forked from rucarrol/utils
-
Notifications
You must be signed in to change notification settings - Fork 0
/
py_route.py
75 lines (61 loc) · 3.42 KB
/
py_route.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
import boto3
import json
import re
import xml.etree.ElementTree as ET
import pprint
def amzn_xml_to_json ( amzn_xml ):
root = ET.fromstring(amzn_xml)
ret = []
for tunnel in root.findall("ipsec_tunnel"):
tun = {}
# Local Params of the VPN gateway
tun['cgw_tunnel_outside_address'] = tunnel.find("customer_gateway/tunnel_outside_address/ip_address").text
tun['cgw_tunnel_inside_address'] = tunnel.find("customer_gateway/tunnel_inside_address/ip_address").text
tun['cgw_tunnel_inside_mask'] = tunnel.find("customer_gateway/tunnel_inside_address/network_mask").text
tun['cgw_cidr'] = tunnel.find("customer_gateway/tunnel_inside_address/network_cidr").text
tun['cgw_bgp_asn'] = tunnel.find("customer_gateway/bgp/asn").text
tun['cgw_bgp_holdtime'] = tunnel.find("customer_gateway/bgp/hold_time").text
# Amazon's side of the VPN gateway
tun['vpn_tunnel_outside_address'] = tunnel.find("vpn_gateway/tunnel_outside_address/ip_address").text
tun['vpn_tunnel_inside_address'] = tunnel.find("vpn_gateway/tunnel_inside_address/ip_address").text
tun['vpn_tunnel_inside_mask'] = tunnel.find("vpn_gateway/tunnel_inside_address/network_mask").text
tun['vpn_cidr'] = tunnel.find("vpn_gateway/tunnel_inside_address/network_cidr").text
tun['vpn_bgp_asn'] = tunnel.find("vpn_gateway/bgp/asn").text
tun['vpn_bgp_holdtime'] = tunnel.find("vpn_gateway/bgp/hold_time").text
# IPSec specific params
## Phase 1
tun['ike_authentication_protocol'] = tunnel.find("ike/authentication_protocol").text
tun['ike_encryption_protocol'] = tunnel.find("ike/encryption_protocol").text
tun['ike_lifetime'] = tunnel.find("ike/lifetime").text
tun['ike_perfect_forward_secrecy'] = tunnel.find("ike/perfect_forward_secrecy").text
tun['ike_mode'] = tunnel.find("ike/mode").text
tun['ike_pre_shared_key'] = tunnel.find("ike/pre_shared_key").text
## Phase 2
tun['ipsec_protocol'] = tunnel.find("ipsec/protocol").text
tun['ipsec_authentication_protocol'] = tunnel.find("ipsec/authentication_protocol").text
tun['ipsec_encryption_protocol'] = tunnel.find("ipsec/encryption_protocol").text
tun['ipsec_lifetime'] = tunnel.find("ipsec/lifetime").text
tun['ipsec_perfect_forward_secrecy'] = tunnel.find("ipsec/perfect_forward_secrecy").text
tun['ipsec_mode'] = tunnel.find("ipsec/mode").text
tun['ipsec_clear_df_bit'] = tunnel.find("ipsec/clear_df_bit").text
tun['ipsec_fragmentation_before_encryption'] = tunnel.find("ipsec/fragmentation_before_encryption").text
tun['ipsec_tcp_mss_adjustment'] = tunnel.find("ipsec/tcp_mss_adjustment").text
tun['ipsec_dpd_interval'] = tunnel.find("ipsec/dead_peer_detection/interval").text
tun['ipsec_dpd_retries'] = tunnel.find("ipsec/dead_peer_detection/retries").text
ret.append(tun)
return ret
def main():
## Main
client = boto3.client('ec2', region_name='eu-central-1')
response = client.describe_vpn_connections( DryRun=False, )
vpns = response["VpnConnections"]
i = 0
conf = {}
for child in vpns:
for key, value in child.iteritems():
if re.search("CustomerGatewayConfiguration", key):
conf[i] = amzn_xml_to_json(value)
i += 1
pprint.pprint(conf)
if __name__ == "__main__":
main()