Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ipsec phase2 cleanup #21

Closed
zerwes opened this issue Sep 28, 2022 · 3 comments
Closed

ipsec phase2 cleanup #21

zerwes opened this issue Sep 28, 2022 · 3 comments
Assignees
@zerwes @fnateghi @potzblitzzz
Labels
enhancement New feature or request

Comments

@zerwes
Copy link
Collaborator

zerwes commented Sep 28, 2022

ipsec phase2 tunnels removed from config are not deleted in the xml / on the remote, they require a explicit

opn_unset:
  - ipsec/phase2[uniqid="ee0e6..."]
@zerwes zerwes added the enhancement New feature or request label Sep 28, 2022
@zerwes zerwes self-assigned this Sep 28, 2022
zerwes added a commit that referenced this issue Apr 17, 2023
@zerwes
#14 #21 added example to unset a ipsec phase2 entry
f34f2e4
@Jonybat
Copy link

Jonybat commented Apr 23, 2024
edited
Loading

How about adding something like this after the ipsecphase2.yml loop?

- name: "IPSec ike phase2 search configured uniqid for ikeid {{ ikeid }}"
  delegate_to: localhost
  xml:
    path: "{{ local_config_path }}"
    xpath: "/opnsense/ipsec/phase2[ikeid='{{ ikeid }}']/uniqid"
    content: text
  register: phase2ikeiduniqid_all

- name: "IPSec ike phase2 cleanup for ikeid {{ ikeid }}"
  delegate_to: localhost
  xml:
    path: "{{ local_config_path }}"
    xpath: "/opnsense/ipsec/phase2[ikeid='{{ ikeid }}' and uniqid='{{ item.uniqid }}']"
    state: absent
    pretty_print: yes
  when: item.uniqid not in ipsecphasevar.phase2
  with_items: "{{ phase2ikeiduniqid_all.matches }}"

@zerwes
Copy link
Collaborator Author

zerwes commented Apr 23, 2024

@Jonybat : thanks; yes, looks like a viable solution.
Would you like to open a PR? (would be great if you include a test for it)

@Jonybat Jonybat mentioned this issue May 13, 2024
Merged
@zerwes
Copy link
Collaborator Author

zerwes commented May 29, 2024

fixed in PR #67

@zerwes zerwes closed this as completed May 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zerwes zerwes

@fnateghi fnateghi

@potzblitzzz potzblitzzz

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Jonybat @zerwes @fnateghi @potzblitzzz