]> git.ipfire.org Git - people/ms/ipfire-2.x.git/commitdiff
IPsec: Rewrite configuration first after deleting the connection bug-12341
authorMichael Tremer <michael.tremer@ipfire.org>
Tue, 31 Mar 2020 10:13:04 +0000 (10:13 +0000)
committerMichael Tremer <michael.tremer@ipfire.org>
Tue, 31 Mar 2020 10:13:04 +0000 (10:13 +0000)
This was executed in the wrong order. strongswan was being reloaded
but the connection was still remaining in the configuration file.

Now the configuration files are updated first. The connection
is then brought down and will be removed.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
html/cgi-bin/vpnmain.cgi

index e0f2c7a5e53f81dddae4e7176d17378fbb24c9da..ae5e80d38e7026b3d522847e10157771d0fe2a77 100644 (file)
@@ -689,12 +689,12 @@ END
                        my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/certs/$confighash{$key}[1]cert.pem`;
                        if ($test =~ /: OK/) {
                                # Delete connection
-                               system('/usr/local/bin/ipsecctrl', 'D', $key) if (&vpnenabled);
                                unlink ("${General::swroot}/certs/$confighash{$key}[1]cert.pem");
                                unlink ("${General::swroot}/certs/$confighash{$key}[1].p12");
                                delete $confighash{$key};
                                &General::writehasharray("${General::swroot}/vpn/config", \%confighash);
                                &writeipsecfiles();
+                               system('/usr/local/bin/ipsecctrl', 'D', $key) if (&vpnenabled);
                        }
                }
                unlink ("${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
@@ -1227,10 +1227,10 @@ END
                        &writeipsecfiles();
                        system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'}) if (&vpnenabled);
                } else {
-                       system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
                        $confighash{$cgiparams{'KEY'}}[0] = 'off';
                        &General::writehasharray("${General::swroot}/vpn/config", \%confighash);
                        &writeipsecfiles();
+                       system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
                }
                sleep $sleepDelay;
        } else {
@@ -1261,12 +1261,12 @@ END
        &General::readhasharray("${General::swroot}/vpn/config", \%confighash);
 
        if ($confighash{$cgiparams{'KEY'}}) {
-               system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
                unlink ("${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
                unlink ("${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
                delete $confighash{$cgiparams{'KEY'}};
                &General::writehasharray("${General::swroot}/vpn/config", \%confighash);
                &writeipsecfiles();
+               system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
        } else {
                $errormessage = $Lang::tr{'invalid key'};
        }