Rewrite op-mode IPsec to vyos.opmode format
Closed, ResolvedPublicFEATURE REQUEST
Actions

Assigned To

Authored By

	Viacheslav
	Aug 4 2022, 10:11 AM

Description

Rewrite op-mode IPsec commands to vyos.opmode format

show vpn ipsec sa

Details

Version: -
Is it a breaking change?: Perfectly compatible

Related Objects
Search...

		Status	Subtype	Assigned	Task
		Open	FEATURE REQUEST	None	T4564 Root task for rewriting [op-mode] to vyos.opmode format
		Resolved	FEATURE REQUEST	Viacheslav	T4594 Rewrite op-mode IPsec to vyos.opmode format

Event Timeline

Viacheslav created this task.Aug 4 2022, 10:11 AM

PR https://github.com/vyos/vyos-1x/pull/1458
Formatted output

vyos@r14:~$ show vpn ipsec sa
Connection                 State    Uptime    Bytes In/Out    Packets In/Out    Remote address    Remote ID    Proposal
-------------------------  -------  --------  --------------  ----------------  ----------------  -----------  ---------------------------------------
peer_2001-db8--2_tunnel_0  up       9m15s     0B/0B           0/0               2001:db8::2       2001:db8::2  AES_CBC_256/HMAC_SHA2_256_128/MODP_2048
peer_2001-db8--2_tunnel_0  up       24m9s     0B/0B           0/0               2001:db8::2       2001:db8::2  AES_CBC_256/HMAC_SHA2_256_128/MODP_2048
vyos@r14:~$

Raw data:

vyos@r14:~$ sudo /usr/libexec/vyos/op_mode/ipsec.py show_sa --raw
[
    {
        "peer_2001-db8--2": {
            "uniqueid": "3",
            "version": "2",
            "state": "ESTABLISHED",
            "local-host": "2001:db8::1",
            "local-port": "500",
            "local-id": "2001:db8::1",
            "remote-host": "2001:db8::2",
            "remote-port": "500",
            "remote-id": "2001:db8::2",
            "initiator-spi": "ea83139761112ad3",
            "responder-spi": "d6889910a3089834",
            "encr-alg": "AES_CBC",
            "encr-keysize": "256",
            "integ-alg": "HMAC_SHA2_256_128",
            "prf-alg": "PRF_HMAC_SHA2_256",
            "dh-group": "MODP_2048",
            "established": "1683",
            "rekey-time": "77805",
            "child-sas": {
                "peer_2001-db8--2_tunnel_0-826": {
                    "name": "peer_2001-db8--2_tunnel_0",
                    "uniqueid": "826",
                    "reqid": "1",
                    "state": "INSTALLED",
                    "mode": "TUNNEL",
                    "protocol": "ESP",
                    "spi-in": "c8470a07",
                    "spi-out": "cd671026",
                    "encr-alg": "AES_CBC",
                    "encr-keysize": "256",
                    "integ-alg": "HMAC_SHA2_256_128",
                    "dh-group": "MODP_2048",
                    "bytes-in": "0",
                    "packets-in": "0",
                    "bytes-out": "0",
                    "packets-out": "0",
                    "rekey-time": "1164",
                    "life-time": "27303",
                    "install-time": "1497",
                    "local-ts": [
                        "2001:db8:1111::/64"
                    ],
                    "remote-ts": [
                        "2001:db8:2222::/64"
                    ]
                },
                "peer_2001-db8--2_tunnel_0-961": {
                    "name": "peer_2001-db8--2_tunnel_0",
                    "uniqueid": "961",
                    "reqid": "1",
                    "state": "INSTALLED",
                    "mode": "TUNNEL",
                    "protocol": "ESP",
                    "spi-in": "c0f1d7ac",
                    "spi-out": "c079e41f",
                    "encr-alg": "AES_CBC",
                    "encr-keysize": "256",
                    "integ-alg": "HMAC_SHA2_256_128",
                    "dh-group": "MODP_2048",
                    "bytes-in": "0",
                    "packets-in": "0",
                    "bytes-out": "0",
                    "packets-out": "0",
                    "rekey-time": "1810",
                    "life-time": "28197",
                    "install-time": "603",
                    "local-ts": [
                        "2001:db8:1111::/64"
                    ],
                    "remote-ts": [
                        "2001:db8:2222::/64"
                    ]
                }
            }
        }
    }
]
vyos@r14:~$

