IPsec: regenerate a swanctl config on connection startup if no config is found

[people/jschlag/network.git] / src / functions / functions.ipsec

diff --git a/src/functions/functions.ipsec b/src/functions/functions.ipsec
index 6c2a0df83e154ff4c255778b8b56e43324bb6ad2..d8206e01a46f9a2262eda8d01a1198137a1cb7a9 100644 (file)
--- a/src/functions/functions.ipsec
+++ b/src/functions/functions.ipsec
@@ -526,6 +526,12 @@ ipsec_connection_up() {
                return ${EXIT_ERROR}
        fi
 
+       if ! [ -f "${NETWORK_IPSEC_SWANCTL_CONNECTIONS_DIR}/${connection}.conf" ]; then
+               log DEBUG "Could not find a swanctl config, generating swanctl config"
+               ipsec_connection_to_strongswan "${connection}"
+               ipsec_strongswan_load
+       fi
+
        cmd swanctl --initiate --child "${connection}"
 }
 
@@ -1086,12 +1092,18 @@ ipsec_connection_check_peer() {
        assert [ $# -eq 1 ]
        local peer=${1}
 
-       # TODO Accept also FQDNs
+       # IP addresses are accepted
        if ip_is_valid ${peer}; then
                return ${EXIT_TRUE}
-       else
-               return ${EXIT_FALSE}
        fi
+
+       # FQDNs are okay, too
+       if fqdn_is_valid "${peer}"; then
+               return ${EXIT_TRUE}
+       fi
+
+       # We cannot use anything else
+       return ${EXIT_FALSE}
 }
 
 # This function checks if a VPN IPsec connection name is valid
@@ -1195,11 +1207,7 @@ ipsec_connection_destroy() {
 
 # List all ipsec connections
 ipsec_list_connections() {
-       local connection
-       for connection in ${NETWORK_IPSEC_CONNS_DIR}/*; do
-               [ -d ${connection} ] || continue
-               basename ${connection}
-       done
+       list_directory "${NETWORK_IPSEC_CONNS_DIR}"
 }
 
 ipsec_connection_to_strongswan() {