diff options
| -rwxr-xr-x | smoketest/scripts/cli/test_vpn_ipsec.py | 4 | ||||
| -rwxr-xr-x | src/conf_mode/vpn_ipsec.py | 2 | ||||
| -rwxr-xr-x | src/etc/dhcp/dhclient-exit-hooks.d/ipsec-dhclient-hook | 2 | ||||
| -rw-r--r-- | src/etc/systemd/system/ipsec.service.d/override.conf | 7 | ||||
| -rwxr-xr-x | src/op_mode/vpn_ipsec.py | 4 |
5 files changed, 6 insertions, 13 deletions
diff --git a/smoketest/scripts/cli/test_vpn_ipsec.py b/smoketest/scripts/cli/test_vpn_ipsec.py index b7e9d8dcf..b27ed3ca5 100755 --- a/smoketest/scripts/cli/test_vpn_ipsec.py +++ b/smoketest/scripts/cli/test_vpn_ipsec.py @@ -28,7 +28,7 @@ nhrp_path = ['protocols', 'nhrp'] base_path = ['vpn', 'ipsec'] dhcp_waiting_file = '/tmp/ipsec_dhcp_waiting' -swanctl_file = '/run/swanctl/swanctl.conf' +swanctl_file = '/etc/swanctl/swanctl.conf' class TestVPNIPsec(VyOSUnitTestSHIM.TestCase): def tearDown(self): @@ -250,7 +250,7 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase): 'secret = secret' ] - tmp_swanctl_conf = read_file(swanctl_file) + tmp_swanctl_conf = read_file('/etc/swanctl/swanctl.conf') for line in swanctl_lines: self.assertIn(line, tmp_swanctl_conf) diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py index 535e633ed..433c51e7e 100755 --- a/src/conf_mode/vpn_ipsec.py +++ b/src/conf_mode/vpn_ipsec.py @@ -386,7 +386,7 @@ def generate(ipsec): render("/etc/ipsec.conf", "ipsec/ipsec.conf.tmpl", data) render("/etc/ipsec.secrets", "ipsec/ipsec.secrets.tmpl", data) render("/etc/strongswan.d/interfaces_use.conf", "ipsec/interfaces_use.conf.tmpl", data) - render("/run/swanctl/swanctl.conf", "ipsec/swanctl.conf.tmpl", data) + render("/etc/swanctl/swanctl.conf", "ipsec/swanctl.conf.tmpl", data) def resync_l2tp(ipsec): if ipsec and not ipsec['l2tp_exists']: diff --git a/src/etc/dhcp/dhclient-exit-hooks.d/ipsec-dhclient-hook b/src/etc/dhcp/dhclient-exit-hooks.d/ipsec-dhclient-hook index 7b3a18afa..a7a9a2ce6 100755 --- a/src/etc/dhcp/dhclient-exit-hooks.d/ipsec-dhclient-hook +++ b/src/etc/dhcp/dhclient-exit-hooks.d/ipsec-dhclient-hook @@ -38,7 +38,7 @@ import re from vyos.util import call from vyos.util import cmd -SWANCTL_CONF="/run/swanctl/swanctl.conf" +SWANCTL_CONF="/etc/swanctl/swanctl.conf" def getlines(file): with open(file, 'r') as f: diff --git a/src/etc/systemd/system/ipsec.service.d/override.conf b/src/etc/systemd/system/ipsec.service.d/override.conf deleted file mode 100644 index e8c0872b5..000000000 --- a/src/etc/systemd/system/ipsec.service.d/override.conf +++ /dev/null @@ -1,7 +0,0 @@ -[Unit] -ConditionPathExists=/run/swanctl/swanctl.conf -After= -After=vyos-router.service - -[Service] -Environment="SWANCTL_DIR=/run/swanctl" diff --git a/src/op_mode/vpn_ipsec.py b/src/op_mode/vpn_ipsec.py index 68eb5e473..dd5a85ed3 100755 --- a/src/op_mode/vpn_ipsec.py +++ b/src/op_mode/vpn_ipsec.py @@ -33,7 +33,7 @@ X509_CONFIG_PATH = '/etc/ipsec.d/key-pair.template' X509_PATH = '/config/auth/' IPSEC_CONF = '/etc/ipsec.conf' -SWANCTL_CONF = '/run/swanctl/swanctl.conf' +SWANCTL_CONF = '/etc/swanctl/swanctl.conf' def migrate_to_vyatta_key(path): with open(path, 'r') as f: @@ -90,7 +90,7 @@ def generate_x509_pair(name): return result = os.system(f'openssl req -new -nodes -keyout {X509_PATH}{name}.key -out {X509_PATH}{name}.csr -config {X509_CONFIG_PATH}') - + if result != 0: print(f'Could not generate x509 key-pair: {result}') return |