summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-09-25 10:09:30 +0200
committerChristian Poessinger <christian@poessinger.com>2021-09-25 10:10:23 +0200
commitbcf7a9bb38c537bb1bdc5b37c680e3c65a785278 (patch)
tree6067a17027274998c79552147cc104239c496a51
parentd3b951f2417589b30469970ef5124b8a99ce968d (diff)
downloadvyos-1x-bcf7a9bb38c537bb1bdc5b37c680e3c65a785278.tar.gz
vyos-1x-bcf7a9bb38c537bb1bdc5b37c680e3c65a785278.zip
ipsec: T2816: ipsec-dhclient-hook should only run if swanctl.conf exists
-rwxr-xr-xsrc/etc/dhcp/dhclient-exit-hooks.d/ipsec-dhclient-hook33
1 files changed, 17 insertions, 16 deletions
diff --git a/src/etc/dhcp/dhclient-exit-hooks.d/ipsec-dhclient-hook b/src/etc/dhcp/dhclient-exit-hooks.d/ipsec-dhclient-hook
index 4da12ee02..61a89e62a 100755
--- a/src/etc/dhcp/dhclient-exit-hooks.d/ipsec-dhclient-hook
+++ b/src/etc/dhcp/dhclient-exit-hooks.d/ipsec-dhclient-hook
@@ -61,25 +61,26 @@ if __name__ == '__main__':
new_ip = os.getenv('new_ip_address')
old_ip = os.getenv('old_ip_address')
- conf_lines = read_file(SWANCTL_CONF)
- found = False
- to_match = f'# dhcp:{interface}'
+ if os.path.exists(SWANCTL_CONF):
+ conf_lines = read_file(SWANCTL_CONF)
+ found = False
+ to_match = f'# dhcp:{interface}'
- for i, line in enumerate(conf_lines):
- if line.find(to_match) > 0:
- conf_lines[i] = line.replace(old_ip, new_ip)
- found = True
+ for i, line in enumerate(conf_lines):
+ if line.find(to_match) > 0:
+ conf_lines[i] = line.replace(old_ip, new_ip)
+ found = True
- for i, line in enumerate(secrets_lines):
- if line.find(to_match) > 0:
- secrets_lines[i] = line.replace(old_ip, new_ip)
+ for i, line in enumerate(secrets_lines):
+ if line.find(to_match) > 0:
+ secrets_lines[i] = line.replace(old_ip, new_ip)
- if found:
- write_file(SWANCTL_CONF, conf_lines)
- ipsec_down(old_ip)
- call('sudo ipsec rereadall')
- call('sudo ipsec reload')
- call('sudo swanctl -q')
+ if found:
+ write_file(SWANCTL_CONF, conf_lines)
+ ipsec_down(old_ip)
+ call('sudo ipsec rereadall')
+ call('sudo ipsec reload')
+ call('sudo swanctl -q')
exit(0)
PYEND \ No newline at end of file