From 04cb338f62c4e6a8ebd062a524cd2c1c6a3489f4 Mon Sep 17 00:00:00 2001
From: Mohit Mehta <mohit.mehta@vyatta.com>
Date: Thu, 10 Dec 2009 17:19:18 -0800
Subject: fix show vpn commands to work with strongswan (cherry picked from
 commit 32927e013922e1a79b0f214773e2500a1260871a)

---
 templates/show/vpn/ike/sa/peer/node.tag/node.def                | 1 +
 templates/show/vpn/ipsec/sa/detail/connection/node.tag/node.def | 2 +-
 templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def       | 1 +
 templates/show/vpn/ipsec/sa/peer/node.tag/node.def              | 1 +
 templates/show/vpn/ipsec/status/node.def                        | 7 ++++++-
 5 files changed, 10 insertions(+), 2 deletions(-)

(limited to 'templates')

diff --git a/templates/show/vpn/ike/sa/peer/node.tag/node.def b/templates/show/vpn/ike/sa/peer/node.tag/node.def
index dae4fae..358d898 100644
--- a/templates/show/vpn/ike/sa/peer/node.tag/node.def
+++ b/templates/show/vpn/ike/sa/peer/node.tag/node.def
@@ -1,2 +1,3 @@
 help: Show all currently active IKE Security Associations (SA) for a specific peer
+allowed: /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=get-all-peers
 run: sudo /opt/vyatta/bin/sudo-users/command_proc_show_vpn show_vpn_ike_sa.xsl --pname peer --pval "$6"
diff --git a/templates/show/vpn/ipsec/sa/detail/connection/node.tag/node.def b/templates/show/vpn/ipsec/sa/detail/connection/node.tag/node.def
index 2f7c8f3..c38a84c 100644
--- a/templates/show/vpn/ipsec/sa/detail/connection/node.tag/node.def
+++ b/templates/show/vpn/ipsec/sa/detail/connection/node.tag/node.def
@@ -2,4 +2,4 @@ help: Show detailed all active IPsec Security Associations (SA) for a specific c
 
 run: sudo /opt/vyatta/bin/sudo-users/command_proc_show_vpn show_vpn_ipsec_sa.xsl --pname detail --pval y --pname conn --pval "$7"
 
-allowed: sudo /usr/sbin/ipsec auto --status | grep '000 "peer-' | perl -p -e 's/^000 "([^"]*)":\s.*/\1/' | sort -u
+allowed: sudo /usr/sbin/ipsec status | grep '000 "peer-' | perl -p -e 's/^000 "([^"]*)":\s.*/\1/' | sort -u
diff --git a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def b/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def
index 6bc7dbb..6e43c91 100644
--- a/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def
+++ b/templates/show/vpn/ipsec/sa/detail/peer/node.tag/node.def
@@ -1,2 +1,3 @@
 help: Show detailed all active IPsec Security Associations (SA) for a specific peer
+allowed: /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=get-all-peers
 run: sudo /opt/vyatta/bin/sudo-users/command_proc_show_vpn show_vpn_ipsec_sa.xsl --pname detail --pval y --pname peer --pval "$7"
diff --git a/templates/show/vpn/ipsec/sa/peer/node.tag/node.def b/templates/show/vpn/ipsec/sa/peer/node.tag/node.def
index bee0b0d..210c40a 100644
--- a/templates/show/vpn/ipsec/sa/peer/node.tag/node.def
+++ b/templates/show/vpn/ipsec/sa/peer/node.tag/node.def
@@ -1,2 +1,3 @@
 help: Show all active IPsec Security Associations (SA) for a specific peer
+allowed: /opt/vyatta/bin/sudo-users/vyatta-vpn-op.pl --op=get-all-peers
 run: sudo /opt/vyatta/bin/sudo-users/command_proc_show_vpn show_vpn_ipsec_sa.xsl --pname peer --pval "$6"
diff --git a/templates/show/vpn/ipsec/status/node.def b/templates/show/vpn/ipsec/status/node.def
index ac82328..4611fdd 100644
--- a/templates/show/vpn/ipsec/status/node.def
+++ b/templates/show/vpn/ipsec/status/node.def
@@ -1,2 +1,7 @@
 help: Show status of IPsec process
-run: sudo /opt/vyatta/bin/sudo-users/command_proc_show_vpn show_vpn_ipsec_status.xsl
+run:	sudo /opt/vyatta/bin/sudo-users/command_proc_show_vpn show_vpn_ipsec_status.xsl
+			if pgrep pluto >&/dev/null; then
+				active_tunnels=`ipsec status 2> /dev/null | grep -i "ipsec sa established" | wc -l | sed s/\ //g`
+				echo "$active_tunnels Active IPsec Tunnels"
+				echo
+			fi
-- 
cgit v1.2.3