7 files changed, 217 insertions, 35 deletions
diff --git a/src/op_mode/generate_ipsec_debug_archive.sh b/src/op_mode/generate_ipsec_debug_archive.sh
new file mode 100755
index 000000000..53d0a6eaa
--- /dev/null
+++ b/src/op_mode/generate_ipsec_debug_archive.sh
@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+
+# Collecting IPSec Debug Information
+
+DATE=`date +%d-%m-%Y`
+
+a_CMD=(
+       "sudo ipsec status"
+       "sudo swanctl -L"
+       "sudo swanctl -l"
+       "sudo swanctl -P"
+       "sudo ip x sa show"
+       "sudo ip x policy show"
+       "sudo ip tunnel show"
+       "sudo ip address"
+       "sudo ip rule show"
+       "sudo ip route"
+       "sudo ip route show table 220"
+      )
+
+
+echo "DEBUG: ${DATE} on host \"$(hostname)\"" > /tmp/ipsec-status-${DATE}.txt
+date >> /tmp/ipsec-status-${DATE}.txt
+
+# Execute all DEBUG commands and save it to file
+for cmd in "${a_CMD[@]}"; do
+    echo -e "\n### ${cmd} ###" >> /tmp/ipsec-status-${DATE}.txt
+    ${cmd} >> /tmp/ipsec-status-${DATE}.txt 2>/dev/null
+done
+
+# Collect charon logs, build .tgz archive
+sudo journalctl /usr/lib/ipsec/charon > /tmp/journalctl-charon-${DATE}.txt && \
+sudo tar -zcvf /tmp/ipsec-debug-${DATE}.tgz /tmp/journalctl-charon-${DATE}.txt /tmp/ipsec-status-${DATE}.txt >& /dev/null
+sudo rm -f /tmp/journalctl-charon-${DATE}.txt /tmp/ipsec-status-${DATE}.txt
+
+echo "Debug file is generated and located in /tmp/ipsec-debug-${DATE}.tgz"
diff --git a/src/op_mode/show_ipsec_sa.py b/src/op_mode/show_ipsec_sa.py
index c964caaeb..e72f0f965 100755
--- a/src/op_mode/show_ipsec_sa.py
+++ b/src/op_mode/show_ipsec_sa.py
@@ -46,7 +46,6 @@ def format_output(conns, sas):
 
         if parent_sa["state"] == b"ESTABLISHED" and installed_sas:
             state = "up"
-            uptime = vyos.util.seconds_to_human(parent_sa["established"].decode())
 
         remote_host = parent_sa["remote-host"].decode()
         remote_id = parent_sa["remote-id"].decode()
@@ -75,6 +74,8 @@ def format_output(conns, sas):
             # Remove B from <1K values
             pkts_str = re.sub(r'B', r'', pkts_str)
 
