Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org --- src/functions/functions.ipsec | 12 ++++++++---- src/functions/functions.vpn-security-policies | 25 ++++++++++++++++++++++++- 2 files changed, 32 insertions(+), 5 deletions(-)
diff --git a/src/functions/functions.ipsec b/src/functions/functions.ipsec index 6dc4d5b..57897ec 100644 --- a/src/functions/functions.ipsec +++ b/src/functions/functions.ipsec @@ -283,6 +283,13 @@ ipsec_connection_exists() { [ -d "${path}" ] && return ${EXIT_TRUE} || return ${EXIT_FALSE} }
+ipsec_strongswan_load() { + if ! cmd swanctl --load-all; then + log ERROR "Could not reload strongswan config" + return ${EXIT_ERROR} + fi +} + # Reloads the connection after config changes ipsec_reload() { local connection=${1} @@ -292,10 +299,7 @@ ipsec_reload() { return ${EXIT_ERROR} fi
- if ! cmd swanctl --load-all; then - log ERROR "Could not reload strongswan config" - return ${EXIT_ERROR} - fi + ipsec_strongswan_load }
# Handle the cli after authentification diff --git a/src/functions/functions.vpn-security-policies b/src/functions/functions.vpn-security-policies index f73670b..ae652a2 100644 --- a/src/functions/functions.vpn-security-policies +++ b/src/functions/functions.vpn-security-policies @@ -334,7 +334,30 @@ vpn_security_policies_write_config() { return ${EXIT_ERROR} fi
- # TODO everytime we successfully write a config we should call some trigger to take the changes into effect + if ! vpn_security_policies_reload ${name}; then + log WARNING "Could not reload the IPsec connection using this security policy" + return ${EXIT_ERROR} + fi +} + +# reload IPsec connections using a special policy +vpn_security_policies_reload() { + local name=${1} + + local connection + for connection in $(ipsec_list_connections); do + if ! ipsec_connection_read_config "${connection}" "SECURITY_POLICY"; then + continue + fi + + if [[ "${SECURITY_POLICY}" = "${name}" ]]; then + if ! ipsec_connection_to_strongswan "${connection}"; then + log ERROR "Could not generate strongswan config for ${connnection}" + fi + fi + done + + ipsec_strongswan_load }
# This funtion writes the value for one key to a via ${name} specificated vpn security policy configuration file