apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

S2S VPN: Don't consider VPN is down if IPsec SA still existed

Browse Source 
Because ISAKMP SA wouldn't be updated after expiration if IPsec SA is still in
affect.
This commit is contained in:
Sheng Yang 2012-08-10 10:57:12 -07:00
parent a4431b5740
commit e7efd0d95b
1 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
patches/systemvm/debian/config/opt/cloud/bin/checks2svpn.sh
View File

@ -2,8 +2,8 @@
if [ -z $1 ]
then
echo "Fail to find VPN peer address!"
exit 1
echo "Fail to find VPN peer address!"
exit 1
fi
ipsec auto --status | grep vpn-$1 > /tmp/vpn-$1.status
@ -12,19 +12,18 @@ cat /tmp/vpn-$1.status | grep "ISAKMP SA established" > /dev/null
isakmpok=$?
if [ $isakmpok -ne 0 ]
then
echo -n "ISAKMP SA not found"
echo "Site-to-site VPN have not connected"
exit 12
echo -n "ISAKMP SA NOT found but checking IPsec;"
else
echo -n "ISAKMP SA found;"
fi
echo -n "ISAKMP SA found;"
cat /tmp/vpn-$1.status | grep "IPsec SA established" > /dev/null
ipsecok=$?
if [ $ipsecok -ne 0 ]
then
echo -n "IPsec SA not found;"
echo "Site-to-site VPN have not connected"
exit 11
echo -n "IPsec SA not found;"
echo "Site-to-site VPN have not connected"
exit 11
fi
echo -n "IPsec SA found;"
echo "Site-to-site VPN have connected"