+            uptime = vyos.util.seconds_to_human(isa['install-time'].decode())
+
             enc = isa["encr-alg"].decode()
             if "encr-keysize" in isa:
                 key_size = isa["encr-keysize"].decode()
diff --git a/src/op_mode/show_openvpn_mfa.py b/src/op_mode/show_openvpn_mfa.py
new file mode 100755
index 000000000..1ab54600c
--- /dev/null
+++ b/src/op_mode/show_openvpn_mfa.py
@@ -0,0 +1,64 @@
+#!/usr/bin/env python3
+
+# Copyright 2017, 2021 VyOS maintainers and contributors <maintainers@vyos.io>
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+
+import re
+import socket
+import urllib.parse
+import argparse
+
+from vyos.util import popen
+
+otp_file = '/config/auth/openvpn/{interface}-otp-secrets'
+
+def get_mfa_secret(interface, client):
+    try:
+        with open(otp_file.format(interface=interface), "r") as f:
+            users = f.readlines()
+            for user in users:
+                if re.search('^' + client + ' ', user):
+                    return user.split(':')[3]
+    except:
+        pass
+
+def get_mfa_uri(client, secret):
+    hostname = socket.gethostname()
+    fqdn = socket.getfqdn()
+    uri = 'otpauth://totp/{hostname}:{client}@{fqdn}?secret={secret}'
+
+    return urllib.parse.quote(uri.format(hostname=hostname, client=client, fqdn=fqdn, secret=secret), safe='/:@?=')
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(add_help=False, description='Show two-factor authentication information')
+    parser.add_argument('--intf', action="store", type=str, default='', help='only show the specified interface')
+    parser.add_argument('--user', action="store", type=str, default='', help='only show the specified users')
+    parser.add_argument('--action', action="store", type=str, default='show', help='action to perform')
+
+    args = parser.parse_args()
+    secret = get_mfa_secret(args.intf, args.user)
+
+    if args.action == "secret" and secret:
+        print(secret)
+
+    if args.action == "uri" and secret:
+        uri = get_mfa_uri(args.user, secret)
+        print(uri)
+
+    if args.action == "qrcode" and secret:
+        uri = get_mfa_uri(args.user, secret)
+        qrcode,err = popen('qrencode -t ansiutf8', input=uri)
+        print(qrcode)
+
diff --git a/src/op_mode/show_ram.py b/src/op_mode/show_ram.py
new file mode 100755
index 000000000..5818ec132
--- /dev/null
+++ b/src/op_mode/show_ram.py
@@ -0,0 +1,64 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2021 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+def get_system_memory():
+    from re import search as re_search
+
+    def find_value(keyword, mem_data):
+        regex = keyword + ':\s+(\d+)'
+        res = re_search(regex, mem_data).group(1)
+        return int(res)
+
+    with open("/proc/meminfo", "r") as f:
+        mem_data = f.read()
+
+    total     = find_value('MemTotal', mem_data)
+    available = find_value('MemAvailable', mem_data)
+    buffers   = find_value('Buffers', mem_data)
+    cached    = find_value('Cached', mem_data)
+
+    used = total - available
+
+    res = {
+      "total":   total,
+      "free":    available,
+      "used":    used,
+      "buffers": buffers,
+      "cached":  cached
+    }
+
+    return res
+
+def get_system_memory_human():
+    from vyos.util import bytes_to_human
+
+    mem = get_system_memory()
+
+    for key in mem:
+        # The Linux kernel exposes memory values in kilobytes,
+        # so we need to normalize them
+        mem[key] = bytes_to_human(mem[key], initial_exponent=10)
+
+    return mem
+
+if __name__ == '__main__':
+    mem = get_system_memory_human()
+
+    print("Total: {}".format(mem["total"]))
+    print("Free:  {}".format(mem["free"]))
+    print("Used:  {}".format(mem["used"]))
+
diff --git a/src/op_mode/show_ram.sh b/src/op_mode/show_ram.sh
deleted file mode 100755
index b013e16f8..000000000
--- a/src/op_mode/show_ram.sh
+++ /dev/null
@@ -1,33 +0,0 @@
-#!/bin/bash
-#
-# Module: vyos-show-ram.sh
-# Displays memory usage information in minimalistic format
-#
-# Copyright (C) 2019 VyOS maintainers and contributors
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License version 2 as
-# published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-MB_DIVISOR=1024
-
-TOTAL=$(cat /proc/meminfo | grep -E "^MemTotal:" | awk -F ' ' '{print $2}')
-FREE=$(cat /proc/meminfo | grep -E "^MemFree:" | awk -F ' ' '{print $2}')
-BUFFERS=$(cat /proc/meminfo | grep -E "^Buffers:" | awk -F ' ' '{print $2}')
-CACHED=$(cat /proc/meminfo | grep -E "^Cached:" | awk -F ' ' '{print $2}')
-
-DISPLAY_FREE=$(( ($FREE + $BUFFERS + $CACHED) / $MB_DIVISOR ))
-DISPLAY_TOTAL=$(( $TOTAL / $MB_DIVISOR ))
-DISPLAY_USED=$(( $DISPLAY_TOTAL - $DISPLAY_FREE ))
-
-echo "Total: $DISPLAY_TOTAL"
-echo "Free:  $DISPLAY_FREE"
-echo "Used:  $DISPLAY_USED"
diff --git a/src/op_mode/show_uptime.py b/src/op_mode/show_uptime.py
new file mode 100755
index 000000000..c3dea52e6
--- /dev/null
+++ b/src/op_mode/show_uptime.py
@@ -0,0 +1,50 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2021 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+def get_uptime_seconds():
+  from re import search
+  from vyos.util import read_file
+
+  data = read_file("/proc/uptime")
+  seconds = search("([0-9\.]+)\s", data).group(1)
+
+  return int(float(seconds))
+
+def get_load_averages():
+    from re import search
+    from vyos.util import cmd
+
+    data = cmd("uptime")
+    matches = search(r"load average:\s*(?P<one>[0-9\.]+)\s*,\s*(?P<five>[0-9\.]+)\s*,\s*(?P<fifteen>[0-9\.]+)\s*", data)
+
+    res = {}
+    res[1]  = float(matches["one"])
+    res[5]  = float(matches["five"])
+    res[15] = float(matches["fifteen"])
+
+    return res
+
+if __name__ == '__main__':
+    from vyos.util import seconds_to_human
+
+    print("Uptime: {}\n".format(seconds_to_human(get_uptime_seconds())))
+
+    avgs = get_load_averages()
+
+    print("Load averages:")
+    print("1  minute:   {:.02f}%".format(avgs[1]*100))
+    print("5  minutes:  {:.02f}%".format(avgs[5]*100))
+    print("15 minutes:  {:.02f}%".format(avgs[15]*100))
diff --git a/src/op_mode/vpn_ipsec.py b/src/op_mode/vpn_ipsec.py
index 06e227ccf..40854fa8f 100755
--- a/src/op_mode/vpn_ipsec.py
+++ b/src/op_mode/vpn_ipsec.py
@@ -48,7 +48,7 @@ def reset_peer(peer, tunnel):
     result = True
     for conn in conns:
         try:
-            call(f'sudo /usr/sbin/ipsec down {conn}', timeout = 10)
+            call(f'sudo /usr/sbin/ipsec down {conn}{{*}}', timeout = 10)
             call(f'sudo /usr/sbin/ipsec up {conn}', timeout = 10)
         except TimeoutExpired as e:
             print(f'Timed out while resetting {conn}')