Add ipsec.secrets reload function to strongSwan driver
Currently, strongSwan driver only triggers "ipsec reload" command when a new IPsec Site Connection configuration is received. If that configuration uses a different PSK, it will not be picked up upon reload called by restart() function. This change introduces a separate reload_secrets() function which will call "ipsec rereadsecrets" before "ipsec reload". Closes-Bug: #1921514 Change-Id: Ia5458bbbb38b1d645547baf56ce3bb5ee2a97781
This commit is contained in:
parent
42ae0626ba
commit
2297098875
@ -158,8 +158,20 @@ class StrongSwanProcess(ipsec.BaseSwanProcess):
|
|||||||
|
|
||||||
def restart(self):
|
def restart(self):
|
||||||
"""Restart the process."""
|
"""Restart the process."""
|
||||||
|
self.reload_secrets()
|
||||||
self.reload()
|
self.reload()
|
||||||
|
|
||||||
|
def reload_secrets(self):
|
||||||
|
"""Reload the ipsec.secrets file.
|
||||||
|
|
||||||
|
Flushes and rereads all secrets defined in ipsec.secrets. This needs
|
||||||
|
to be done each time when a new site connection is associated with
|
||||||
|
a VPN service which already hosts a site connection - 'ipsec reload'
|
||||||
|
does not reload the secrets and new connections will not authenticate
|
||||||
|
properly.
|
||||||
|
"""
|
||||||
|
self._execute([self.binary, 'rereadsecrets'])
|
||||||
|
|
||||||
def reload(self):
|
def reload(self):
|
||||||
"""Reload the process.
|
"""Reload the process.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user