From 6f64a500ad469efeca651f99d7f14e56de18fbe3 Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Fri, 1 Dec 2017 09:53:57 +0000
Subject: [PATCH] Listen for IPSEC connections in handler

Besides restarting IPSEC, doing whack --listen forces connections
to listen.
---
 handlers/main.yml    | 4 ++++
 tasks/ipsec-conf.yml | 5 +++++
 2 files changed, 9 insertions(+)

diff --git a/handlers/main.yml b/handlers/main.yml
index 17a3942..1cb2da1 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -12,3 +12,7 @@
     name: ipsec
     state: restarted
   become: yes
+
+- name: Listen for IPSEC connections
+  shell: ipsec whack --listen
+  become: yes
diff --git a/tasks/ipsec-conf.yml b/tasks/ipsec-conf.yml
index f35195b..fac9769 100644
--- a/tasks/ipsec-conf.yml
+++ b/tasks/ipsec-conf.yml
@@ -55,6 +55,7 @@
       backup: yes
     notify:
     - Restart ipsec
+    - Listen for IPSEC connections
 
   - name: Write ipsec tunnel policy for the {{ network }} network
     template:
@@ -66,6 +67,7 @@
     - type == 'opportunistic'
     notify:
     - Restart ipsec
+    - Listen for IPSEC connections
 
   - name: Write ipsec tunnel secrets for the {{ network }} network
     template:
@@ -77,6 +79,7 @@
     - type != 'opportunistic'
     notify:
     - Restart ipsec
+    - Listen for IPSEC connections
 
   - name: Write ipsec tunnel configuration for the {{ network }} network
     template:
@@ -95,6 +98,7 @@
     when: current_vip.ip != '' and type != 'opportunistic'
     notify:
     - Restart ipsec
+    - Listen for IPSEC connections
 
   - name: Write VIP ipsec tunnel configuration for the {{ network }} network
     template:
@@ -104,6 +108,7 @@
     when: current_vip.ip != '' and type != 'opportunistic'
     notify:
     - Restart ipsec
+    - Listen for IPSEC connections
 
   - include_tasks: resource-agent.yml
     when: