Lines 7-37
Link Here
|
7 |
# BEFORE: LOGIN |
7 |
# BEFORE: LOGIN |
8 |
# KEYWORD: shutdown |
8 |
# KEYWORD: shutdown |
9 |
|
9 |
|
|
|
10 |
# strongswan_enable (bool): Set it to "YES" to enable strongswan |
11 |
# Default is "NO" |
12 |
# strongswan_interface (string): Set the control interface to use. |
13 |
# Valid options are: |
14 |
# "stroke" for the old ipsec/starter interface |
15 |
# "vici" for the newer swanctl interface |
16 |
# Default is "stroke" |
17 |
|
10 |
. /etc/rc.subr |
18 |
. /etc/rc.subr |
11 |
|
19 |
|
12 |
name=strongswan |
20 |
name=strongswan |
|
|
21 |
desc="Strongswan IPsec startup script" |
13 |
rcvar=strongswan_enable |
22 |
rcvar=strongswan_enable |
14 |
|
23 |
|
|
|
24 |
load_rc_config $name |
25 |
|
26 |
: ${strongswan_enable:=NO} |
27 |
: ${strongswan_interface:="stroke"} |
28 |
|
15 |
extra_commands="reload statusall" |
29 |
extra_commands="reload statusall" |
16 |
|
30 |
|
17 |
load_rc_config $name |
31 |
charon_command=%%PREFIX%%/libexec/ipsec/charon |
|
|
32 |
charon_pidfile=/var/run/charon.pid |
33 |
swanctl_command=%%PREFIX%%/sbin/swanctl |
18 |
|
34 |
|
19 |
command="%%PREFIX%%/sbin/ipsec" |
35 |
case $strongswan_interface in |
|
|
36 |
# "stroke" |
37 |
[Ss][Tt][Rr][Oo][Kk][Ee]) |
38 |
command="%%PREFIX%%/sbin/ipsec" |
20 |
|
39 |
|
21 |
start_precmd="strongswan_precmd" |
40 |
start_precmd=command_args=start |
22 |
stop_cmd="strongswan_cmd" |
41 |
stop_cmd="${command} stop" |
23 |
status_cmd="strongswan_cmd" |
42 |
status_cmd="${command} status" |
24 |
reload_cmd="strongswan_cmd" |
43 |
reload_cmd="${command} reload" |
25 |
statusall_cmd="strongswan_cmd" |
44 |
statusall_cmd="${command} statusall" |
|
|
45 |
;; |
26 |
|
46 |
|
27 |
strongswan_precmd() |
47 |
# "vici" |
|
|
48 |
[Vv][Ii][Cc][Ii]) |
49 |
command=/usr/sbin/daemon |
50 |
pidfile=/var/run/daemon-charon.pid |
51 |
command_args="-S -P ${pidfile} ${charon_command} --use-syslog" |
52 |
|
53 |
required_files=${charon_command} |
54 |
extra_commands="reload statusall" |
55 |
|
56 |
start_postcmd=${name}_swanctl_poststart |
57 |
status_cmd="${swanctl_command} --stats" |
58 |
reload_cmd=${name}_swanctl_reload |
59 |
statusall_cmd=${name}_swanctl_statusall |
60 |
|
61 |
;; |
62 |
esac |
63 |
|
64 |
strongswan_swanctl_poststart() |
28 |
{ |
65 |
{ |
29 |
command_args=${rc_arg} |
66 |
local _waitmax=5 |
|
|
67 |
|
68 |
# Need to wait for charon to finish startup, else vici socket is unreadable |
69 |
while [ ! -f ${charon_pidfile} ] && [ ${_waitmax} -gt 0 ]; do |
70 |
sleep 1 |
71 |
_waitmax=$((_waitmax - 1)) |
72 |
done |
73 |
|
74 |
${swanctl_command} --load-all --noprompt |
30 |
} |
75 |
} |
31 |
|
76 |
|
32 |
strongswan_cmd() |
77 |
strongswan_swanctl_reload() |
33 |
{ |
78 |
{ |
34 |
${command} ${rc_arg} |
79 |
${swanctl_command} --reload-settings |
|
|
80 |
${swanctl_command} --load-all --noprompt |
35 |
} |
81 |
} |
36 |
|
82 |
|
|
|
83 |
strongswan_swanctl_statusall() |
84 |
{ |
85 |
${swanctl_command} --stats |
86 |
${swanctl_command} --list-conns |
87 |
${swanctl_command} --list-sas |
88 |
} |
89 |
|
37 |
run_rc_command "$1" |
90 |
run_rc_command "$1" |