Graphql query:

curl --raw 'https://localhost/graphql' \
  -H 'Content-Type: application/json' \
  -d '{"query":" {ShowSaIpsec (data: {key: \"foo\"}) {success errors data {result}}}"}'


{"data":{"ShowSaIpsec":{"success":true,"errors":null,"data":{"result":[{"peer_2001-db8--2":{"uniqueid":"3","version":"2","state":"ESTABLISHED","local-host":"2001:db8::1","local-port":"500","local-id":"2001:db8::1","remote-host":"2001:db8::2","remote-port":"500","remote-id":"2001:db8::2","initiator-spi":"ea83139761112ad3","responder-spi":"d6889910a3089834","encr-alg":"AES_CBC","encr-keysize":"256","integ-alg":"HMAC_SHA2_256_128","prf-alg":"PRF_HMAC_SHA2_256","dh-group":"MODP_2048","established":"931","rekey-time":"78557","child-sas":{"peer_2001-db8--2_tunnel_0-783":{"name":"peer_2001-db8--2_tunnel_0","uniqueid":"783","reqid":"1","state":"INSTALLED","mode":"TUNNEL","protocol":"ESP","spi-in":"cee3bc5c","spi-out":"c856f615","encr-alg":"AES_CBC","encr-keysize":"256","integ-alg":"HMAC_SHA2_256_128","dh-group":"MODP_2048","bytes-in":"0","packets-in":"0","bytes-out":"0","packets-out":"0","rekey-time":"3","life-time":"27959","install-time":"841","local-ts":["2001:db8:1111::/64"],"remote-ts":["2001:db8:2222::/64"]},"peer_2001-db8--2_tunnel_0-826":{"name":"peer_2001-db8--2_tunnel_0","uniqueid":"826","reqid":"1","state":"INSTALLED","mode":"TUNNEL","protocol":"ESP","spi-in":"c8470a07","spi-out":"cd671026","encr-alg":"AES_CBC","encr-keysize":"256","integ-alg":"HMAC_SHA2_256_128","dh-group":"MODP_2048","bytes-in":"0","packets-in":"0","bytes-out":"0","packets-out":"0","rekey-time":"1916","life-time":"28055","install-time":"745","local-ts":["2001:db8:1111::/64"],"remote-ts":["2001:db8:2222::/64"]}}}}]}}}}

Viacheslav changed the task status from Open to In progress.Aug 4 2022, 1:54 PM

Viacheslav claimed this task.

Restricted Repository Identity mentioned this in rVYOSONEXe8dc2c731697: Merge pull request #1458 from sever-sever/T4594.Aug 25 2022, 5:26 PM

Viacheslav mentioned this in rVYOSONEXdcf89afba457: ipsec: T4594: Rewrite op-mode show vpn ipsec sa.Aug 25 2022, 5:26 PM

Viacheslav mentioned this in rVYOSONEXe2259e25029a: utils: T4594: Add convert_data util.

Viacheslav closed this task as Resolved.Aug 29 2022, 8:07 AM

Viacheslav moved this task from Open to Finished on the VyOS 1.4 Sagitta board.

c-po mentioned this in rVYOSONEX13c453039216: ipsec: T4594: drop old show_ipsec_sa.py in favor of new implementation in ipsec..Dec 23 2022, 4:36 PM

Rewrite op-mode IPsec to vyos.opmode formatClosed, ResolvedPublicFEATURE REQUESTActions

Description

Details

Related ObjectsSearch...

Event Timeline

Rewrite op-mode IPsec to vyos.opmode format
Closed, ResolvedPublicFEATURE REQUEST
Actions

Related Objects
Search...