scripts/vyatta-dmvpn-op.pl


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118

#!/usr/bin/perl -w

use strict;
use warnings;
use lib "/opt/vyatta/share/perl5/";
use Vyatta::Config;
use Getopt::Long;
my $op           = '';
my $profile      = undef;
my $tunnel       = undef;
my $profile_path = 'vpn ipsec profile';

GetOptions(
    "op=s"      => \$op,
    "profile=s" => \$profile,
    "tunnel=s"  => \$tunnel
);

sub get_tunnels {
    my $profile = undef;
    $profile = shift;
    my @profile_tunnels = ();
    if ( defined $profile ) {
        my $config = new Vyatta::Config;
        @profile_tunnels =
          $config->listOrigNodes("$profile_path $profile bind tunnel");
    }
    return @profile_tunnels;
}

sub clear_tunnel {
    my ( $profile, $tunnel ) = @_;
    my $error = undef;
    my $cmd   = undef;

    print "Resetting tunnel $tunnel with profile $profile...\n";

    # turn down the connection
    `sudo ipsec down vpnprof-tunnel-$tunnel`;

    # sleep for 1/4th of a second for connection to go down
    `sudo sleep 0.25`;

# turn connection up. For conns with 'right=%any' it's useless to up, so commented it
#`sudo ipsec up vpnprof-tunnel-$tunnel`;

    # sleep for 3/4th of a second for connection to come up
    #`sudo sleep 0.75`;

    my @addresses = split( ' ',
        `cli-shell-api returnActiveValues interfaces tunnel $tunnel address` );
    for my $addr (@addresses) {
        $addr =~ /'(.*)\.(.*)\.(.*)\.(.*)\//;
        my $pattern = "$1.$2.$3.$4-to-";
        my $line    = `sudo ipsec statusall | grep $pattern | head -n 1`;
        if ( $line =~ /\"(.*-to-.*)\"/ ) {
            my $conn = $1;
            `sudo ipsec down $conn`;

#Actually, we don't need timeouts here cause this script will wait child process to be finished.
            `sudo ipsec up $conn`;
        }
    }

}

if ( $op eq '' ) {
    die 'No op specified';
}

if ( $op eq 'get-all-profiles' ) {

    # get all ipsec profiles
    my $config   = new Vyatta::Config;
    my @profiles = ();
    @profiles = $config->listOrigNodes("$profile_path");
    print "@profiles\n";

}
elsif ( $op eq 'get-tunnels-for-profile' ) {

    # get all tunnels for a specific profile
    die 'Undefined profile to get list of tunnels for' if !defined $profile;
    my @profile_tunnels = get_tunnels("$profile");
    print "@profile_tunnels\n";

}
elsif ( $op eq 'clear-tunnels-for-profile' ) {

    # clear all tunnels for a given profile
    die 'Undefined profile to clear tunnels for' if !defined $profile;
    my @profile_tunnels = get_tunnels("$profile");
    if ( scalar(@profile_tunnels) > 0 ) {
        foreach my $tun ( sort @profile_tunnels ) {
            clear_tunnel( $profile, $tun );
        }
    }

}
elsif ( $op eq 'clear-specific-tunnel-for-profile' ) {

    # clear a specific tunnel for a given profile
    die 'Undefined profile to clear tunnel for' if !defined $profile;
    die 'Undefined tunnel for profile $profile' if !defined $tunnel;
    my @profile_tunnels = get_tunnels("$profile");
    if ( scalar( grep( /^$tunnel$/, @profile_tunnels ) ) > 0 ) {
        clear_tunnel( $profile, $tunnel );
    }
    else {
        die "Undefined tunnel $tunnel for profile $profile\n";
    }

}
else {
    die "Unknown op: $op";
}

exit 0;