diff options
author | Christian Breunig <christian@breunig.cc> | 2023-02-15 19:03:27 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-02-15 19:03:27 +0100 |
commit | 63dfe01db5fb60031cf5b4b017a2f172166fe4b7 (patch) | |
tree | c358249d37f06dca5733547b096e4ab557dc3463 /src/conf_mode | |
parent | c4d26a3aaca68d0014ce65d97184f7ce6258d6df (diff) | |
parent | 45b16864b11ea49087ce4a279e2c0e741a97c0ee (diff) | |
download | vyos-1x-63dfe01db5fb60031cf5b4b017a2f172166fe4b7.tar.gz vyos-1x-63dfe01db5fb60031cf5b4b017a2f172166fe4b7.zip |
Merge pull request #1821 from sarthurdev/ipsec
ipsec: T4593: Migrate and remove legacy `include-ipsec` nodes
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-x | src/conf_mode/vpn_ipsec.py | 17 |
1 files changed, 0 insertions, 17 deletions
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py index 10bad8c74..8263358ea 100755 --- a/src/conf_mode/vpn_ipsec.py +++ b/src/conf_mode/vpn_ipsec.py @@ -53,8 +53,6 @@ dhcp_wait_attempts = 2 dhcp_wait_sleep = 1 swanctl_dir = '/etc/swanctl' -ipsec_conf = '/etc/ipsec.conf' -ipsec_secrets = '/etc/ipsec.secrets' charon_conf = '/etc/strongswan.d/charon.conf' charon_dhcp_conf = '/etc/strongswan.d/charon/dhcp.conf' charon_radius_conf = '/etc/strongswan.d/charon/eap-radius.conf' @@ -618,8 +616,6 @@ def generate(ipsec): if id: ipsec['authentication']['psk'][psk]['id'].append(id) - render(ipsec_conf, 'ipsec/ipsec.conf.j2', ipsec) - render(ipsec_secrets, 'ipsec/ipsec.secrets.j2', ipsec) render(charon_conf, 'ipsec/charon.j2', ipsec) render(charon_dhcp_conf, 'ipsec/charon/dhcp.conf.j2', ipsec) render(charon_radius_conf, 'ipsec/charon/eap-radius.conf.j2', ipsec) @@ -634,25 +630,12 @@ def resync_nhrp(ipsec): if tmp > 0: print('ERROR: failed to reapply NHRP settings!') -def wait_for_vici_socket(timeout=5, sleep_interval=0.1): - start_time = time() - test_command = f'sudo socat -u OPEN:/dev/null UNIX-CONNECT:{vici_socket}' - while True: - if (start_time + timeout) < time(): - return None - result = run(test_command) - if result == 0: - return True - sleep(sleep_interval) - def apply(ipsec): systemd_service = 'strongswan.service' if not ipsec: call(f'systemctl stop {systemd_service}') else: call(f'systemctl reload-or-restart {systemd_service}') - if wait_for_vici_socket(): - call('sudo swanctl -q') resync_nhrp(ipsec) |