Index: security/strongswan/Makefile =================================================================== --- security/strongswan/Makefile (revision 494023) +++ security/strongswan/Makefile (working copy) @@ -3,6 +3,7 @@ PORTNAME= strongswan PORTVERSION= 5.7.2 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= http://download.strongswan.org/ \ http://download2.strongswan.org/ Index: security/strongswan/files/strongswan.in =================================================================== --- security/strongswan/files/strongswan.in (revision 494023) +++ security/strongswan/files/strongswan.in (working copy) @@ -7,31 +7,84 @@ # BEFORE: LOGIN # KEYWORD: shutdown +# strongswan_enable (bool): Set it to "YES" to enable strongswan +# Default is "NO" +# strongswan_interface (string): Set the control interface to use. +# Valid options are: +# "stroke" for the old ipsec/starter interface +# "vici" for the newer swanctl interface +# Default is "stroke" + . /etc/rc.subr name=strongswan +desc="Strongswan IPsec startup script" rcvar=strongswan_enable +load_rc_config $name + +: ${strongswan_enable:=NO} +: ${strongswan_interface:="stroke"} + extra_commands="reload statusall" -load_rc_config $name +charon_command=%%PREFIX%%/libexec/ipsec/charon +charon_pidfile=/var/run/charon.pid +swanctl_command=%%PREFIX%%/sbin/swanctl -command="%%PREFIX%%/sbin/ipsec" +case $strongswan_interface in +# "stroke" +[Ss][Tt][Rr][Oo][Kk][Ee]) + command="%%PREFIX%%/sbin/ipsec" -start_precmd="strongswan_precmd" -stop_cmd="strongswan_cmd" -status_cmd="strongswan_cmd" -reload_cmd="strongswan_cmd" -statusall_cmd="strongswan_cmd" + start_precmd=command_args=start + stop_cmd="${command} stop" + status_cmd="${command} status" + reload_cmd="${command} reload" + statusall_cmd="${command} statusall" + ;; -strongswan_precmd() +# "vici" +[Vv][Ii][Cc][Ii]) + command=/usr/sbin/daemon + pidfile=/var/run/daemon-charon.pid + command_args="-S -P ${pidfile} ${charon_command} --use-syslog" + + required_files=${charon_command} + extra_commands="reload statusall" + + start_postcmd=${name}_swanctl_poststart + status_cmd="${swanctl_command} --stats" + reload_cmd=${name}_swanctl_reload + statusall_cmd=${name}_swanctl_statusall + + ;; +esac + +strongswan_swanctl_poststart() { - command_args=${rc_arg} + local _waitmax=5 + + # Need to wait for charon to finish startup, else vici socket is unreadable + while [ ! -f ${charon_pidfile} ] && [ ${_waitmax} -gt 0 ]; do + sleep 1 + _waitmax=$((_waitmax - 1)) + done + + ${swanctl_command} --load-all --noprompt } -strongswan_cmd() +strongswan_swanctl_reload() { - ${command} ${rc_arg} + ${swanctl_command} --reload-settings + ${swanctl_command} --load-all --noprompt } +strongswan_swanctl_statusall() +{ + ${swanctl_command} --stats + ${swanctl_command} --list-conns + ${swanctl_command} --list-sas +} + run_rc_command "$1"