From 1a45f9a70abe266938d9e6bd6a6ea8858cbbef7e Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Mon, 10 Dec 2018 16:57:12 +0000 Subject: [PATCH] ipsec-interfaces: Don't add any interfaces when IPsec is disabled Signed-off-by: Michael Tremer --- src/scripts/ipsec-interfaces | 104 +++++++++++++++++------------------ 1 file changed, 52 insertions(+), 52 deletions(-) diff --git a/src/scripts/ipsec-interfaces b/src/scripts/ipsec-interfaces index da4f6a02f4..6c39c44a8d 100644 --- a/src/scripts/ipsec-interfaces +++ b/src/scripts/ipsec-interfaces @@ -37,67 +37,67 @@ log() { } main() { - # We are done when IPsec is not enabled - [ "${ENABLED}" = "on" ] || exit 0 - # Register local variables local "${VARS[@]}" local action local interfaces=() - while IFS="," read -r "${VARS[@]}"; do - # Check if the connection is enabled - [ "${status}" = "on" ] || continue + # We are done when IPsec is not enabled + if [ "${ENABLED}" = "on" ]; then + while IFS="," read -r "${VARS[@]}"; do + # Check if the connection is enabled + [ "${status}" = "on" ] || continue + + # Check if this a net-to-net connection + [ "${type}" = "net" ] || continue + + # Determine the interface name + case "${interface_mode}" in + gre|vti) + local intf="${interface_mode}${id}" + ;; + *) + continue + ;; + esac + + # Add the interface to the list of all interfaces + interfaces+=( "${intf}" ) + + local args=( + "local" "${VPN_IP}" + "remote" "${righthost}" + "ttl" "255" + ) + + # Add key for VTI + if [ "${interface_mode}" = "vti" ]; then + args+=( key "${id}" ) + fi - # Check if this a net-to-net connection - [ "${type}" = "net" ] || continue + # Update the settings when the interface already exists + if [ -d "/sys/class/net/${intf}" ]; then + ip link change dev "${intf}" \ + type "${interface_mode}" "${args[@]}" &>/dev/null - # Determine the interface name - case "${interface_mode}" in - gre|vti) - local intf="${interface_mode}${id}" - ;; - *) - continue - ;; - esac + # Create a new interface and bring it up + else + log "Creating interface ${intf}" + ip link add name "${intf}" type "${interface_mode}" "${args[@]}" + fi + + # Add an IP address + ip addr flush dev "${intf}" + ip addr add "${interface_address}" dev "${intf}" + + # Set MTU + ip link set dev "${intf}" mtu "${interface_mtu}" - # Add the interface to the list of all interfaces - interfaces+=( "${intf}" ) - - local args=( - "local" "${VPN_IP}" - "remote" "${righthost}" - "ttl" "255" - ) - - # Add key for VTI - if [ "${interface_mode}" = "vti" ]; then - args+=( key "${id}" ) - fi - - # Update the settings when the interface already exists - if [ -d "/sys/class/net/${intf}" ]; then - ip link change dev "${intf}" \ - type "${interface_mode}" "${args[@]}" &>/dev/null - - # Create a new interface and bring it up - else - log "Creating interface ${intf}" - ip link add name "${intf}" type "${interface_mode}" "${args[@]}" - fi - - # Add an IP address - ip addr flush dev "${intf}" - ip addr add "${interface_address}" dev "${intf}" - - # Set MTU - ip link set dev "${intf}" mtu "${interface_mtu}" - - # Bring up the interface - ip link set dev "${intf}" up - done < "${VPN_CONFIG}" + # Bring up the interface + ip link set dev "${intf}" up + done < "${VPN_CONFIG}" + fi # Delete all other interfaces local intf -- 2.39.5