S2S VPN: Don't consider VPN is down if IPsec SA still existed Because ISAKMP SA wouldn't be updated after expiration if IPsec SA is still in affect.
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/e7efd0d9 Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/e7efd0d9 Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/e7efd0d9 Branch: refs/heads/vpc Commit: e7efd0d95bd568ae2af5b6673bd273967f80f046 Parents: a4431b5 Author: Sheng Yang <[email protected]> Authored: Fri Aug 10 10:57:12 2012 -0700 Committer: Sheng Yang <[email protected]> Committed: Fri Aug 10 16:20:52 2012 -0700 ---------------------------------------------------------------------- .../debian/config/opt/cloud/bin/checks2svpn.sh | 17 +++++++-------- 1 files changed, 8 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/e7efd0d9/patches/systemvm/debian/config/opt/cloud/bin/checks2svpn.sh ---------------------------------------------------------------------- diff --git a/patches/systemvm/debian/config/opt/cloud/bin/checks2svpn.sh b/patches/systemvm/debian/config/opt/cloud/bin/checks2svpn.sh index e6bf9e5..cecc38a 100755 --- a/patches/systemvm/debian/config/opt/cloud/bin/checks2svpn.sh +++ b/patches/systemvm/debian/config/opt/cloud/bin/checks2svpn.sh @@ -2,8 +2,8 @@ if [ -z $1 ] then - echo "Fail to find VPN peer address!" - exit 1 + echo "Fail to find VPN peer address!" + exit 1 fi ipsec auto --status | grep vpn-$1 > /tmp/vpn-$1.status @@ -12,19 +12,18 @@ cat /tmp/vpn-$1.status | grep "ISAKMP SA established" > /dev/null isakmpok=$? if [ $isakmpok -ne 0 ] then - echo -n "ISAKMP SA not found" - echo "Site-to-site VPN have not connected" - exit 12 + echo -n "ISAKMP SA NOT found but checking IPsec;" +else + echo -n "ISAKMP SA found;" fi -echo -n "ISAKMP SA found;" cat /tmp/vpn-$1.status | grep "IPsec SA established" > /dev/null ipsecok=$? if [ $ipsecok -ne 0 ] then - echo -n "IPsec SA not found;" - echo "Site-to-site VPN have not connected" - exit 11 + echo -n "IPsec SA not found;" + echo "Site-to-site VPN have not connected" + exit 11 fi echo -n "IPsec SA found;" echo "Site-to-site VPN have connected"
