diff options
author | Christian Breunig <christian@breunig.cc> | 2023-02-14 19:47:23 +0100 |
---|---|---|
committer | Christian Breunig <christian@breunig.cc> | 2023-02-14 19:47:23 +0100 |
commit | e0e550ad1187e10bcd730675c11714a075abc4a0 (patch) | |
tree | 028d6cf13e40bcbeeb437c97f7963c3619e430ad | |
parent | bfbc88defa842ae6b7234db8603238e1c67ba486 (diff) | |
download | vyos-1x-e0e550ad1187e10bcd730675c11714a075abc4a0.tar.gz vyos-1x-e0e550ad1187e10bcd730675c11714a075abc4a0.zip |
strongSwan: T4593: move to charon-systemd
-rw-r--r-- | debian/control | 1 | ||||
-rw-r--r-- | op-mode-definitions/monitor-log.xml.in | 4 | ||||
-rw-r--r-- | op-mode-definitions/show-log.xml.in | 4 | ||||
-rw-r--r-- | op-mode-definitions/vpn-ipsec.xml.in | 12 | ||||
-rwxr-xr-x | src/conf_mode/vpn_ipsec.py | 2 |
5 files changed, 12 insertions, 11 deletions
diff --git a/debian/control b/debian/control index 1e593d378..2b940a412 100644 --- a/debian/control +++ b/debian/control @@ -39,6 +39,7 @@ Depends: beep, bmon, bsdmainutils, + charon-systemd, conntrack, conntrackd, conserver-client, diff --git a/op-mode-definitions/monitor-log.xml.in b/op-mode-definitions/monitor-log.xml.in index ec428a676..d5892398b 100644 --- a/op-mode-definitions/monitor-log.xml.in +++ b/op-mode-definitions/monitor-log.xml.in @@ -274,13 +274,13 @@ <properties> <help>Monitor last lines of ALL VPNs</help> </properties> - <command>journalctl --no-hostname --boot --follow --unit strongswan-starter.service --unit accel-ppp@*.service --unit ocserv.service</command> + <command>journalctl --no-hostname --boot --follow --unit strongswan.service --unit accel-ppp@*.service --unit ocserv.service</command> </leafNode> <leafNode name="ipsec"> <properties> <help>Monitor last lines of IPsec</help> </properties> - <command>journalctl --no-hostname --boot --follow --unit strongswan-starter.service</command> + <command>journalctl --no-hostname --boot --follow --unit strongswan.service</command> </leafNode> <leafNode name="l2tp"> <properties> diff --git a/op-mode-definitions/show-log.xml.in b/op-mode-definitions/show-log.xml.in index f5e5b1493..c626e45fb 100644 --- a/op-mode-definitions/show-log.xml.in +++ b/op-mode-definitions/show-log.xml.in @@ -421,13 +421,13 @@ <properties> <help>Show log for ALL</help> </properties> - <command>journalctl --no-hostname --boot --unit strongswan-starter.service --unit accel-ppp@*.service --unit ocserv.service</command> + <command>journalctl --no-hostname --boot --unit strongswan.service --unit accel-ppp@*.service --unit ocserv.service</command> </leafNode> <leafNode name="ipsec"> <properties> <help>Show log for IPsec</help> </properties> - <command>journalctl --no-hostname --boot --unit strongswan-starter.service</command> + <command>journalctl --no-hostname --boot --unit strongswan.service</command> </leafNode> <leafNode name="l2tp"> <properties> diff --git a/op-mode-definitions/vpn-ipsec.xml.in b/op-mode-definitions/vpn-ipsec.xml.in index f6b5e6020..eca9f6fd9 100644 --- a/op-mode-definitions/vpn-ipsec.xml.in +++ b/op-mode-definitions/vpn-ipsec.xml.in @@ -53,11 +53,11 @@ </node> <node name="restart"> <children> - <node name="vpn"> + <node name="ipsec"> <properties> <help>Restart the IPsec VPN process</help> </properties> - <command>if pgrep charon >/dev/null ; then sudo ipsec restart ; sleep 3 ; sudo swanctl -q ; else echo "IPsec process not running" ; fi</command> + <command>if systemctl is-active --quiet strongswan; then sudo systemctl restart strongswan ; echo "IPsec process restarted"; else echo "IPsec process not running" ; fi</command> </node> </children> </node> @@ -128,7 +128,7 @@ <properties> <help>Show summary of IKE process information</help> </properties> - <command>if pgrep charon >/dev/null ; then echo "Running: $(pgrep charon)" ; else echo "Process is not running" ; fi</command> + <command>if systemctl is-active --quiet strongswan ; then systemctl status strongswan ; else echo "Process is not running" ; fi</command> </node> </children> </node> @@ -190,10 +190,10 @@ <properties> <help>Show Verbose Detail on all active IPsec Security Associations (SA)</help> </properties> - <command>if pgrep charon >/dev/null ; then sudo /usr/sbin/ipsec statusall ; else echo "IPsec process not running" ; fi</command> + <command>if systemctl is-active --quiet strongswan ; then sudo /usr/sbin/ipsec statusall ; else echo "IPsec process not running" ; fi</command> </node> </children> - <command>if pgrep charon >/dev/null ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_sa ; else echo "IPsec process not running" ; fi</command> + <command>if systemctl is-active --quiet strongswan ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_sa ; else echo "IPsec process not running" ; fi</command> </node> <node name="state"> <properties> @@ -205,7 +205,7 @@ <properties> <help>Show status of IPsec process</help> </properties> - <command>if pgrep charon >/dev/null ; then echo -e "IPsec Process Running: $(pgrep charon)\n$(sudo /usr/sbin/ipsec status)" ; else echo "IPsec process not running" ; fi</command> + <command>if systemctl is-active --quiet strongswan >/dev/null ; then echo -e "IPsec Process Running: $(pgrep charon)\n$(sudo /usr/sbin/ipsec status)" ; else echo "IPsec process not running" ; fi</command> </node> </children> </node> diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py index ce4f13d27..10bad8c74 100755 --- a/src/conf_mode/vpn_ipsec.py +++ b/src/conf_mode/vpn_ipsec.py @@ -646,7 +646,7 @@ def wait_for_vici_socket(timeout=5, sleep_interval=0.1): sleep(sleep_interval) def apply(ipsec): - systemd_service = 'strongswan-starter.service' + systemd_service = 'strongswan.service' if not ipsec: call(f'systemctl stop {systemd_service}') else: |