summaryrefslogtreecommitdiffstats
path: root/package/strongswan/files/ipsec.init
blob: 4e8b8a2166c4b86138eedc48a00ee1024cfa927c (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101

#!/bin/sh /etc/rc.common

START=65

config_cb() {
	local cfg="$CONFIG_SECTION"
	local cfgt
	config_get cfgt "$cfg" TYPE

	case "$cfgt" in
		device)
			config_get IPSEC_RESET_BUTTON		$cfg reset_button
			config_get IPSEC_STATUS_LED_START	$cfg status_start
			config_get IPSEC_STATUS_LED_VALID	$cfg status_valid
			;;
		filter)
			config_get IPSEC_UPDOWN_RULE_IN		$cfg rule_in
			config_get IPSEC_UPDOWN_DEST_IN		$cfg dest_in
			config_get IPSEC_UPDOWN_RULE_OUT	$cfg rule_out
			config_get IPSEC_UPDOWN_DEST_OUT	$cfg dest_out
			;;
		forward)
			config_get IPSEC_UPDOWN_FWD_RULE_IN	$cfg rule_in
			config_get IPSEC_UPDOWN_FWD_DEST_IN	$cfg dest_in
			config_get IPSEC_UPDOWN_FWD_RULE_OUT	$cfg rule_out
			config_get IPSEC_UPDOWN_FWD_DEST_OUT	$cfg dest_out
			;;
		*)
			;;
	esac
}

config_load ipsec

export IPSEC_RESET_BUTTON
export IPSEC_STATUS_LED_START
export IPSEC_STATUS_LED_VALID

export IPSEC_UPDOWN_RULE_IN
export IPSEC_UPDOWN_DEST_IN
export IPSEC_UPDOWN_RULE_OUT
export IPSEC_UPDOWN_DEST_OUT

export IPSEC_UPDOWN_FWD_RULE_IN
export IPSEC_UPDOWN_FWD_DEST_IN
export IPSEC_UPDOWN_FWD_RULE_OUT
export IPSEC_UPDOWN_FWD_DEST_OUT


start() {

	[ -f /etc/ipsec.conf      ] || exit
	[ -e /var/run/starter.pid ] && exit

	/usr/sbin/ipsec _showstatus start
	
	# stuff the dnsmasq cache in case dns is on our own subnet
	for peer in `grep left= /etc/ipsec.conf | \
				cut -f 1 -d% | cut -f 2 -d=` ; do
		ping -c 1 $peer > /dev/null 2>&1
	done
	
	/usr/sbin/ipsec start || exit
	
	# work around broken routing behavior:
	# a route to the local wan segment will appear
	# the need was removed in the patched _updown script

	while ! route -n | grep -q ipsec ; do sleep 1 ; done

	defint=`route -n | awk '/^0.0.0.0/{print $8}'`
	defnet=`route -n | grep $defint | awk  '!/^0.0.0.0/{print $1}'`
	dnmask=`route -n | grep $defint | awk  '!/^0.0.0.0/{print $3}'`
	tundev=`route -n | grep $defnet | awk '/ipsec/{print $8}'`
	
	route del -net $defnet netmask $dnmask dev $tundev
}


stop() {

	/usr/sbin/ipsec stop 2> /dev/null

	# wait until the shutdown actually happens
	while [ -e /var/run/starter.pid ] ; do
		if [ -d /proc/`cat /var/run/starter.pid` ] ; then
			sleep 1
		else
			rm /var/run/starter.pid
		fi
	done

	# kill any lingering processes
	while ps auxww | grep -q ipsec | grep -v init.d; do
		kill `ps auxww | grep -v init.d | awk '/\/ipsec\//{print $1}'` 2> /dev/null
		sleep 1
	done

 	ipsec _showstatus stop
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-30 22:02:03 +0000