1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
#!/usr/bin/env python3
# The Cisco Unity plugin, that implements a proprietary extension
# for IPsec split tunneling, interfers with DMVPN
#
# Since we do not do remote access IPsec, the simplest solution
# is to disable it entirely from the start.
import re
# Disable the 'cisco_unity' option in charon.conf
with open('/etc/strongswan.d/charon.conf', 'r') as f:
charon_conf = f.read()
charon_conf = re.sub(r'# (cisco_unity = no)', r"\1", charon_conf)
with open('/etc/strongswan.d/charon.conf', 'w') as f:
f.write(charon_conf)
# Prevent the 'cisco_unity' plugin from loading
with open('/etc/strongswan.d/charon/unity.conf', 'r') as f:
unity_conf = f.read()
unity_conf = re.sub(r'load = yes', r'load = no', unity_conf)
with open('/etc/strongswan.d/charon/unity.conf', 'w') as f:
f.write(unity_conf)
# Prevent the 'farp' plugin from loading
with open('/etc/strongswan.d/charon/farp.conf', 'r') as f:
farp_conf = f.read()
farp_conf = re.sub(r'load = yes', r'load = no', farp_conf)
with open('/etc/strongswan.d/charon/farp.conf', 'w') as f:
f.write(farp_conf)
# Add ike-name to logging
charon_logging = """
charon {
syslog {
# prefix for each log message
identifier = charon
# use default settings to log to the LOG_DAEMON facility
daemon {
default = 1
ike_name = yes
}
}
}
"""
with open('/etc/strongswan.d/charon-logging.conf', 'w') as f:
f.write(charon_logging)
|
