mirror of
https://github.com/vyos/vyos-build.git
synced 2025-10-01 20:28:40 +02:00
58 lines
1.5 KiB
Python
Executable File
58 lines
1.5 KiB
Python
Executable File
#!/usr/bin/env python3
|
|
|
|
# The Cisco Unity plugin, that implements a proprietary extension
|
|
# for IPsec split tunneling, interfers with DMVPN
|
|
#
|
|
# Since we do not do remote access IPsec, the simplest solution
|
|
# is to disable it entirely from the start.
|
|
|
|
import re
|
|
|
|
# Disable the 'cisco_unity' option in charon.conf
|
|
with open('/etc/strongswan.d/charon.conf', 'r') as f:
|
|
charon_conf = f.read()
|
|
charon_conf = re.sub(r'# (cisco_unity = no)', r"\1", charon_conf)
|
|
|
|
with open('/etc/strongswan.d/charon.conf', 'w') as f:
|
|
f.write(charon_conf)
|
|
|
|
|
|
|
|
# Prevent the 'cisco_unity' plugin from loading
|
|
with open('/etc/strongswan.d/charon/unity.conf', 'r') as f:
|
|
unity_conf = f.read()
|
|
unity_conf = re.sub(r'load = yes', r'load = no', unity_conf)
|
|
|
|
with open('/etc/strongswan.d/charon/unity.conf', 'w') as f:
|
|
f.write(unity_conf)
|
|
|
|
|
|
|
|
# Prevent the 'farp' plugin from loading
|
|
with open('/etc/strongswan.d/charon/farp.conf', 'r') as f:
|
|
farp_conf = f.read()
|
|
|
|
farp_conf = re.sub(r'load = yes', r'load = no', farp_conf)
|
|
|
|
with open('/etc/strongswan.d/charon/farp.conf', 'w') as f:
|
|
f.write(farp_conf)
|
|
|
|
|
|
# Add ike-name to logging
|
|
charon_logging = """
|
|
charon {
|
|
syslog {
|
|
# prefix for each log message
|
|
identifier = charon
|
|
# use default settings to log to the LOG_DAEMON facility
|
|
daemon {
|
|
default = 1
|
|
ike_name = yes
|
|
}
|
|
}
|
|
}
|
|
"""
|
|
|
|
with open('/etc/strongswan.d/charon-logging.conf', 'w') as f:
|
|
f.write(charon_logging)
|