// safe_system(str);
// IKE
- sprintf(str, "/sbin/iptables -D IPSECINPUT -p udp -i %s --sport 500 --dport 500 -j ACCEPT >/dev/null 2>&1", interface);
+ sprintf(str, "/sbin/iptables -D IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT >/dev/null 2>&1", interface);
safe_system(str);
- sprintf(str, "/sbin/iptables -A IPSECINPUT -p udp -i %s --sport 500 --dport 500 -j ACCEPT", interface);
+ sprintf(str, "/sbin/iptables -A IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT", interface);
safe_system(str);
if (! nat_traversal_port)
issue ipsec commmands to turn on connection 'name'
*/
void turn_connection_on (char *name, char *type) {
+/*
+ Rename the connection and run ipsec update and rename it back to readd
+ a deleted connection. Because ipsec update ignores connection that have
+ not changed since last load.
+*/
char command[STRING_SIZE];
-
- safe_system("/usr/sbin/ipsec reload >/dev/null");
memset(command, 0, STRING_SIZE);
- /* give ipsec time to be ready */
- safe_system("/bin/sleep 5");
snprintf(command, STRING_SIZE - 1,
- "/usr/sbin/ipsec up %s >/dev/null", name);
+ "sed -i -e 's|^conn %s$|conn %s-renamed|g' /var/ipfire/vpn/ipsec.conf >/dev/null", name, name);
safe_system(command);
+
+ // Down and delete IKEv2 Tunnel before ipsec update
+ snprintf(command, STRING_SIZE - 1,
+ "/usr/sbin/ipsec stroke down %s >/dev/null", name);
+ safe_system(command);
+ snprintf(command, STRING_SIZE - 1,
+ "/usr/sbin/ipsec stroke delete %s >/dev/null", name);
+ safe_system(command);
+
+ safe_system("/etc/rc.d/init.d/ipsec update >/dev/null");
+
+ sleep(1);
+
+ // Back to original name
+ snprintf(command, STRING_SIZE - 1,
+ "sed -i -e 's|^conn %s-renamed$|conn %s|g' /var/ipfire/vpn/ipsec.conf >/dev/null", name, name);
+ safe_system(command);
+
+ // Down and delete IKEv2 Tunnel before ipsec update
+ snprintf(command, STRING_SIZE - 1,
+ "/usr/sbin/ipsec stroke down %s-renamed >/dev/null", name);
+ safe_system(command);
+ snprintf(command, STRING_SIZE - 1,
+ "/usr/sbin/ipsec stroke delete %s-renamed >/dev/null", name);
+ safe_system(command);
+
+ safe_system("/etc/rc.d/init.d/ipsec update >/dev/null");
}
/*
issue ipsec commmands to turn off connection 'name'
snprintf(command, STRING_SIZE - 1,
"/usr/sbin/ipsec whack --delete --name %s >/dev/null", name);
safe_system(command);
+ snprintf(command, STRING_SIZE - 1,
+ "/usr/sbin/ipsec stroke down %s >/dev/null", name);
+ safe_system(command);
+ snprintf(command, STRING_SIZE - 1,
+ "/usr/sbin/ipsec stroke delete %s >/dev/null", name);
+ safe_system(command);
+
safe_system("/usr/sbin/ipsec whack --rereadall >/dev/null");
+ safe_system("/usr/sbin/ipsec stroke rereadall >/dev/null");
+
}
if (strcmp(argv[1], "I") == 0) {
safe_system("/usr/sbin/ipsec whack --status");
+ safe_system("/usr/sbin/ipsec stroke status");
exit(0);
}
if (strcmp(argv[1], "R") == 0) {
safe_system("/usr/sbin/ipsec whack --rereadall >/dev/null");
+ safe_system("/usr/sbin/ipsec stroke rereadall >/dev/null");
exit(0);
}
/* Get vpnwatch pid */
- if ( (argc == 2) && (file = fopen("/var/run/vpn-watch.pid", "r"))) {
- safe_system("kill -9 $(cat /var/run/vpn-watch.pid)");
- safe_system("unlink /var/run/vpn-watch.pid");
- close(file);
- }
+
+ if ((argc == 2) && (file = fopen("/var/run/vpn-watch.pid", "r"))) {
+ safe_system("kill -9 $(cat /var/run/vpn-watch.pid)");
+ safe_system("unlink /var/run/vpn-watch.pid");
+ close(file);
+ }
/* FIXME: workaround for pclose() issue - still no real idea why
* this is happening */
// start the system
if ((argc == 2) && strcmp(argv[1], "S") == 0) {
- safe_system("/etc/rc.d/init.d/ipsec restart >/dev/null");
- safe_system("/usr/local/bin/vpn-watch &");
+ safe_system("/etc/rc.d/init.d/ipsec restart >/dev/null");
+ safe_system("/usr/local/bin/vpn-watch &");
exit(0);
}
projects / people / teissler / ipfire-2.x.git / blobdiff