package/strongswan/files/ipsec.init

   1 #!/bin/sh /etc/rc.common
   2
   3 START=65
   4
   5 config_cb() {
   6         local cfg="$CONFIG_SECTION"
   7         local cfgt
   8         config_get cfgt "$cfg" TYPE
   9
  10         case "$cfgt" in
  11                 device)
  12                         config_get IPSEC_RESET_BUTTON           $cfg reset_button
  13                         config_get IPSEC_STATUS_LED_START       $cfg status_start
  14                         config_get IPSEC_STATUS_LED_VALID       $cfg status_valid
  15                         ;;
  16                 filter)
  17                         config_get IPSEC_UPDOWN_RULE_IN         $cfg rule_in
  18                         config_get IPSEC_UPDOWN_DEST_IN         $cfg dest_in
  19                         config_get IPSEC_UPDOWN_RULE_OUT        $cfg rule_out
  20                         config_get IPSEC_UPDOWN_DEST_OUT        $cfg dest_out
  21                         ;;
  22                 forward)
  23                         config_get IPSEC_UPDOWN_FWD_RULE_IN     $cfg rule_in
  24                         config_get IPSEC_UPDOWN_FWD_DEST_IN     $cfg dest_in
  25                         config_get IPSEC_UPDOWN_FWD_RULE_OUT    $cfg rule_out
  26                         config_get IPSEC_UPDOWN_FWD_DEST_OUT    $cfg dest_out
  27                         ;;
  28                 *)
  29                         ;;
  30         esac
  31 }
  32
  33 config_load ipsec
  34
  35 export IPSEC_RESET_BUTTON
  36 export IPSEC_STATUS_LED_START
  37 export IPSEC_STATUS_LED_VALID
  38
  39 export IPSEC_UPDOWN_RULE_IN
  40 export IPSEC_UPDOWN_DEST_IN
  41 export IPSEC_UPDOWN_RULE_OUT
  42 export IPSEC_UPDOWN_DEST_OUT
  43
  44 export IPSEC_UPDOWN_FWD_RULE_IN
  45 export IPSEC_UPDOWN_FWD_DEST_IN
  46 export IPSEC_UPDOWN_FWD_RULE_OUT
  47 export IPSEC_UPDOWN_FWD_DEST_OUT
  48
  49
  50 start() {
  51
  52         [ -f /etc/ipsec.conf      ] || exit
  53         [ -e /var/run/starter.pid ] && exit
  54
  55         /usr/sbin/ipsec _showstatus start
  56
  57         # stuff the dnsmasq cache in case dns is on our own subnet
  58         for peer in `grep left= /etc/ipsec.conf | \
  59                                 cut -f 1 -d% | cut -f 2 -d=` ; do
  60                 ping -c 1 $peer > /dev/null 2>&1
  61         done
  62
  63         /usr/sbin/ipsec start || exit
  64
  65         # work around broken routing behavior:
  66         # a route to the local wan segment will appear
  67         # the need was removed in the patched _updown script
  68
  69         while ! route -n | grep -q ipsec ; do sleep 1 ; done
  70
  71         defint=`route -n | awk '/^0.0.0.0/{print $8}'`
  72         defnet=`route -n | grep $defint | awk  '!/^0.0.0.0/{print $1}'`
  73         dnmask=`route -n | grep $defint | awk  '!/^0.0.0.0/{print $3}'`
  74         tundev=`route -n | grep $defnet | awk '/ipsec/{print $8}'`
  75
  76         route del -net $defnet netmask $dnmask dev $tundev
  77 }
  78
  79
  80 stop() {
  81
  82         /usr/sbin/ipsec stop 2> /dev/null
  83
  84         # wait until the shutdown actually happens
  85         while [ -e /var/run/starter.pid ] ; do
  86                 if [ -d /proc/`cat /var/run/starter.pid` ] ; then
  87                         sleep 1
  88                 else
  89                         rm /var/run/starter.pid
  90                 fi
  91         done
  92
  93         # kill any lingering processes
  94         while ps auxww | grep -q ipsec | grep -v init.d; do
  95                 kill `ps auxww | grep -v init.d | awk '/\/ipsec\//{print $1}'` 2> /dev/null
  96                 sleep 1
  97         done
  98
  99         ipsec _showstatus stop
 100 }
 101