summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-02-14 19:47:23 +0100
committerChristian Breunig <christian@breunig.cc>2023-02-14 19:47:23 +0100
commite0e550ad1187e10bcd730675c11714a075abc4a0 (patch)
tree028d6cf13e40bcbeeb437c97f7963c3619e430ad
parentbfbc88defa842ae6b7234db8603238e1c67ba486 (diff)
downloadvyos-1x-e0e550ad1187e10bcd730675c11714a075abc4a0.tar.gz
vyos-1x-e0e550ad1187e10bcd730675c11714a075abc4a0.zip
strongSwan: T4593: move to charon-systemd
-rw-r--r--debian/control1
-rw-r--r--op-mode-definitions/monitor-log.xml.in4
-rw-r--r--op-mode-definitions/show-log.xml.in4
-rw-r--r--op-mode-definitions/vpn-ipsec.xml.in12
-rwxr-xr-xsrc/conf_mode/vpn_ipsec.py2
5 files changed, 12 insertions, 11 deletions
diff --git a/debian/control b/debian/control
index 1e593d378..2b940a412 100644
--- a/debian/control
+++ b/debian/control
@@ -39,6 +39,7 @@ Depends:
beep,
bmon,
bsdmainutils,
+ charon-systemd,
conntrack,
conntrackd,
conserver-client,
diff --git a/op-mode-definitions/monitor-log.xml.in b/op-mode-definitions/monitor-log.xml.in
index ec428a676..d5892398b 100644
--- a/op-mode-definitions/monitor-log.xml.in
+++ b/op-mode-definitions/monitor-log.xml.in
@@ -274,13 +274,13 @@
<properties>
<help>Monitor last lines of ALL VPNs</help>
</properties>
- <command>journalctl --no-hostname --boot --follow --unit strongswan-starter.service --unit accel-ppp@*.service --unit ocserv.service</command>
+ <command>journalctl --no-hostname --boot --follow --unit strongswan.service --unit accel-ppp@*.service --unit ocserv.service</command>
</leafNode>
<leafNode name="ipsec">
<properties>
<help>Monitor last lines of IPsec</help>
</properties>
- <command>journalctl --no-hostname --boot --follow --unit strongswan-starter.service</command>
+ <command>journalctl --no-hostname --boot --follow --unit strongswan.service</command>
</leafNode>
<leafNode name="l2tp">
<properties>
diff --git a/op-mode-definitions/show-log.xml.in b/op-mode-definitions/show-log.xml.in
index f5e5b1493..c626e45fb 100644
--- a/op-mode-definitions/show-log.xml.in
+++ b/op-mode-definitions/show-log.xml.in
@@ -421,13 +421,13 @@
<properties>
<help>Show log for ALL</help>
</properties>
- <command>journalctl --no-hostname --boot --unit strongswan-starter.service --unit accel-ppp@*.service --unit ocserv.service</command>
+ <command>journalctl --no-hostname --boot --unit strongswan.service --unit accel-ppp@*.service --unit ocserv.service</command>
</leafNode>
<leafNode name="ipsec">
<properties>
<help>Show log for IPsec</help>
</properties>
- <command>journalctl --no-hostname --boot --unit strongswan-starter.service</command>
+ <command>journalctl --no-hostname --boot --unit strongswan.service</command>
</leafNode>
<leafNode name="l2tp">
<properties>
diff --git a/op-mode-definitions/vpn-ipsec.xml.in b/op-mode-definitions/vpn-ipsec.xml.in
index f6b5e6020..eca9f6fd9 100644
--- a/op-mode-definitions/vpn-ipsec.xml.in
+++ b/op-mode-definitions/vpn-ipsec.xml.in
@@ -53,11 +53,11 @@
</node>
<node name="restart">
<children>
- <node name="vpn">
+ <node name="ipsec">
<properties>
<help>Restart the IPsec VPN process</help>
</properties>
- <command>if pgrep charon >/dev/null ; then sudo ipsec restart ; sleep 3 ; sudo swanctl -q ; else echo "IPsec process not running" ; fi</command>
+ <command>if systemctl is-active --quiet strongswan; then sudo systemctl restart strongswan ; echo "IPsec process restarted"; else echo "IPsec process not running" ; fi</command>
</node>
</children>
</node>
@@ -128,7 +128,7 @@
<properties>
<help>Show summary of IKE process information</help>
</properties>
- <command>if pgrep charon >/dev/null ; then echo "Running: $(pgrep charon)" ; else echo "Process is not running" ; fi</command>
+ <command>if systemctl is-active --quiet strongswan ; then systemctl status strongswan ; else echo "Process is not running" ; fi</command>
</node>
</children>
</node>
@@ -190,10 +190,10 @@
<properties>
<help>Show Verbose Detail on all active IPsec Security Associations (SA)</help>
</properties>
- <command>if pgrep charon >/dev/null ; then sudo /usr/sbin/ipsec statusall ; else echo "IPsec process not running" ; fi</command>
+ <command>if systemctl is-active --quiet strongswan ; then sudo /usr/sbin/ipsec statusall ; else echo "IPsec process not running" ; fi</command>
</node>
</children>
- <command>if pgrep charon >/dev/null ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_sa ; else echo "IPsec process not running" ; fi</command>
+ <command>if systemctl is-active --quiet strongswan ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_sa ; else echo "IPsec process not running" ; fi</command>
</node>
<node name="state">
<properties>
@@ -205,7 +205,7 @@
<properties>
<help>Show status of IPsec process</help>
</properties>
- <command>if pgrep charon >/dev/null ; then echo -e "IPsec Process Running: $(pgrep charon)\n$(sudo /usr/sbin/ipsec status)" ; else echo "IPsec process not running" ; fi</command>
+ <command>if systemctl is-active --quiet strongswan >/dev/null ; then echo -e "IPsec Process Running: $(pgrep charon)\n$(sudo /usr/sbin/ipsec status)" ; else echo "IPsec process not running" ; fi</command>
</node>
</children>
</node>
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py
index ce4f13d27..10bad8c74 100755
--- a/src/conf_mode/vpn_ipsec.py
+++ b/src/conf_mode/vpn_ipsec.py
@@ -646,7 +646,7 @@ def wait_for_vici_socket(timeout=5, sleep_interval=0.1):
sleep(sleep_interval)
def apply(ipsec):
- systemd_service = 'strongswan-starter.service'
+ systemd_service = 'strongswan.service'
if not ipsec:
call(f'systemctl stop {systemd_service}')
else: