[v2] IPsec: regenerate a swanctl config on connection startup if no config is found

Message ID 1520500142-5362-1-git-send-email-jonatan.schlag@ipfire.org
State New
Headers show
Series
  • [v2] IPsec: regenerate a swanctl config on connection startup if no config is found
Related show

Commit Message

Jonatan Schlag March 8, 2018, 8:09 p.m. UTC
This is an easy way to forcing a regenration if we do not want to change any setting.

Fixes: #11627

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
---
 src/functions/functions.ipsec | 6 ++++++
 1 file changed, 6 insertions(+)

Comments

Michael Tremer March 9, 2018, 1:59 a.m. UTC | #1
Where is the change to the first patch?

Please state that in the commit message.

On Thu, 2018-03-08 at 09:09 +0000, Jonatan Schlag wrote:
> This is an easy way to forcing a regenration if we do not want to change any
> setting.
> 
> Fixes: #11627
> 
> Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
> ---
>  src/functions/functions.ipsec | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/src/functions/functions.ipsec b/src/functions/functions.ipsec
> index 6f14c8e..d8206e0 100644
> --- a/src/functions/functions.ipsec
> +++ b/src/functions/functions.ipsec
> @@ -526,6 +526,12 @@ ipsec_connection_up() {
>  		return ${EXIT_ERROR}
>  	fi
>  
> +	if ! [ -f
> "${NETWORK_IPSEC_SWANCTL_CONNECTIONS_DIR}/${connection}.conf" ]; then
> +		log DEBUG "Could not find a swanctl config, generating
> swanctl config"
> +		ipsec_connection_to_strongswan "${connection}"
> +		ipsec_strongswan_load
> +	fi
> +
>  	cmd swanctl --initiate --child "${connection}"
>  }
>

Patch

diff --git a/src/functions/functions.ipsec b/src/functions/functions.ipsec
index 6f14c8e..d8206e0 100644
--- a/src/functions/functions.ipsec
+++ b/src/functions/functions.ipsec
@@ -526,6 +526,12 @@  ipsec_connection_up() {
 		return ${EXIT_ERROR}
 	fi
 
+	if ! [ -f "${NETWORK_IPSEC_SWANCTL_CONNECTIONS_DIR}/${connection}.conf" ]; then
+		log DEBUG "Could not find a swanctl config, generating swanctl config"
+		ipsec_connection_to_strongswan "${connection}"
+		ipsec_strongswan_load
+	fi
+
 	cmd swanctl --initiate --child "${connection}"
 }