X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=debian%2Fovs-monitor-ipsec;h=1cea8009b2ec45cde2a4ad96c4dc03c116b570c3;hb=10a24935c9d382e4d85b05d9616843f3d3bb4983;hp=1caece3a91f4881caa9bafea677c0adac212e67a;hpb=a3acf0b0c46a28d6c891086e054d81dd915eea2e;p=openvswitch

diff --git a/debian/ovs-monitor-ipsec b/debian/ovs-monitor-ipsec
index 1caece3a..1cea8009 100755
--- a/debian/ovs-monitor-ipsec
+++ b/debian/ovs-monitor-ipsec
@@ -66,6 +66,7 @@ path certificate "/etc/racoon/certs";
 
 remote anonymous {
         exchange_mode main;
+        nat_traversal on;
         proposal {
                 encryption_algorithm aes;
                 hash_algorithm sha1;
@@ -307,13 +308,16 @@ def main(argv):
         new_interfaces = {}
         for rec in idl.data["Interface"].itervalues():
             name = rec.name.as_scalar()
-            local_ip = rec.other_config.get("ipsec_local_ip")
-            if rec.type.as_scalar() == "gre" and local_ip:
+            ipsec_cert = rec.other_config.get("ipsec_cert")
+            ipsec_psk = rec.other_config.get("ipsec_psk")
+            is_ipsec = ipsec_cert or ipsec_psk
+
+            if rec.type.as_scalar() == "gre" and is_ipsec:
                 new_interfaces[name] = {
                         "remote_ip": rec.options.get("remote_ip"),
-                        "local_ip": local_ip,
-                        "ipsec_cert": rec.other_config.get("ipsec_cert"),
-                        "ipsec_psk": rec.other_config.get("ipsec_psk") }
+                        "local_ip": rec.options.get("local_ip", "0.0.0.0/0"),
+                        "ipsec_cert": ipsec_cert,
+                        "ipsec_psk": ipsec_psk }
  
         if interfaces != new_interfaces:
             for name, vals in interfaces.items():
@@ -347,3 +351,4 @@ if __name__ == '__main__':
         raise
     except:
         s_log.exception("traceback")
+        sys.exit(ovs.daemon.RESTART_EXIT_CODE)