mirror of
https://github.com/strongswan/strongswan.git
synced 2025-10-05 00:00:45 -04:00
9e88c3f32e
In particular the swanctl calls all take a while and this allows doing them in parallel if multiple hosts are involved. This reduces the runtime of each test by 1-3 seconds.
123 lines
2.5 KiB
Bash
Executable File
123 lines
2.5 KiB
Bash
Executable File
#! /bin/bash
|
|
|
|
while getopts "46idt:lr" opt
|
|
do
|
|
case "$opt" in
|
|
4)
|
|
IPV4=YES
|
|
;;
|
|
6)
|
|
IPV6=YES
|
|
;;
|
|
i)
|
|
IPSEC=YES
|
|
;;
|
|
d)
|
|
DB=YES
|
|
;;
|
|
t)
|
|
ROUTING_TABLE=${OPTARG}
|
|
;;
|
|
l)
|
|
LEGACY=YES
|
|
;;
|
|
r)
|
|
RADIUS=YES
|
|
;;
|
|
esac
|
|
done
|
|
shift $((OPTIND-1))
|
|
|
|
NAME=$(hostname)
|
|
OUTPUT_DIR=$1
|
|
|
|
if [ -z "$OUTPUT_DIR" ]
|
|
then
|
|
exit 1
|
|
fi
|
|
|
|
# create/clear output dir
|
|
mkdir -p $OUTPUT_DIR
|
|
rm -f $OUTPUT_DIR/*
|
|
|
|
# collect networking output
|
|
if [ -n "$IPV4" ]
|
|
then
|
|
{ ip route list table $ROUTING_TABLE; echo; } >> ${OUTPUT_DIR}/${NAME}.ip.route
|
|
{ iptables-save; echo; } >> ${OUTPUT_DIR}/${NAME}.iptables-save
|
|
{
|
|
echo -e '=== filter table ==='
|
|
iptables -v -n -L
|
|
echo -e '\n=== nat table ==='
|
|
iptables -v -n -t nat -L
|
|
echo -e '\n=== mangle table ==='
|
|
iptables -v -n -t mangle -L
|
|
echo
|
|
} >> ${OUTPUT_DIR}/${NAME}.iptables
|
|
fi
|
|
|
|
if [ -n "$IPV6" ]
|
|
then
|
|
ip -6 route list table $ROUTING_TABLE >> ${OUTPUT_DIR}/${NAME}.ip.route
|
|
ip6tables-save >> ${OUTPUT_DIR}/${NAME}.iptables-save
|
|
{
|
|
echo -e '=== filter table ==='
|
|
ip6tables -v -n -L
|
|
echo -e '\n=== nat table ==='
|
|
ip6tables -v -n -t nat -L
|
|
echo -e '\n=== mangle table ==='
|
|
ip6tables -v -n -t mangle -L
|
|
} >> ${OUTPUT_DIR}/${NAME}.iptables
|
|
fi
|
|
|
|
# collect DB scheme/data
|
|
if [ -n "$DB" ]
|
|
then
|
|
cp /etc/db.d/ipsec.sql ${OUTPUT_DIR}/${NAME}.ipsec.sql >/dev/null 2>&1
|
|
fi
|
|
|
|
# collect XFRM and strongSwan output
|
|
if [ -n "$IPSEC" ]
|
|
then
|
|
ip -s xfrm policy > ${OUTPUT_DIR}/${NAME}.ip.policy
|
|
ip -s xfrm state > ${OUTPUT_DIR}/${NAME}.ip.state
|
|
|
|
cp /etc/strongswan.conf ${OUTPUT_DIR}/${NAME}.strongswan.conf
|
|
if [ -n "$LEGACY" ]
|
|
then
|
|
for file in ipsec.conf ipsec.secrets
|
|
do
|
|
cp /etc/$file ${OUTPUT_DIR}/${NAME}.$file
|
|
done
|
|
|
|
for command in statusall listall
|
|
do
|
|
ipsec $command > ${OUTPUT_DIR}/${NAME}.$command
|
|
done
|
|
else
|
|
cp /etc/swanctl/swanctl.conf ${OUTPUT_DIR}/${NAME}.swanctl.conf
|
|
|
|
swanctl --stats > ${OUTPUT_DIR}/${NAME}.swanctl.stats 2>&1
|
|
|
|
for subsys in conns algs certs pools authorities sas pols
|
|
do
|
|
swanctl --list-$subsys > ${OUTPUT_DIR}/${NAME}.swanctl.$subsys 2>&1
|
|
done
|
|
fi
|
|
if [ ! -f ${OUTPUT_DIR}/${NAME}.ipsec.sql ]
|
|
then
|
|
cp /etc/ipsec.d/ipsec.sql ${OUTPUT_DIR}/${NAME}.ipsec.sql >/dev/null 2>&1
|
|
fi
|
|
fi
|
|
|
|
# collect RADIUS output
|
|
if [ -n "$RADIUS" ]
|
|
then
|
|
for file in clients.conf radiusd.conf proxy.conf users sites-enabled/default sites-enabled/inner-tunnel mods-enabled/eap
|
|
do
|
|
cp /etc/freeradius/3.0/$file ${OUTPUT_DIR}/${NAME}.$(basename $file) >/dev/null 2>&1
|
|
done
|
|
|
|
cp /var/log/freeradius/radius.log ${OUTPUT_DIR}/${NAME}.radius.log
|
|
fi
|