summaryrefslogtreecommitdiff
path: root/src/etc/opennhrp/opennhrp-script.py
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-08-27 14:35:36 +0200
committerGitHub <noreply@github.com>2022-08-27 14:35:36 +0200
commit557b9b8dd234fefcfa8e95c06d4dd30cfb3f7fd5 (patch)
tree1c013ad057cea31c4b40ed69d0906c01cc9126e8 /src/etc/opennhrp/opennhrp-script.py
parent9126170f0b09285cf79f8c40584312bccd67c3e8 (diff)
parent141bf8d437b6c0c76fd0fc21659d10d4477c92a0 (diff)
downloadvyos-1x-557b9b8dd234fefcfa8e95c06d4dd30cfb3f7fd5.tar.gz
vyos-1x-557b9b8dd234fefcfa8e95c06d4dd30cfb3f7fd5.zip
Merge pull request #1500 from aapostoliuk/T1070-sagitta
opennhrp: T1070: Fixed creating IPSEC tunnel to Hub
Diffstat (limited to 'src/etc/opennhrp/opennhrp-script.py')
-rwxr-xr-xsrc/etc/opennhrp/opennhrp-script.py15
1 files changed, 13 insertions, 2 deletions
diff --git a/src/etc/opennhrp/opennhrp-script.py b/src/etc/opennhrp/opennhrp-script.py
index a5293c97e..bf25a7331 100755
--- a/src/etc/opennhrp/opennhrp-script.py
+++ b/src/etc/opennhrp/opennhrp-script.py
@@ -81,7 +81,13 @@ def vici_ike_terminate(list_ikeid: list[str]) -> bool:
session = vici.Session()
for ikeid in list_ikeid:
logger.info(f'Terminating IKE SA with id {ikeid}')
- session.terminate({'ike-id': ikeid, 'timeout': '-1'})
+ session_generator = session.terminate(
+ {'ike-id': ikeid, 'timeout': '-1'})
+ # a dummy `for` loop is required because of requirements
+ # from vici. Without a full iteration on the output, the
+ # command to vici may not be executed completely
+ for _ in session_generator:
+ pass
return True
except Exception as err:
logger.error(f'Failed to terminate SA for IKE ids {list_ikeid}: {err}')
@@ -175,13 +181,18 @@ def vici_initiate(conn: str, child_sa: str, src_addr: str,
f'src_addr: {src_addr}, dst_addr: {dest_addr}')
try:
session = vici.Session()
- session.initiate({
+ session_generator = session.initiate({
'ike': conn,
'child': child_sa,
'timeout': '-1',
'my-host': src_addr,
'other-host': dest_addr
})
+ # a dummy `for` loop is required because of requirements
+ # from vici. Without a full iteration on the output, the
+ # command to vici may not be executed completely
+ for _ in session_generator:
+ pass
return True
except Exception as err:
logger.error(f'Unable to initiate connection {err}')