Merge pull request #1500 from aapostoliuk/T1070-sagitta

opennhrp: T1070: Fixed creating IPSEC tunnel to Hub
author: Christian Poessinger <christian@poessinger.com> 2022-08-27 14:35:36 +0200
committer: GitHub <noreply@github.com> 2022-08-27 14:35:36 +0200
commit: 557b9b8dd234fefcfa8e95c06d4dd30cfb3f7fd5 (patch)
tree: 1c013ad057cea31c4b40ed69d0906c01cc9126e8 /src/etc
parent: 9126170f0b09285cf79f8c40584312bccd67c3e8 (diff)
parent: 141bf8d437b6c0c76fd0fc21659d10d4477c92a0 (diff)
download: vyos-1x-557b9b8dd234fefcfa8e95c06d4dd30cfb3f7fd5.tar.gz
vyos-1x-557b9b8dd234fefcfa8e95c06d4dd30cfb3f7fd5.zip
1 files changed, 13 insertions, 2 deletions
diff --git a/src/etc/opennhrp/opennhrp-script.py b/src/etc/opennhrp/opennhrp-script.py
index a5293c97e..bf25a7331 100755
--- a/src/etc/opennhrp/opennhrp-script.py
+++ b/src/etc/opennhrp/opennhrp-script.py
@@ -81,7 +81,13 @@ def vici_ike_terminate(list_ikeid: list[str]) -> bool:
         session = vici.Session()
         for ikeid in list_ikeid:
             logger.info(f'Terminating IKE SA with id {ikeid}')
-            session.terminate({'ike-id': ikeid, 'timeout': '-1'})
+            session_generator = session.terminate(
+                {'ike-id': ikeid, 'timeout': '-1'})
+            # a dummy `for` loop is required because of requirements
+            # from vici. Without a full iteration on the output, the
+            # command to vici may not be executed completely
+            for _ in session_generator:
+                pass
         return True
     except Exception as err:
         logger.error(f'Failed to terminate SA for IKE ids {list_ikeid}: {err}')
@@ -175,13 +181,18 @@ def vici_initiate(conn: str, child_sa: str, src_addr: str,
         f'src_addr: {src_addr}, dst_addr: {dest_addr}')
     try:
         session = vici.Session()
-        session.initiate({
+        session_generator = session.initiate({
             'ike': conn,
             'child': child_sa,
             'timeout': '-1',
             'my-host': src_addr,
             'other-host': dest_addr
         })
+        # a dummy `for` loop is required because of requirements
+        # from vici. Without a full iteration on the output, the
+        # command to vici may not be executed completely
+        for _ in session_generator:
+            pass
         return True
     except Exception as err:
         logger.error(f'Unable to initiate connection {err}')
author	Christian Poessinger <christian@poessinger.com>	2022-08-27 14:35:36 +0200
committer	GitHub <noreply@github.com>	2022-08-27 14:35:36 +0200
commit	557b9b8dd234fefcfa8e95c06d4dd30cfb3f7fd5 (patch)
tree	1c013ad057cea31c4b40ed69d0906c01cc9126e8 /src/etc
parent	9126170f0b09285cf79f8c40584312bccd67c3e8 (diff)
parent	141bf8d437b6c0c76fd0fc21659d10d4477c92a0 (diff)
download	vyos-1x-557b9b8dd234fefcfa8e95c06d4dd30cfb3f7fd5.tar.gz vyos-1x-557b9b8dd234fefcfa8e95c06d4dd30cfb3f7fd5.zip