Rewrite op-mode IPsec commands to vyos.opmode format
show vpn ipsec sa
Description
Description
Details
Details
- Difficulty level
- Unknown (require assessment)
- Version
- -
- Why the issue appeared?
- Will be filled on close
- Is it a breaking change?
- Perfectly compatible
- Issue type
- Improvement (missing useful functionality)
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Open | FEATURE REQUEST | None | T4564 Root task for rewriting [op-mode] to vyos.opmode format | ||
| Resolved | FEATURE REQUEST | Viacheslav | T4594 Rewrite op-mode IPsec to vyos.opmode format |
Event Timeline
Comment Actions
PR https://github.com/vyos/vyos-1x/pull/1458
Formatted output
vyos@r14:~$ show vpn ipsec sa Connection State Uptime Bytes In/Out Packets In/Out Remote address Remote ID Proposal ------------------------- ------- -------- -------------- ---------------- ---------------- ----------- --------------------------------------- peer_2001-db8--2_tunnel_0 up 9m15s 0B/0B 0/0 2001:db8::2 2001:db8::2 AES_CBC_256/HMAC_SHA2_256_128/MODP_2048 peer_2001-db8--2_tunnel_0 up 24m9s 0B/0B 0/0 2001:db8::2 2001:db8::2 AES_CBC_256/HMAC_SHA2_256_128/MODP_2048 vyos@r14:~$
Raw data:
vyos@r14:~$ sudo /usr/libexec/vyos/op_mode/ipsec.py show_sa --raw
[
{
"peer_2001-db8--2": {
"uniqueid": "3",
"version": "2",
"state": "ESTABLISHED",
"local-host": "2001:db8::1",
"local-port": "500",
"local-id": "2001:db8::1",
"remote-host": "2001:db8::2",
"remote-port": "500",
"remote-id": "2001:db8::2",
"initiator-spi": "ea83139761112ad3",
"responder-spi": "d6889910a3089834",
"encr-alg": "AES_CBC",
"encr-keysize": "256",
"integ-alg": "HMAC_SHA2_256_128",
"prf-alg": "PRF_HMAC_SHA2_256",
"dh-group": "MODP_2048",
"established": "1683",
"rekey-time": "77805",
"child-sas": {
"peer_2001-db8--2_tunnel_0-826": {
"name": "peer_2001-db8--2_tunnel_0",
"uniqueid": "826",
"reqid": "1",
"state": "INSTALLED",
"mode": "TUNNEL",
"protocol": "ESP",
"spi-in": "c8470a07",
"spi-out": "cd671026",
"encr-alg": "AES_CBC",
"encr-keysize": "256",
"integ-alg": "HMAC_SHA2_256_128",
"dh-group": "MODP_2048",
"bytes-in": "0",
"packets-in": "0",
"bytes-out": "0",
"packets-out": "0",
"rekey-time": "1164",
"life-time": "27303",
"install-time": "1497",
"local-ts": [
"2001:db8:1111::/64"
],
"remote-ts": [
"2001:db8:2222::/64"
]
},
"peer_2001-db8--2_tunnel_0-961": {
"name": "peer_2001-db8--2_tunnel_0",
"uniqueid": "961",
"reqid": "1",
"state": "INSTALLED",
"mode": "TUNNEL",
"protocol": "ESP",
"spi-in": "c0f1d7ac",
"spi-out": "c079e41f",
"encr-alg": "AES_CBC",
"encr-keysize": "256",
"integ-alg": "HMAC_SHA2_256_128",
"dh-group": "MODP_2048",
"bytes-in": "0",
"packets-in": "0",
"bytes-out": "0",
"packets-out": "0",
"rekey-time": "1810",
"life-time": "28197",
"install-time": "603",
"local-ts": [
"2001:db8:1111::/64"
],
"remote-ts": [
"2001:db8:2222::/64"
]
}
}
}
}
]
vyos@r14:~$Graphql query:
curl --raw 'https://localhost/graphql' \
-H 'Content-Type: application/json' \
-d '{"query":" {ShowSaIpsec (data: {key: \"foo\"}) {success errors data {result}}}"}'
{"data":{"ShowSaIpsec":{"success":true,"errors":null,"data":{"result":[{"peer_2001-db8--2":{"uniqueid":"3","version":"2","state":"ESTABLISHED","local-host":"2001:db8::1","local-port":"500","local-id":"2001:db8::1","remote-host":"2001:db8::2","remote-port":"500","remote-id":"2001:db8::2","initiator-spi":"ea83139761112ad3","responder-spi":"d6889910a3089834","encr-alg":"AES_CBC","encr-keysize":"256","integ-alg":"HMAC_SHA2_256_128","prf-alg":"PRF_HMAC_SHA2_256","dh-group":"MODP_2048","established":"931","rekey-time":"78557","child-sas":{"peer_2001-db8--2_tunnel_0-783":{"name":"peer_2001-db8--2_tunnel_0","uniqueid":"783","reqid":"1","state":"INSTALLED","mode":"TUNNEL","protocol":"ESP","spi-in":"cee3bc5c","spi-out":"c856f615","encr-alg":"AES_CBC","encr-keysize":"256","integ-alg":"HMAC_SHA2_256_128","dh-group":"MODP_2048","bytes-in":"0","packets-in":"0","bytes-out":"0","packets-out":"0","rekey-time":"3","life-time":"27959","install-time":"841","local-ts":["2001:db8:1111::/64"],"remote-ts":["2001:db8:2222::/64"]},"peer_2001-db8--2_tunnel_0-826":{"name":"peer_2001-db8--2_tunnel_0","uniqueid":"826","reqid":"1","state":"INSTALLED","mode":"TUNNEL","protocol":"ESP","spi-in":"c8470a07","spi-out":"cd671026","encr-alg":"AES_CBC","encr-keysize":"256","integ-alg":"HMAC_SHA2_256_128","dh-group":"MODP_2048","bytes-in":"0","packets-in":"0","bytes-out":"0","packets-out":"0","rekey-time":"1916","life-time":"28055","install-time":"745","local-ts":["2001:db8:1111::/64"],"remote-ts":["2001:db8:2222::/64"]}}}}]}}}}