Add ipsec.secrets reload function to strongSwan driver

Currently, strongSwan driver only triggers "ipsec reload" command
when a new IPsec Site Connection configuration is received. If that
configuration uses a different PSK, it will not be picked up upon
reload called by restart() function. This change introduces a separate
reload_secrets() function which will call "ipsec rereadsecrets" before
"ipsec reload".

Closes-Bug: #1921514
Change-Id: Ia5458bbbb38b1d645547baf56ce3bb5ee2a97781
This commit is contained in:
Patryk Jakuszew 2021-03-26 07:43:08 +01:00
parent 42ae0626ba
commit 2297098875

View File

@ -158,8 +158,20 @@ class StrongSwanProcess(ipsec.BaseSwanProcess):
def restart(self): def restart(self):
"""Restart the process.""" """Restart the process."""
self.reload_secrets()
self.reload() self.reload()
def reload_secrets(self):
"""Reload the ipsec.secrets file.
Flushes and rereads all secrets defined in ipsec.secrets. This needs
to be done each time when a new site connection is associated with
a VPN service which already hosts a site connection - 'ipsec reload'
does not reload the secrets and new connections will not authenticate
properly.
"""
self._execute([self.binary, 'rereadsecrets'])
def reload(self): def reload(self):
"""Reload the process. """Reload the process.