summaryrefslogtreecommitdiff
path: root/src/op_mode
diff options
context:
space:
mode:
authorsarthurdev <965089+sarthurdev@users.noreply.github.com>2021-06-14 13:04:04 +0200
committersarthurdev <965089+sarthurdev@users.noreply.github.com>2021-06-15 00:16:42 +0200
commit11b5636519b360074eb2877006f2d8d63d9f6610 (patch)
tree1ff04e1e0aba2167b746f2f1373544e3d38b055d /src/op_mode
parent78099bccc510c90ad7cfa5f56475ba024d5d53a7 (diff)
downloadvyos-1x-11b5636519b360074eb2877006f2d8d63d9f6610.tar.gz
vyos-1x-11b5636519b360074eb2877006f2d8d63d9f6610.zip
ipsec: T2816: T645: T3613: Migrated IPsec to swanctl, includes multiple selectors, and selectors with VTI.
Diffstat (limited to 'src/op_mode')
-rwxr-xr-xsrc/op_mode/vpn_ike_sa.py4
-rwxr-xr-xsrc/op_mode/vpn_ipsec.py13
2 files changed, 9 insertions, 8 deletions
diff --git a/src/op_mode/vpn_ike_sa.py b/src/op_mode/vpn_ike_sa.py
index 28da9f8dc..fe016da45 100755
--- a/src/op_mode/vpn_ike_sa.py
+++ b/src/op_mode/vpn_ike_sa.py
@@ -36,9 +36,9 @@ def ike_sa(peer, nat):
peers = []
for conn in sas:
for name, sa in conn.items():
- if peer and not name.startswith('peer-' + peer):
+ if peer and not name.startswith('peer_' + peer):
continue
- if name.startswith('peer-') and name in peers:
+ if name.startswith('peer_') and name in peers:
continue
if nat and 'nat-local' not in sa:
continue
diff --git a/src/op_mode/vpn_ipsec.py b/src/op_mode/vpn_ipsec.py
index 434186abb..582b5ef95 100755
--- a/src/op_mode/vpn_ipsec.py
+++ b/src/op_mode/vpn_ipsec.py
@@ -100,13 +100,13 @@ def generate_x509_pair(name):
print(f'Private key: {X509_PATH}{name}.key')
def get_peer_connections(peer, tunnel, return_all = False):
- search = rf'^conn (peer-{peer}-(tunnel-[\d]+|vti))$'
+ search = rf'^[\s]*(peer_{peer}_(tunnel_[\d]+|vti)).*'
matches = []
- with open(IPSEC_CONF, 'r') as f:
+ with open(SWANCTL_CONF, 'r') as f:
for line in f.readlines():
result = re.match(search, line)
if result:
- suffix = f'tunnel-{tunnel}' if tunnel.isnumeric() else tunnel
+ suffix = f'tunnel_{tunnel}' if tunnel.isnumeric() else tunnel
if return_all or (result[2] == suffix):
matches.append(result[1])
return matches
@@ -171,13 +171,14 @@ def debug_peer(peer, tunnel):
if not tunnel or tunnel == 'all':
tunnel = ''
- conn = get_peer_connection(peer, tunnel)
+ conn = get_peer_connections(peer, tunnel)
- if not conn:
+ if not conns:
print('Peer not found, aborting')
return
- call(f'sudo /usr/sbin/ipsec statusall | grep {conn}')
+ for conn in conns:
+ call(f'sudo /usr/sbin/ipsec statusall | grep {conn}')
if __name__ == '__main__':
parser = argparse.ArgumentParser()