From ce845d28a29a41193ae536119e05e52473ef9eaf Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 31 Mar 2020 10:13:04 +0000
Subject: [PATCH] IPsec: Rewrite configuration first after deleting the
 connection

This was executed in the wrong order. strongswan was being reloaded
but the connection was still remaining in the configuration file.

Now the configuration files are updated first. The connection
is then brought down and will be removed.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 html/cgi-bin/vpnmain.cgi | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index e0f2c7a5e5..ae5e80d38e 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -689,12 +689,12 @@ END
 			my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/certs/$confighash{$key}[1]cert.pem`;
 			if ($test =~ /: OK/) {
 				# Delete connection
-				system('/usr/local/bin/ipsecctrl', 'D', $key) if (&vpnenabled);
 				unlink ("${General::swroot}/certs/$confighash{$key}[1]cert.pem");
 				unlink ("${General::swroot}/certs/$confighash{$key}[1].p12");
 				delete $confighash{$key};
 				&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
 				&writeipsecfiles();
+				system('/usr/local/bin/ipsecctrl', 'D', $key) if (&vpnenabled);
 			}
 		}
 		unlink ("${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
@@ -1227,10 +1227,10 @@ END
 			&writeipsecfiles();
 			system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'}) if (&vpnenabled);
 		} else {
-			system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
 			$confighash{$cgiparams{'KEY'}}[0] = 'off';
 			&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
 			&writeipsecfiles();
+			system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
 		}
 		sleep $sleepDelay;
 	} else {
@@ -1261,12 +1261,12 @@ END
 	&General::readhasharray("${General::swroot}/vpn/config", \%confighash);
 
 	if ($confighash{$cgiparams{'KEY'}}) {
-		system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
 		unlink ("${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
 		unlink ("${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
 		delete $confighash{$cgiparams{'KEY'}};
 		&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
 		&writeipsecfiles();
+		system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
 	} else {
 		$errormessage = $Lang::tr{'invalid key'};
 	}
-- 
2.39.5