From e7efd0d95bd568ae2af5b6673bd273967f80f046 Mon Sep 17 00:00:00 2001
From: Sheng Yang <sheng.yang@citrix.com>
Date: Fri, 10 Aug 2012 10:57:12 -0700
Subject: [PATCH] S2S VPN: Don't consider VPN is down if IPsec SA still existed

Because ISAKMP SA wouldn't be updated after expiration if IPsec SA is still in
affect.
---
 .../debian/config/opt/cloud/bin/checks2svpn.sh  | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/patches/systemvm/debian/config/opt/cloud/bin/checks2svpn.sh b/patches/systemvm/debian/config/opt/cloud/bin/checks2svpn.sh
index e6bf9e52d31..cecc38af968 100755
--- a/patches/systemvm/debian/config/opt/cloud/bin/checks2svpn.sh
+++ b/patches/systemvm/debian/config/opt/cloud/bin/checks2svpn.sh
@@ -2,8 +2,8 @@
 
 if [ -z $1 ]
 then
-	echo "Fail to find VPN peer address!"
-	exit 1
+    echo "Fail to find VPN peer address!"
+    exit 1
 fi
 
 ipsec auto --status | grep vpn-$1 > /tmp/vpn-$1.status
@@ -12,19 +12,18 @@ cat /tmp/vpn-$1.status | grep "ISAKMP SA established" > /dev/null
 isakmpok=$?
 if [ $isakmpok -ne 0 ]
 then
-	echo -n "ISAKMP SA not found"
-        echo "Site-to-site VPN have not connected"
-	exit 12
+    echo -n "ISAKMP SA NOT found but checking IPsec;"
+else
+    echo -n "ISAKMP SA found;"
 fi
-echo -n "ISAKMP SA found;"
 
 cat /tmp/vpn-$1.status | grep "IPsec SA established" > /dev/null
 ipsecok=$?
 if [ $ipsecok -ne 0 ]
 then
-	echo -n "IPsec SA not found;"
-        echo "Site-to-site VPN have not connected"
-	exit 11
+    echo -n "IPsec SA not found;"
+    echo "Site-to-site VPN have not connected"
+    exit 11
 fi
 echo -n "IPsec SA found;"
 echo "Site-to-site VPN have connected"