summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2019-12-05 14:38:02 +0100
committerGitHub <noreply@github.com>2019-12-05 14:38:02 +0100
commit470fc2fd021403e350e655e56742aae59fd6b6a1 (patch)
tree95265b4d1d001f9b98dd901ec3917722a1b0abc7 /src
parentfbc066cbf7c3614b6144f5447408727c4e0f0aa6 (diff)
parentf412545f8d43ab7523790f159bd4f8416fa94e2e (diff)
downloadvyos-1x-470fc2fd021403e350e655e56742aae59fd6b6a1.tar.gz
vyos-1x-470fc2fd021403e350e655e56742aae59fd6b6a1.zip
Merge pull request #177 from DmitriyEshenko/dmvpn
dmvpn: T1784: Add swanctl load call
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/ipsec-settings.py21
1 files changed, 17 insertions, 4 deletions
diff --git a/src/conf_mode/ipsec-settings.py b/src/conf_mode/ipsec-settings.py
index 156bb2edd..331a62316 100755
--- a/src/conf_mode/ipsec-settings.py
+++ b/src/conf_mode/ipsec-settings.py
@@ -21,6 +21,7 @@ import re
import os
import jinja2
import syslog as sl
+import time
import vyos.config
import vyos.defaults
@@ -38,6 +39,7 @@ server_cert_path = '/etc/ipsec.d/certs'
server_key_path = '/etc/ipsec.d/private'
delim_ipsec_l2tp_begin = "### VyOS L2TP VPN Begin ###"
delim_ipsec_l2tp_end = "### VyOS L2TP VPN End ###"
+charon_pidfile = '/var/run/charon.pid'
l2pt_ipsec_conf = '''
{{delim_ipsec_l2tp_begin}}
@@ -243,11 +245,22 @@ def generate(data):
remove_confs(delim_ipsec_l2tp_begin, delim_ipsec_l2tp_end, ipsec_secrets_flie)
remove_confs(delim_ipsec_l2tp_begin, delim_ipsec_l2tp_end, ipsec_conf_flie)
-def apply(data):
- # Do nothing
- # StrongSWAN should only be restarted when actual tunnels are configured
- # Restart ipsec for l2tp
+def restart_ipsec():
os.system("ipsec restart >&/dev/null")
+ # counter for apply swanctl config
+ counter = 10
+ while counter <= 10:
+ if os.path.exists(charon_pidfile):
+ os.system("swanctl -q >&/dev/null")
+ break
+ counter -=1
+ time.sleep(1)
+ if counter == 0:
+ raise ConfigError('VPN configuration error: IPSec is not running.')
+
+def apply(data):
+ # Restart IPSec daemon
+ restart_ipsec()
if __name__ == '__main__':
try: