4 files changed, 57 insertions, 21 deletions
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py
index ce4f13d27..8263358ea 100755
--- a/src/conf_mode/vpn_ipsec.py
+++ b/src/conf_mode/vpn_ipsec.py
@@ -53,8 +53,6 @@ dhcp_wait_attempts = 2
 dhcp_wait_sleep = 1
 
 swanctl_dir        = '/etc/swanctl'
-ipsec_conf         = '/etc/ipsec.conf'
-ipsec_secrets      = '/etc/ipsec.secrets'
 charon_conf        = '/etc/strongswan.d/charon.conf'
 charon_dhcp_conf   = '/etc/strongswan.d/charon/dhcp.conf'
 charon_radius_conf = '/etc/strongswan.d/charon/eap-radius.conf'
@@ -618,8 +616,6 @@ def generate(ipsec):
                         if id:
                             ipsec['authentication']['psk'][psk]['id'].append(id)
 
-    render(ipsec_conf, 'ipsec/ipsec.conf.j2', ipsec)
-    render(ipsec_secrets, 'ipsec/ipsec.secrets.j2', ipsec)
     render(charon_conf, 'ipsec/charon.j2', ipsec)
     render(charon_dhcp_conf, 'ipsec/charon/dhcp.conf.j2', ipsec)
     render(charon_radius_conf, 'ipsec/charon/eap-radius.conf.j2', ipsec)
@@ -634,25 +630,12 @@ def resync_nhrp(ipsec):
     if tmp > 0:
         print('ERROR: failed to reapply NHRP settings!')
 
-def wait_for_vici_socket(timeout=5, sleep_interval=0.1):
-    start_time = time()
-    test_command = f'sudo socat -u OPEN:/dev/null UNIX-CONNECT:{vici_socket}'
-    while True:
-        if (start_time + timeout) < time():
-            return None
-        result = run(test_command)
-        if result == 0:
-            return True
-        sleep(sleep_interval)
-
 def apply(ipsec):
-    systemd_service = 'strongswan-starter.service'
+    systemd_service = 'strongswan.service'
     if not ipsec:
         call(f'systemctl stop {systemd_service}')
     else:
         call(f'systemctl reload-or-restart {systemd_service}')
-        if wait_for_vici_socket():
-            call('sudo swanctl -q')
 
     resync_nhrp(ipsec)
 
diff --git a/src/migration-scripts/ipsec/11-to-12 b/src/migration-scripts/ipsec/11-to-12
new file mode 100755
index 000000000..8bbde5efa
--- /dev/null
+++ b/src/migration-scripts/ipsec/11-to-12
@@ -0,0 +1,53 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2023 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# Remove legacy ipsec.conf and ipsec.secrets - Not supported with swanctl
+
+import re
+
+from sys import argv
+from sys import exit
+
+from vyos.configtree import ConfigTree
+
+if (len(argv) < 1):
+    print("Must specify file name!")
+    exit(1)
+
+file_name = argv[1]
+
+with open(file_name, 'r') as f:
+    config_file = f.read()
+
+base = ['vpn', 'ipsec']
+config = ConfigTree(config_file)
+
+if not config.exists(base):
+    # Nothing to do
+    exit(0)
+
+if config.exists(base + ['include-ipsec-conf']):
+    config.delete(base + ['include-ipsec-conf'])
+
+if config.exists(base + ['include-ipsec-secrets']):
+    config.delete(base + ['include-ipsec-secrets'])
+
+try:
+    with open(file_name, 'w') as f:
+        f.write(config.to_string())
+except OSError as e:
+    print(f'Failed to save the modified config: {e}')
+    exit(1)
diff --git a/src/op_mode/ipsec.py b/src/op_mode/ipsec.py
index f6417764a..63fa05885 100755
--- a/src/op_mode/ipsec.py
+++ b/src/op_mode/ipsec.py
@@ -425,7 +425,7 @@ def get_peer_connections(peer, tunnel):
     return matches
 
 
-def reset_peer(peer: str, tunnel:typing.Optional[str]):
+def reset_peer(peer: str, tunnel:typing.Optional[str] = None):
     conns = get_peer_connections(peer, tunnel)
 
     if not conns:
diff --git a/src/services/vyos-http-api-server b/src/services/vyos-http-api-server
index f59e089ae..cd73f38ec 100755
--- a/src/services/vyos-http-api-server
+++ b/src/services/vyos-http-api-server
@@ -425,7 +425,7 @@ async def validation_exception_handler(request, exc):
     return error(400, str(exc.errors()[0]))
 
 @app.post('/configure')
-def configure_op(data: Union[ConfigureModel, ConfigureListModel]):
+async def configure_op(data: Union[ConfigureModel, ConfigureListModel]):
     session = app.state.vyos_session
     env = session.get_session_env()
     config = vyos.config.Config(session_env=env)
@@ -494,7 +494,7 @@ def configure_op(data: Union[ConfigureModel, ConfigureListModel]):
     return success(None)
 
 @app.post("/retrieve")
-def retrieve_op(data: RetrieveModel):
+async def retrieve_op(data: RetrieveModel):
     session = app.state.vyos_session
     env = session.get_session_env()
     config = vyos.config.Config(session_env=env)