From b251a183b30a5915fb8e2a8f7a194d75e65ccb34 Mon Sep 17 00:00:00 2001 From: aapostoliuk Date: Fri, 14 Apr 2023 12:54:35 +0300 Subject: ipsec: T5042: Rewritten 'show vpn ipsec remote-access' command Now 'show vpn ipsec remote-access' shows only IKEv2 Remote access VPN IPSec connections. Added option 'summary' that shows a summary table for these connections. Added option 'detail' that shows only RA SAs output of 'swanctl -l' Added options 'username' and 'connection-id' that filters output. Fixed output 'show vpn ipsec sa detail', the previous was 'show vpn ipsec sa verbose'. --- op-mode-definitions/vpn-ipsec.xml.in | 41 +++++++++++++++++++++++++++++------- 1 file changed, 33 insertions(+), 8 deletions(-) (limited to 'op-mode-definitions/vpn-ipsec.xml.in') diff --git a/op-mode-definitions/vpn-ipsec.xml.in b/op-mode-definitions/vpn-ipsec.xml.in index 5a7e6dd63..1eb5a3709 100644 --- a/op-mode-definitions/vpn-ipsec.xml.in +++ b/op-mode-definitions/vpn-ipsec.xml.in @@ -204,12 +204,37 @@ sudo ip xfrm policy list - - - Show active VPN server sessions - - ${vyos_op_scripts_dir}/show_vpn_ra.py - + + + Show active VPN server sessions + + + + + Show detail active IKEv2 RA sessions + + if systemctl is-active --quiet strongswan ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_ra_detail; else echo "IPsec process not running" ; fi + + + + Show detail active IKEv2 RA sessions by connection-id + + if systemctl is-active --quiet strongswan ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_ra_detail --conn_id="$6"; else echo "IPsec process not running" ; fi + + + + Show active IKEv2 RA sessions summary + + if systemctl is-active --quiet strongswan ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_ra_summary; else echo "IPsec process not running" ; fi + + + + Show detail active IKEv2 RA sessions by username + + if systemctl is-active --quiet strongswan ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_ra_detail --username="$6"; else echo "IPsec process not running" ; fi + + + Show all active IPsec Security Associations (SA) @@ -241,11 +266,11 @@ --> - + Show Verbose Detail on all active IPsec Security Associations (SA) - if systemctl is-active --quiet strongswan ; then sudo /usr/sbin/ipsec statusall ; else echo "IPsec process not running" ; fi + if systemctl is-active --quiet strongswan ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_sa_detail ; else echo "IPsec process not running" ; fi if systemctl is-active --quiet strongswan ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_sa ; else echo "IPsec process not running" ; fi -- cgit v1.2.3