diff options
author | Christian Poessinger <christian@poessinger.com> | 2019-12-05 14:38:02 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-12-05 14:38:02 +0100 |
commit | 470fc2fd021403e350e655e56742aae59fd6b6a1 (patch) | |
tree | 95265b4d1d001f9b98dd901ec3917722a1b0abc7 /src | |
parent | fbc066cbf7c3614b6144f5447408727c4e0f0aa6 (diff) | |
parent | f412545f8d43ab7523790f159bd4f8416fa94e2e (diff) | |
download | vyos-1x-470fc2fd021403e350e655e56742aae59fd6b6a1.tar.gz vyos-1x-470fc2fd021403e350e655e56742aae59fd6b6a1.zip |
Merge pull request #177 from DmitriyEshenko/dmvpn
dmvpn: T1784: Add swanctl load call
Diffstat (limited to 'src')
-rwxr-xr-x | src/conf_mode/ipsec-settings.py | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/src/conf_mode/ipsec-settings.py b/src/conf_mode/ipsec-settings.py index 156bb2edd..331a62316 100755 --- a/src/conf_mode/ipsec-settings.py +++ b/src/conf_mode/ipsec-settings.py @@ -21,6 +21,7 @@ import re import os import jinja2 import syslog as sl +import time import vyos.config import vyos.defaults @@ -38,6 +39,7 @@ server_cert_path = '/etc/ipsec.d/certs' server_key_path = '/etc/ipsec.d/private' delim_ipsec_l2tp_begin = "### VyOS L2TP VPN Begin ###" delim_ipsec_l2tp_end = "### VyOS L2TP VPN End ###" +charon_pidfile = '/var/run/charon.pid' l2pt_ipsec_conf = ''' {{delim_ipsec_l2tp_begin}} @@ -243,11 +245,22 @@ def generate(data): remove_confs(delim_ipsec_l2tp_begin, delim_ipsec_l2tp_end, ipsec_secrets_flie) remove_confs(delim_ipsec_l2tp_begin, delim_ipsec_l2tp_end, ipsec_conf_flie) -def apply(data): - # Do nothing - # StrongSWAN should only be restarted when actual tunnels are configured - # Restart ipsec for l2tp +def restart_ipsec(): os.system("ipsec restart >&/dev/null") + # counter for apply swanctl config + counter = 10 + while counter <= 10: + if os.path.exists(charon_pidfile): + os.system("swanctl -q >&/dev/null") + break + counter -=1 + time.sleep(1) + if counter == 0: + raise ConfigError('VPN configuration error: IPSec is not running.') + +def apply(data): + # Restart IPSec daemon + restart_ipsec() if __name__ == '__main__': try: |