn/ipsec/sa/peer/node.tag/detail/node.def.in create mode 100644 templates/show/vpn/ipsec/sa/peer/node.tag/node.def.in create mode 100644 templates/show/vpn/ipsec/sa/stats/node.def.in create mode 100644 templates/show/vpn/ipsec/sa/stats/node.tag/node.def.in create mode 100644 templates/show/vpn/ipsec/sa/stats/node.tag/tunnel/node.def create mode 100644 templates/show/vpn/ipsec/sa/stats/node.tag/tunnel/node.tag/node.def.in create mode 100644 templates/show/vpn/ipsec/sa/verbose/node.def delete mode 100644 templates/show/vpn/ipsec/stats/node.def.in delete mode 100644 templates/show/vpn/ipsec/stats/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/stats/node.tag/tunnel/node.def delete mode 100644 templates/show/vpn/ipsec/stats/node.tag/tunnel/node.tag/node.def.in delete mode 100644 templates/show/vpn/ipsec/verbose/node.def (limited to 'templates/show/vpn') diff --git a/templates/show/vpn/ipsec/peer/node.def b/templates/show/vpn/ipsec/peer/node.def deleted file mode 100644 index f77f46e..0000000 --- a/templates/show/vpn/ipsec/peer/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show all currently active IPSec Security Associations (SA) for a peer diff --git a/templates/show/vpn/ipsec/peer/node.tag/detail/node.def.in b/templates/show/vpn/ipsec/peer/node.tag/detail/node.def.in deleted file mode 100644 index e05a3c4..0000000 --- a/templates/show/vpn/ipsec/peer/node.tag/detail/node.def.in +++ /dev/null @@ -1,3 +0,0 @@ -help: Show detail on all currently active IPSec Security Associations (SA) for a peer -allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-peers-for-cli -run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-peer-detail="$6" diff --git a/templates/show/vpn/ipsec/peer/node.tag/node.def.in b/templates/show/vpn/ipsec/peer/node.tag/node.def.in deleted file mode 100644 index 4b23f44..0000000 --- a/templates/show/vpn/ipsec/peer/node.tag/node.def.in +++ /dev/null @@ -1,3 +0,0 @@ -help: Show all currently active IPSec Security Associations (SA) for a peer -allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-peers-for-cli -run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-peer="$6" diff --git a/templates/show/vpn/ipsec/sa/peer/node.def b/templates/show/vpn/ipsec/sa/peer/node.def new file mode 100644 index 0000000..f77f46e --- /dev/null +++ b/templates/show/vpn/ipsec/sa/peer/node.def @@ -0,0 +1 @@ +help: Show all currently active IPSec Security Associations (SA) for a peer diff --git a/templates/show/vpn/ipsec/sa/peer/node.tag/detail/node.def.in b/templates/show/vpn/ipsec/sa/peer/node.tag/detail/node.def.in new file mode 100644 index 0000000..e05a3c4 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/peer/node.tag/detail/node.def.in @@ -0,0 +1,3 @@ +help: Show detail on all currently active IPSec Security Associations (SA) for a peer +allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-peers-for-cli +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-peer-detail="$6" diff --git a/templates/show/vpn/ipsec/sa/peer/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/peer/node.tag/node.def.in new file mode 100644 index 0000000..4b23f44 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/peer/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Show all currently active IPSec Security Associations (SA) for a peer +allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-peers-for-cli +run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-peer="$6" diff --git a/templates/show/vpn/ipsec/sa/stats/node.def.in b/templates/show/vpn/ipsec/sa/stats/node.def.in new file mode 100644 index 0000000..d1d6ad0 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/stats/node.def.in @@ -0,0 +1,3 @@ +help: Show statistics for alll currently active IPSec Security Associations (SA) +run: @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-stats + diff --git a/templates/show/vpn/ipsec/sa/stats/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/stats/node.tag/node.def.in new file mode 100644 index 0000000..9426469 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/stats/node.tag/node.def.in @@ -0,0 +1,3 @@ +help: Show Statistics for SAs associated with a specific peer +allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-peers-for-cli +#run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-peer="$6" diff --git a/templates/show/vpn/ipsec/sa/stats/node.tag/tunnel/node.def b/templates/show/vpn/ipsec/sa/stats/node.tag/tunnel/node.def new file mode 100644 index 0000000..0429324 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/stats/node.tag/tunnel/node.def @@ -0,0 +1 @@ +help: Get Stats for a specific tunnel diff --git a/templates/show/vpn/ipsec/sa/stats/node.tag/tunnel/node.tag/node.def.in b/templates/show/vpn/ipsec/sa/stats/node.tag/tunnel/node.tag/node.def.in new file mode 100644 index 0000000..92a8572 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/stats/node.tag/tunnel/node.tag/node.def.in @@ -0,0 +1,10 @@ +help: Reset a specific tunnel for given peer + +allowed: @SUDOUSRDIR@/vyatta-vpn-op.pl \ + --op=get-tunnels-for-peer \ + --peer="${COMP_WORDS[COMP_CWORD-2]}" + +run: @SUDOUSRDIR@/vyatta-op-vpn.pl \ + --op=show-ipsec-sa-stats-conn \ + --peer="$6" \ + --tunnel="$8" diff --git a/templates/show/vpn/ipsec/sa/verbose/node.def b/templates/show/vpn/ipsec/sa/verbose/node.def new file mode 100644 index 0000000..fac77a3 --- /dev/null +++ b/templates/show/vpn/ipsec/sa/verbose/node.def @@ -0,0 +1,7 @@ +help: Show Verbose Detail on all active IPsec Security Associations (SA) +run: if pgrep charon >&/dev/null; then + /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-detail + else + echo -e "IPSec Process NOT Running\n" + fi + diff --git a/templates/show/vpn/ipsec/stats/node.def.in b/templates/show/vpn/ipsec/stats/node.def.in deleted file mode 100644 index d1d6ad0..0000000 --- a/templates/show/vpn/ipsec/stats/node.def.in +++ /dev/null @@ -1,3 +0,0 @@ -help: Show statistics for alll currently active IPSec Security Associations (SA) -run: @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-stats - diff --git a/templates/show/vpn/ipsec/stats/node.tag/node.def.in b/templates/show/vpn/ipsec/stats/node.tag/node.def.in deleted file mode 100644 index 9426469..0000000 --- a/templates/show/vpn/ipsec/stats/node.tag/node.def.in +++ /dev/null @@ -1,3 +0,0 @@ -help: Show Statistics for SAs associated with a specific peer -allowed: @SUDOUSRDIR@/vyatta-op-vpn.pl --get-peers-for-cli -#run: sudo @SUDOUSRDIR@/vyatta-op-vpn.pl --show-ipsec-sa-peer="$6" diff --git a/templates/show/vpn/ipsec/stats/node.tag/tunnel/node.def b/templates/show/vpn/ipsec/stats/node.tag/tunnel/node.def deleted file mode 100644 index 0429324..0000000 --- a/templates/show/vpn/ipsec/stats/node.tag/tunnel/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Get Stats for a specific tunnel diff --git a/templates/show/vpn/ipsec/stats/node.tag/tunnel/node.tag/node.def.in b/templates/show/vpn/ipsec/stats/node.tag/tunnel/node.tag/node.def.in deleted file mode 100644 index 92a8572..0000000 --- a/templates/show/vpn/ipsec/stats/node.tag/tunnel/node.tag/node.def.in +++ /dev/null @@ -1,10 +0,0 @@ -help: Reset a specific tunnel for given peer - -allowed: @SUDOUSRDIR@/vyatta-vpn-op.pl \ - --op=get-tunnels-for-peer \ - --peer="${COMP_WORDS[COMP_CWORD-2]}" - -run: @SUDOUSRDIR@/vyatta-op-vpn.pl \ - --op=show-ipsec-sa-stats-conn \ - --peer="$6" \ - --tunnel="$8" diff --git a/templates/show/vpn/ipsec/verbose/node.def b/templates/show/vpn/ipsec/verbose/node.def deleted file mode 100644 index fac77a3..0000000 --- a/templates/show/vpn/ipsec/verbose/node.def +++ /dev/null @@ -1,7 +0,0 @@ -help: Show Verbose Detail on all active IPsec Security Associations (SA) -run: if pgrep charon >&/dev/null; then - /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa-detail - else - echo -e "IPSec Process NOT Running\n" - fi - -- cgit v1.2.3 From f6f567b8b168dbe0d4bdb1b08c0f84faa0d362cb Mon Sep 17 00:00:00 2001 From: jules-vyos Date: Sun, 3 Sep 2017 21:25:50 +0100 Subject: Fixes for show vpn ike sa and show vpn ipsec sa Fixed 'show vpn ike sa' to actually show output when the tunnel isn't up. Foxed 'show vpn ipsec sa' to actually use the pretty-printing code, rather than swanctl --list-sas, which is pretty unpleasant. --- lib/OPMode.pm | 16 ++++++++++------ templates/show/vpn/ipsec/sa/node.def | 2 +- 2 files changed, 11 insertions(+), 7 deletions(-) (limited to 'templates/show/vpn') diff --git a/lib/OPMode.pm b/lib/OPMode.pm index 0068e96..38bea1c 100644 --- a/lib/OPMode.pm +++ b/lib/OPMode.pm @@ -615,19 +615,21 @@ sub process_tunnels{ $tunnel_hash{$connectid}->{_ikelife} = $ikelife; $tunnel_hash{$connectid}->{_pfsgrp} = $pfs_group; - } elsif ($line =~ /\]:\s+IKE.* SPIs: .* (reauthentication|rekeying) (disabled|in .*)/) { + } elsif ($line =~ /\]:\s+IKE.* SPIs:/) { my $ikever; ($ikever) = $line =~ /IKEv(.*?) SPI/; $tunnel_hash{$connectid}->{_ikever} = $ikever; my $expiry_time; - (undef,$expiry_time) = $line =~ /(reauthentication|rekeying) (.*)/; - $tunnel_hash{$connectid}->{_ikeexpire} = conv_time($expiry_time); + if($line =~ /(reauthentication|rekeying)/) + {(undef,$expiry_time) = $line =~ /(reauthentication|rekeying) (.*)/; + $tunnel_hash{$connectid}->{_ikeexpire} = conv_time($expiry_time); + my $atime = $tunnel_hash{$connectid}->{_ikelife} - $tunnel_hash{$connectid}->{_ikeexpire}; # $atime = $ike_lifetime - $ike_expire if (($ike_lifetime ne 'n/a') && ($ike_expire ne 'n/a')); $tunnel_hash{$connectid}->{_ikestate} = "up" if ($atime >= 0); - + } } elsif ($line =~ /\]:\s+IKE.proposal:(.*?)\/(.*?)\/(.*?)\/(.*)/) { $tunnel_hash{$connectid}->{_ikeencrypt} = $1; $tunnel_hash{$connectid}->{_ikehash} = $2; @@ -1260,7 +1262,7 @@ sub display_ike_sa_brief { my $lip = $th{$connectid}->{_lip}; $peerid = $th{$connectid}->{_rip}; my $tunnel = "$peerid-$lip"; - next if ($th{$connectid}->{_ikestate} eq 'down'); + #next if ($th{$connectid}->{_ikestate} eq 'down'); if (not exists $tunhash{$tunnel}) { $tunhash{$tunnel}={ _configpeer => conv_id_rev($th{$connectid}->{_peerid}), @@ -1304,8 +1306,10 @@ EOH $dhgrp = conv_dh_group($dhgrp)."(".$dhgrp.")"; my $atime = $life - $expire; $atime = 0 if ($atime == $life); + my $ike_out = "N/A"; + $ike_out = "IKEv".$ver if( $ver > 0 ); printf " %-6s %-6s %-8s %-7s %-14s %-6s %-7s %-7s\n", - $state, "IKEv".$ver, $enc, $hash, $dhgrp, $natt, $atime, $life; + $state, $ike_out, $enc, $hash, $dhgrp, $natt, $atime, $life; } print "\n \n"; } diff --git a/templates/show/vpn/ipsec/sa/node.def b/templates/show/vpn/ipsec/sa/node.def index 99a5cc1..7f569bd 100644 --- a/templates/show/vpn/ipsec/sa/node.def +++ b/templates/show/vpn/ipsec/sa/node.def @@ -1,6 +1,6 @@ help: Show all active IPsec Security Associations (SA) run: if pgrep charon >&/dev/null; then - sudo /usr/sbin/swanctl --list-sas + sudo /opt/vyatta/bin/sudo-users/vyatta-op-vpn.pl --show-ipsec-sa else echo -e "IPSec Process NOT Running\n" fi -- cgit v1.2.3