Page MenuHomeVyOS Platform

Rewrite op-mode IPsec to vyos.opmode format
In progress, Requires assessmentPublicFEATURE REQUEST

Description

Rewrite op-mode IPsec commands to vyos.opmode format

show vpn ipsec sa

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Improvement (missing useful functionality)

Related Objects

StatusSubtypeAssignedTask
OpenFEATURE REQUESTNone
In progressFEATURE REQUESTViacheslav

Event Timeline

PR https://github.com/vyos/vyos-1x/pull/1458
Formatted output

[email protected]:~$ show vpn ipsec sa
Connection                 State    Uptime    Bytes In/Out    Packets In/Out    Remote address    Remote ID    Proposal
-------------------------  -------  --------  --------------  ----------------  ----------------  -----------  ---------------------------------------
peer_2001-db8--2_tunnel_0  up       9m15s     0B/0B           0/0               2001:db8::2       2001:db8::2  AES_CBC_256/HMAC_SHA2_256_128/MODP_2048
peer_2001-db8--2_tunnel_0  up       24m9s     0B/0B           0/0               2001:db8::2       2001:db8::2  AES_CBC_256/HMAC_SHA2_256_128/MODP_2048
[email protected]:~$

Raw data:

[email protected]:~$ sudo /usr/libexec/vyos/op_mode/ipsec.py show_sa --raw
[
    {
        "peer_2001-db8--2": {
            "uniqueid": "3",
            "version": "2",
            "state": "ESTABLISHED",
            "local-host": "2001:db8::1",
            "local-port": "500",
            "local-id": "2001:db8::1",
            "remote-host": "2001:db8::2",
            "remote-port": "500",
            "remote-id": "2001:db8::2",
            "initiator-spi": "ea83139761112ad3",
            "responder-spi": "d6889910a3089834",
            "encr-alg": "AES_CBC",
            "encr-keysize": "256",
            "integ-alg": "HMAC_SHA2_256_128",
            "prf-alg": "PRF_HMAC_SHA2_256",
            "dh-group": "MODP_2048",
            "established": "1683",
            "rekey-time": "77805",
            "child-sas": {
                "peer_2001-db8--2_tunnel_0-826": {
                    "name": "peer_2001-db8--2_tunnel_0",
                    "uniqueid": "826",
                    "reqid": "1",
                    "state": "INSTALLED",
                    "mode": "TUNNEL",
                    "protocol": "ESP",
                    "spi-in": "c8470a07",
                    "spi-out": "cd671026",
                    "encr-alg": "AES_CBC",
                    "encr-keysize": "256",
                    "integ-alg": "HMAC_SHA2_256_128",
                    "dh-group": "MODP_2048",
                    "bytes-in": "0",
                    "packets-in": "0",
                    "bytes-out": "0",
                    "packets-out": "0",
                    "rekey-time": "1164",
                    "life-time": "27303",
                    "install-time": "1497",
                    "local-ts": [
                        "2001:db8:1111::/64"
                    ],
                    "remote-ts": [
                        "2001:db8:2222::/64"
                    ]
                },
                "peer_2001-db8--2_tunnel_0-961": {
                    "name": "peer_2001-db8--2_tunnel_0",
                    "uniqueid": "961",
                    "reqid": "1",
                    "state": "INSTALLED",
                    "mode": "TUNNEL",
                    "protocol": "ESP",
                    "spi-in": "c0f1d7ac",
                    "spi-out": "c079e41f",
                    "encr-alg": "AES_CBC",
                    "encr-keysize": "256",
                    "integ-alg": "HMAC_SHA2_256_128",
                    "dh-group": "MODP_2048",
                    "bytes-in": "0",
                    "packets-in": "0",
                    "bytes-out": "0",
                    "packets-out": "0",
                    "rekey-time": "1810",
                    "life-time": "28197",
                    "install-time": "603",
                    "local-ts": [
                        "2001:db8:1111::/64"
                    ],
                    "remote-ts": [
                        "2001:db8:2222::/64"
                    ]
                }
            }
        }
    }
]
[email protected]:~$

Graphql query:

curl --raw 'https://localhost/graphql' \
  -H 'Content-Type: application/json' \
  -d '{"query":" {ShowSaIpsec (data: {key: \"foo\"}) {success errors data {result}}}"}'


{"data":{"ShowSaIpsec":{"success":true,"errors":null,"data":{"result":[{"peer_2001-db8--2":{"uniqueid":"3","version":"2","state":"ESTABLISHED","local-host":"2001:db8::1","local-port":"500","local-id":"2001:db8::1","remote-host":"2001:db8::2","remote-port":"500","remote-id":"2001:db8::2","initiator-spi":"ea83139761112ad3","responder-spi":"d6889910a3089834","encr-alg":"AES_CBC","encr-keysize":"256","integ-alg":"HMAC_SHA2_256_128","prf-alg":"PRF_HMAC_SHA2_256","dh-group":"MODP_2048","established":"931","rekey-time":"78557","child-sas":{"peer_2001-db8--2_tunnel_0-783":{"name":"peer_2001-db8--2_tunnel_0","uniqueid":"783","reqid":"1","state":"INSTALLED","mode":"TUNNEL","protocol":"ESP","spi-in":"cee3bc5c","spi-out":"c856f615","encr-alg":"AES_CBC","encr-keysize":"256","integ-alg":"HMAC_SHA2_256_128","dh-group":"MODP_2048","bytes-in":"0","packets-in":"0","bytes-out":"0","packets-out":"0","rekey-time":"3","life-time":"27959","install-time":"841","local-ts":["2001:db8:1111::/64"],"remote-ts":["2001:db8:2222::/64"]},"peer_2001-db8--2_tunnel_0-826":{"name":"peer_2001-db8--2_tunnel_0","uniqueid":"826","reqid":"1","state":"INSTALLED","mode":"TUNNEL","protocol":"ESP","spi-in":"c8470a07","spi-out":"cd671026","encr-alg":"AES_CBC","encr-keysize":"256","integ-alg":"HMAC_SHA2_256_128","dh-group":"MODP_2048","bytes-in":"0","packets-in":"0","bytes-out":"0","packets-out":"0","rekey-time":"1916","life-time":"28055","install-time":"745","local-ts":["2001:db8:1111::/64"],"remote-ts":["2001:db8:2222::/64"]}}}}]}}}}
Viacheslav changed the task status from Open to In progress.Thu, Aug 4, 1:54 PM
Viacheslav claimed this task.