#!/usr/bin/python
-# Copyright (c) 2009, 2010 Nicira Networks
+# Copyright (c) 2009, 2010, 2011 Nicira Networks
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
import glob
import logging, logging.handlers
import os
+import socket
import subprocess
import sys
import ovs.daemon
import ovs.db.idl
-
-# By default log messages as DAEMON into syslog
s_log = logging.getLogger("ovs-monitor-ipsec")
-l_handler = logging.handlers.SysLogHandler(
- "/dev/log",
- facility=logging.handlers.SysLogHandler.LOG_DAEMON)
-l_formatter = logging.Formatter('%(filename)s: %(levelname)s: %(message)s')
-l_handler.setFormatter(l_formatter)
-s_log.addHandler(l_handler)
-
+try:
+ # By default log messages as DAEMON into syslog
+ l_handler = logging.handlers.SysLogHandler(
+ "/dev/log",
+ facility=logging.handlers.SysLogHandler.LOG_DAEMON)
+ l_formatter = logging.Formatter('%(filename)s: %(levelname)s: %(message)s')
+ l_handler.setFormatter(l_formatter)
+ s_log.addHandler(l_handler)
+except socket.error, e:
+ logging.basicConfig()
+ s_log.warn("failed to connect to syslog (%s)" % e)
setkey = "/usr/sbin/setkey"
cert_entry = """remote %s {
exchange_mode main;
nat_traversal on;
+ ike_frag on;
certificate_type x509 "%s" "%s";
my_identifier asn1dn;
peers_identifier asn1dn;
self.psk_hosts = {}
self.cert_hosts = {}
+ if not os.path.isdir(self.cert_dir):
+ os.mkdir(self.cert_dir)
+
# Clean out stale peer certs from previous runs
for ovs_cert in glob.glob("%s/ovs-*.pem" % self.cert_dir):
try:
self.call_setkey("spdflush;")
def spd_add(self, local_ip, remote_ip):
- cmds = ("spdadd %s %s gre -P out ipsec esp/transport//default;\n" %
+ cmds = ("spdadd %s %s gre -P out ipsec esp/transport//require;\n" %
(local_ip, remote_ip))
- cmds += ("spdadd %s %s gre -P in ipsec esp/transport//default;" %
+ cmds += ("spdadd %s %s gre -P in ipsec esp/transport//require;" %
(remote_ip, local_ip))
self.call_setkey(cmds)
"(use --help for help)\n" % ovs.util.PROGRAM_NAME)
sys.exit(1)
- ovs.daemon.die_if_already_running()
-
remote = args[0]
idl = ovs.db.idl.Idl(remote, "Open_vSwitch", monitor_uuid_schema_cb)