diff -urNp openswan-2.6.32-orig/programs/pluto/ikev1.c openswan-2.6.32-cvs-patched/programs/pluto/ikev1.c
--- openswan-2.6.32-orig/programs/pluto/ikev1.c 2011-01-10 10:35:22.828933841 -0500
+++ openswan-2.6.32-cvs-patched/programs/pluto/ikev1.c 2011-01-10 15:16:42.837925358 -0500
@@ -2342,6 +2342,14 @@ complete_v1_state_transition(struct msg_
whack_log(RC_FATAL
, "encountered fatal error in state %s"
, enum_name(&state_names, st->st_state));
+#ifdef HAVE_NM
+ if (st->st_connection->remotepeertype == CISCO
+ && st->st_connection->nmconfigured) {
+ if(!do_command(st->st_connection, &st->st_connection->spd, "disconnectNM", st)) {
+ DBG(DBG_CONTROL, DBG_log("sending disconnect to NM failed, you may need to do it manually"));
+ }
+ }
+#endif
delete_event(st);
release_pending_whacks(st, "fatal error");
delete_state(st);
@@ -2369,7 +2377,14 @@ complete_v1_state_transition(struct msg_
DBG_log("state transition function for %s failed: %s"
, enum_name(&state_names, from_state)
, enum_name(&ipsec_notification_names, md->note)));
-
+#ifdef HAVE_NM
+ if (st->st_connection->remotepeertype == CISCO
+ && st->st_connection->nmconfigured) {
+ if(!do_command(st->st_connection, &st->st_connection->spd, "disconnectNM", st)) {
+ DBG(DBG_CONTROL, DBG_log("sending disconnect to NM failed, you may need to do it manually"));
+ }
+ }
+#endif
if(st!=NULL && IS_PHASE1_INIT(st->st_state)) {
delete_event(st);
release_whack(st);
diff -urNp openswan-2.6.32-orig/programs/pluto/ikev1.h openswan-2.6.32-cvs-patched/programs/pluto/ikev1.h
--- openswan-2.6.32-orig/programs/pluto/ikev1.h 2011-01-10 10:35:22.819933649 -0500
+++ openswan-2.6.32-cvs-patched/programs/pluto/ikev1.h 2011-01-10 15:16:53.145176142 -0500
@@ -136,4 +136,7 @@ aggr_id_and_auth(struct msg_digest *md
return oakley_id_and_auth(md, initiator, TRUE, cont_fn, kc);
}
+extern bool
+do_command(struct connection *c, struct spd_route *sr
+ , const char *verb, struct state *st);
#endif
diff -urNp openswan-2.6.32-orig/programs/pluto/kernel.c openswan-2.6.32-cvs-patched/programs/pluto/kernel.c
--- openswan-2.6.32-orig/programs/pluto/kernel.c 2011-01-10 10:35:22.822933527 -0500
+++ openswan-2.6.32-cvs-patched/programs/pluto/kernel.c 2011-01-10 15:18:12.089175282 -0500
@@ -478,7 +478,8 @@ fmt_common_shell_out(char *buf, int blen
return ((result>=blen) || (result<0))? -1 : result;
}
-static bool
+//static bool
+bool
do_command(struct connection *c, struct spd_route *sr, const char *verb, struct state *st)
{
const char *verb_suffix;
diff -urNp openswan-2.6.32-orig/programs/_updown.netkey/_updown.netkey.in openswan-2.6.32-cvs-patched/programs/_updown.netkey/_updown.netkey.in
--- openswan-2.6.32-orig/programs/_updown.netkey/_updown.netkey.in 2011-01-10 11:12:08.214175652 -0500
+++ openswan-2.6.32-cvs-patched/programs/_updown.netkey/_updown.netkey.in 2011-01-10 15:16:06.178175920 -0500
@@ -261,11 +261,29 @@ if [ -z "$PLUTO_NM_CONFIGURED" -o "$PLUT
rm -f -- "$OPENSWAN_RESOLV_CONF"
return 0
else
+# Here disconnect signal is sent to NetworkManager
+# whenever an already established connection is being terminated.
+ unset openswan_reason
+ unset PLUTO_CISCO_DOMAIN_INFO
+ unset PLUTO_CISCO_DNS_INFO
+ unset PLUTO_PEER_BANNER
+ unset PLUTO_MY_SOURCEIP
+ unset PLUTO_PEER
echo "Restoring resolv.conf is controlled by Network Manager"
- return 0
+ disconnectNM
fi
+}
-
+disconnectNM() {
+# This will be called whenever a connection fails to establish
+# due to a state (either phase 1, xauth phase, or phase 2) fails.
+# This will send a singal to NetworkManager over dbus so that NM
+# can clear up coonnections.
+ openswan_reason=disconnect
+ export openswan_reason
+ echo "sending disconnect signal to NetworkManager"
+ /usr/libexec/nm-openswan-service-helper
+ return 0
}
addsource() {
@@ -400,6 +418,10 @@ case "$PLUTO_VERB" in
# restoring resolv.conf
restoreresolvconf
;;
+ disconnectNM-host|disconnectNM-client)
+ # sending disconnect signal to NM, as something went wrong.
+ disconnectNM
+ ;;
#
# IPv6
#
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
e8916e5cb6487118130934db089d8fa5
>
files
>
10
