add a flag -c whether or not to check the VPN on create

Changed default to no, as the other side may not be up yet. If this check fails, the VPN enters Error state and will not work. It's safe to just let it connect on its own so it will connect when it can. (cherry picked from commit f8d718e3e31ad517969663d24647fcbd9b50cc3d)
2025-11-02 20:02:29 +01:00 · 2014-12-08 18:59:16 +01:00 · 2014-12-08 18:59:16 +01:00 · cbc4fa2e9c
commit cbc4fa2e9c
parent e89f09aa51
1 changed files with 8 additions and 2 deletions
--- a/systemvm/patches/debian/config/opt/cloud/bin/ipsectunnel.sh
+++ b/systemvm/patches/debian/config/opt/cloud/bin/ipsectunnel.sh
@ -23,7 +23,7 @@ vpnoutmark="0x525"
 vpninmark="0x524"

 usage() {
-    printf "Usage: %s: (-A|-D) -l <left-side vpn peer> -n <left-side guest cidr> -g <left-side next hop> -r <right-side vpn peer> -N <right-side private subnets> -e <esp policy> -i <ike policy> -t <ike lifetime> -T <esp lifetime> -s <pre-shared secret> -d <dpd 0 or 1> [ -p <passive or not> ]\n" $(basename $0) >&2
+    printf "Usage: %s: (-A|-D) -l <left-side vpn peer> -n <left-side guest cidr> -g <left-side next hop> -r <right-side vpn peer> -N <right-side private subnets> -e <esp policy> -i <ike policy> -t <ike lifetime> -T <esp lifetime> -s <pre-shared secret> -d <dpd 0 or 1> [ -p <passive or not> -c <check if up on creation ]\n" $(basename $0) >&2
 }

 #set -x
@ -174,6 +174,9 @@ ipsec_tunnel_add() {
  if [ $passive -eq 0 ]
  then
      sudo ipsec auto --up vpn-$rightpeer
+  fi
+  if [ $checkup -eq 1 ]
+  then

    #5 seconds for checking if it's ready
    for i in {1..5}
@ -209,8 +212,9 @@ Iflag=
 sflag=
 passive=0
 op=""
+checkup=0

-while getopts 'ADpl:n:g:r:N:e:i:t:T:s:d:' OPTION
+while getopts 'ADpcl:n:g:r:N:e:i:t:T:s:d:' OPTION
 do
  case $OPTION in
  A)    opflag=1
@ -254,6 +258,8 @@ do
        ;;
  p)    passive=1
        ;;
+  c)    checkup=1
+        ;;
  ?)    usage
        exit 2
        ;;