#!/usr/bin/perl -w # # Module: vyatta_show_vpn.pl # # **** License **** # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # This code was originally developed by Vyatta, Inc. # Portions created by Vyatta are Copyright (C) 2006, 2007 Vyatta, Inc. # All Rights Reserved. # # Author: Stig Thormodsrud # Date: 2007 # Description: Utility to show various vpn values # # **** End License **** # use strict; use warnings; use lib "/opt/vyatta/share/perl5/"; use Vyatta::Misc qw(get_short_config_path); my $arg0 = $ARGV[0]; if (!defined($arg0)) { die "Please specify either 'secrets' or 'rsa-keys'.\n"; } if ($arg0 eq 'secrets') { my $secret_file = '/etc/ipsec.secrets'; unless ( -r $secret_file) { die "No secrets file $secret_file\n"; } open(my $DAT, '<', $secret_file); my @raw_data=<$DAT>; close($DAT); print "Local Peer Local ID Peer ID Secret\n"; print "-------- ------- -------- ------- ------\n"; foreach my $line (@raw_data) { if ($line =~ /PSK/) { my ($lip, $pip, $lid, $pid, $secret) = ('', '', 'N/A', 'N/A', ''); ($secret) = $line =~ /.*:\s+PSK\s+(\"\S+\")/; ($lip, $pip) = $line =~ /^(\S+)\s+(\S+)\s+\:\s+PSK\s+\"\S+\"/; # This processing with depend heavily on the way we write ipsec.secrets # lines with 3 entries are tagged by the config module so that we can tell # if the 3rd entry is a localid or peerid (left or right) if (! defined($lip)){ if ($line =~ /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+\:\s+PSK\s+\"\S+\"/){ $lip = $1; $pip = $2; $lid = $3; $pid = $4; } elsif ($line =~ /^(\S+)\s+(\S+)\s+(\S+)\s+\:\s+PSK\s+\"\S+\".*\#(.*)\#/){ $lip = $1; $pip = $2; if ($4 eq 'RIGHT'){ $pid = $3 } else {$lid = $3} } } $lip = '0.0.0.0' if ! defined $lip; $pip = '0.0.0.0' if ! defined $pip; printf "%-15s %-15s %-13s %-13s %s\n", $lip, $pip, substr($lid,0,12), substr($pid,0,12), $secret; } } exit 0; } if ($arg0 eq 'rsa-keys') { use Vyatta::VPN::Util; my $key_file = rsa_get_local_key_file(); unless ( -r $key_file) { die "No key file $key_file found.\n"; } my $pubkey = rsa_get_local_pubkey($key_file); my $config_key_file = get_short_config_path($key_file); if ($pubkey eq 0) { die "No local pubkey found.\n"; } print "\nLocal public key ($config_key_file):\n\n$pubkey\n\n"; use Vyatta::Config; my $vc = new Vyatta::Config(); $vc->setLevel('vpn'); my @peers = $vc->listOrigNodes('ipsec site-to-site peer'); foreach my $peer (@peers) { my $mode = $vc->returnOrigValue("ipsec site-to-site peer $peer authentication mode"); if ($mode eq 'rsa') { my $rsa_key_name = $vc->returnOrigValue("ipsec site-to-site peer $peer authentication rsa-key-name"); my $remote_key = $vc->returnOrigValue("rsa-keys rsa-key-name $rsa_key_name rsa-key"); print "=" x 80, "\n"; print "Peer: $peer"; if (defined($rsa_key_name)) { print " ($rsa_key_name)"; } print "\n\n"; if (defined($remote_key)) { print "$remote_key\n"; } } } }