data/live-build-config/hooks/30-strongswan-configs.chroot


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

#!/usr/bin/env python

# The Cisco Unity plugin, that implements a proprietary extension
# for IPsec split tunneling, interfers with DMVPN
#
# Since we do not do remote access IPsec, the simplest solution
# is to disable it entirely from the start.

import re

# Disable the cisco_unity option in charon.conf
with open('/etc/strongswan.d/charon.conf', 'r') as f:
    charon_conf = f.read()

    charon_conf = re.sub(r'# (cisco_unity = no)', r"\1", charon_conf)

with open('/etc/strongswan.d/charon.conf', 'w') as f:
    f.write(charon_conf)


# Prevent the unity plugin from loading

with open('/etc/strongswan.d/charon/unity.conf', 'r') as f:
    unity_conf = f.read()

    unity_conf = re.sub(r'load = yes', r'load = no', unity_conf)

with open('/etc/strongswan.d/charon/unity.conf', 'w') as f:
    f.write(unity_conf)