vyos-1x.git/src/conf_mode/ipsec-settings.py, branch equuleus

vyos-1x.git/src/conf_mode/ipsec-settings.py, branch equuleus VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) https://git.amelek.net/vyos/vyos-1x.git/atom?h=equuleus 2021-09-04T16:29:21+00:00 T3697: do not try to restart charon if it's not required 2021-09-04T16:29:21+00:00 Daniil Baturin daniil@baturin.org 2021-09-04T06:23:55+00:00 urn:sha1:30ca5a07498693d820b3728951a184e02cfa61f9 The root cause is that the ipsec-settings.py script is run _twice_: first from "vpn ipsec options", then from the top level "vpn" node. The case when it's not required is when: * "vpn ipsec" configuration doesn't exist yet * user configured it with "vpn ipsec options" * the ipsec-settings.py script is run first time, from "vpn ipsec options" Trying to restart charon at that stage leads to a deadlock. T3697: check config.exists rather than exists_effective 2021-08-12T13:04:44+00:00 Daniil Baturin daniil@vyos.io 2021-08-12T13:04:44+00:00 urn:sha1:94ef913e630426ff255a2090f1f697a937d51b42 T3697: explicitly wait for the charon process to respond to strokes 2021-08-02T08:26:42+00:00 Daniil Baturin daniil@vyos.io 2021-08-02T08:26:42+00:00 urn:sha1:50a1392564611951142b8a2ca7d2af0dc4cb5cc7 T3697: wait for charon to get started before trying to restart it. 2021-07-27T11:16:01+00:00 Daniil Baturin daniil@vyos.io 2021-07-27T11:02:03+00:00 urn:sha1:503bdbd444d993ddee0687e7ef5a51f3ad738b25 T3697: fix a conditional. 2021-07-24T15:41:40+00:00 Daniil Baturin daniil@vyos.io 2021-07-24T15:41:40+00:00 urn:sha1:a374e94a72d64d71761687971de92693cd4e919c T3697: hopefully complete fix for checking whether IPsec should start. 2021-07-24T10:44:51+00:00 Daniil Baturin daniil@vyos.io 2021-07-24T10:44:51+00:00 urn:sha1:d7ec4e8b33078d0536a8b5da8422234cb7522e4f T3697: return an empty dict when IPsec isn't fully configured 2021-07-24T04:44:00+00:00 Daniil Baturin daniil@vyos.io 2021-07-24T04:43:03+00:00 urn:sha1:483e0b3327918719fb38dbdd9b6fb755aecce2eb to avoid trying to wait for a daemon that shouldn't even be running. T3697: check if strongswan should be running before attempting to restart it. 2021-07-22T15:43:51+00:00 Daniil Baturin daniil@vyos.io 2021-07-22T15:43:51+00:00 urn:sha1:ed63951fc63fe58cd1ec1f4b26f3fe955315e0cb T3663: use inotify-based watching for the IPsec process restart. 2021-07-13T13:21:46+00:00 Daniil Baturin daniil@vyos.io 2021-07-13T13:07:58+00:00 urn:sha1:bc0c0bbf52a13855481e82a958cba833de45d310 vyos.template: T2720: always enable Jinja2 trim_blocks feature 2020-11-27T14:41:17+00:00 Christian Poessinger christian@poessinger.com 2020-11-27T14:41:17+00:00 urn:sha1:a2ac9fac16eeb626d3969092fecf463650750640