diff options
| author | Kim Hagen <kim.sidney@gmail.com> | 2016-02-24 08:27:43 -0500 |
|---|---|---|
| committer | Kim Hagen <kim.sidney@gmail.com> | 2016-02-24 08:27:43 -0500 |
| commit | b98dfacd07a71b41fce92392d0027b7b4507ee69 (patch) | |
| tree | f2652d8ff79007a631894ca11eaa05244ffbba9e | |
| parent | 25b96948b61c1ded91c0e8ffb30582a04f5531ff (diff) | |
| download | vyos-opennhrp-b98dfacd07a71b41fce92392d0027b7b4507ee69.tar.gz vyos-opennhrp-b98dfacd07a71b41fce92392d0027b7b4507ee69.zip | |
update opennhrp-script to use swanctl
| -rwxr-xr-x | etc/opennhrp-script | 34 |
1 files changed, 6 insertions, 28 deletions
diff --git a/etc/opennhrp-script b/etc/opennhrp-script index e3902e7..c8df5fc 100755 --- a/etc/opennhrp-script +++ b/etc/opennhrp-script @@ -2,8 +2,7 @@ _nhrp_config="/etc/opennhrp/opennhrp.conf" _nhrp_ipsec="/etc/opennhrp/opennhrp.ipsec" -_strongswan_pid="/var/run/pluto.pid" -_connection="${NHRP_SRCADDR}-to-${NHRP_DESTADDR}" +_strongswan_pid="/var/run/charon.pid" _type="hub" if ! grep "$NHRP_INTERFACE" $_nhrp_config | grep "hub"> /dev/null 2>&1; then @@ -24,39 +23,18 @@ peer-up) fi echo "Create link from $NHRP_SRCADDR ($NHRP_SRCNBMA) to $NHRP_DESTADDR ($NHRP_DESTNBMA)" if [[ ( ${_type} == "spoke" ) && ( -e ${_strongswan_pid} ) ]]; then - x=0 - while read line;do - if [[ $x == 0 ]]; then - if [[ "${line%/*}" == "${NHRP_SRCADDR}" ]]; then - x=1 - continue; - else - continue; - fi - fi - if [[ -z "${line}" ]]; then - break; - else - _ipsec_args="${_ipsec_args} ${line}" - fi - done < "${_nhrp_ipsec}" - if [[ ( "${_ipsec_args}" =~ "modp" ) || ( "${_ipsec_args}" =~ "ecp" ) ]]; then - _pfs=" --pfs " - else - _pfs="" - fi if grep "${NHRP_SRCADDR}" "${_nhrp_ipsec}"; then - ipsec whack --delete --name $_connection > /dev/null 2>&1 - ipsec whack --name $_connection --host $NHRP_SRCNBMA --clientprotoport gre --to --host $NHRP_DESTNBMA --clientprotoport gre --psk $_pfs --encrypt $_ipsec_args || exit 1 - ipsec up $_connection || exit 1 + _ccon=`ipsec stroke status | grep -E 'vpnprof-dmvpn.*$NHRP_SRCNBMA.*$NHRP_DESTNBMA' | cut -d'[' -f 2 | cut -d']' -f 1` + swanctl -t -I $_ccon /dev/null 2>&1 + swanctl -i -c dmvpn -S $NHRP_SRCNBMA -R $NHRP_DESTNBMA || exit 1 fi fi ;; peer-down) echo "Delete link from $NHRP_SRCADDR ($NHRP_SRCNBMA) to $NHRP_DESTADDR ($NHRP_DESTNBMA)" if [[ ( ${_type} == "spoke" ) && ( -e ${_strongswan_pid} ) ]]; then - ipsec down $_connection || exit 1 - ipsec whack --delete --name $_connection || exit 1 + _ccon=`ipsec stroke status | grep -E 'vpnprof-dmvpn.*$NHRP_SRCNBMA.*$NHRP_DESTNBMA' | cut -d'[' -f 2 | cut -d']' -f 1` + swanctl -t -I $_ccon || exit 1 fi ip route del $NHRP_DESTNBMA src $NHRP_SRCNBMA proto 42 ;; |