blob: 3be7fd8da18f47c849190e35edbc6a6ba44f7ede (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
#!/usr/bin/perl -w
use strict;
use warnings;
use lib "/opt/vyatta/share/perl5/";
use Vyatta::Config;
use Getopt::Long;
my $op='';
my $peer=undef;
my $tunnel=undef;
my $s2s_peer_path='vpn ipsec site-to-site peer';
GetOptions( "op=s" => \$op,
"peer=s" => \$peer,
"tunnel=s" => \$tunnel);
sub numerically { $a <=> $b; }
sub get_tunnels {
my $s2s_peer = undef;
$s2s_peer = shift;
my @peer_tunnels = ();
if (defined $s2s_peer) {
my $config = new Vyatta::Config;
@peer_tunnels = $config->listOrigNodes("$s2s_peer_path $s2s_peer tunnel");
}
return @peer_tunnels;
}
sub get_vtis {
my $s2s_peer = undef;
$s2s_peer = shift;
my @peer_tunnels = ();
if (defined $s2s_peer) {
my $config = new Vyatta::Config;
@peer_tunnels = $config->listOrigNodes("$s2s_peer_path $s2s_peer vti");
}
return @peer_tunnels;
}
sub clear_tunnel {
my ($peer, $tunnel) = @_;
my $error = undef;
my $cmd = undef;
$peer =~ s/@//;
print "Resetting tunnel $tunnel with peer $peer...\n";
# bring down the tunnel
`sudo /usr/sbin/ipsec down peer-$peer-tunnel-$tunnel\{\*\}`;
# bring up the tunnel
`sudo /usr/sbin/ipsec up peer-$peer-tunnel-$tunnel`;
}
if ($op eq '') {
die 'No op specified';
}
if ($op eq 'clear-vpn-ipsec-process') {
print "Restarting IPsec process...\n";
my $update_interval = `cli-shell-api returnActiveValue vpn ipsec auto-update`;
if ($update_interval eq ''){
system 'sudo /usr/sbin/ipsec restart >&/dev/null';
# Check if nhrp configuration exists, exit code
# As 'restart vpn' doesn't load nhrp configuration T3846
if (system('cli-shell-api existsActive protocols nhrp') == 0) {
system 'sudo swanctl --load-all';
}
} else {
system 'sudo /usr/sbin/ipsec restart --auto-update '.$update_interval.' >&/dev/null';
}
} elsif ($op eq 'show-vpn-debug') {
system 'sudo /usr/sbin/ipsec statusall';
} elsif ($op eq 'show-vpn-debug-detail') {
system 'sudo /usr/lib/ipsec/barf';
} elsif ($op eq 'get-all-peers') {
# get all site-to-site peers
my $config = new Vyatta::Config;
my @peers = ();
@peers = $config->listOrigNodes("$s2s_peer_path");
print "@peers\n";
} elsif ($op eq 'get-tunnels-for-peer') {
# get all tunnels for a specific site-to-site peer
die 'Undefined peer to get list of tunnels for' if ! defined $peer;
my @peer_tunnels = get_tunnels("$peer");
print "@peer_tunnels\n";
} elsif ($op eq 'clear-tunnels-for-peer') {
# clear all tunnels for a given site-to-site peer
die 'Undefined peer to clear tunnels for' if ! defined $peer;
my @peer_tunnels = get_tunnels("$peer");
if (scalar(@peer_tunnels)>0) {
foreach my $tun (sort numerically @peer_tunnels) {
clear_tunnel($peer, $tun);
}
} else {
my @peer_vtis = get_vtis("$peer");
if (scalar(@peer_vtis)>0) {
clear_tunnel($peer, 'vti');
} else {
die "No tunnel defined for peer $peer\n";
}
}
} elsif ($op eq 'clear-specific-tunnel-for-peer') {
# clear a specific tunnel for a given site-to-site peer
die 'Undefined peer to clear tunnel for' if ! defined $peer;
die 'Undefined tunnel for peer $peer' if ! defined $tunnel;
my @peer_tunnels = get_tunnels("$peer");
if (scalar(grep(/^$tunnel$/,@peer_tunnels))>0) {
clear_tunnel($peer, $tunnel);
} else {
die "Undefined tunnel $tunnel for peer $peer\n";
}
} elsif ($op eq 'clear-vtis-for-peer') {
# clear all vti for a given site-to-site peer
die 'Undefined peer to clear vti for' if ! defined $peer;
my @peer_vtis = get_vtis("$peer");
if (scalar(@peer_vtis)>0) {
clear_tunnel($peer, 'vti');
} else {
die "No vti defined for peer $peer\n";
}
} else {
die "Unknown op: $op";
}
exit 0;
|
