|
Lines 7-37
Link Here
|
| 7 |
# BEFORE: LOGIN |
7 |
# BEFORE: LOGIN |
| 8 |
# KEYWORD: shutdown |
8 |
# KEYWORD: shutdown |
| 9 |
|
9 |
|
|
|
10 |
# strongswan_enable (bool): Set it to "YES" to enable strongswan |
| 11 |
# Default is "NO" |
| 12 |
# strongswan_interface (string): Set the control interface to use. |
| 13 |
# Valid options are: |
| 14 |
# "stroke" for the old ipsec/starter interface |
| 15 |
# "vici" for the newer swanctl interface |
| 16 |
# Default is "stroke" |
| 17 |
|
| 10 |
. /etc/rc.subr |
18 |
. /etc/rc.subr |
| 11 |
|
19 |
|
| 12 |
name=strongswan |
20 |
name=strongswan |
|
|
21 |
desc="Strongswan IPsec startup script" |
| 13 |
rcvar=strongswan_enable |
22 |
rcvar=strongswan_enable |
| 14 |
|
23 |
|
|
|
24 |
load_rc_config $name |
| 25 |
|
| 26 |
: ${strongswan_enable:=NO} |
| 27 |
: ${strongswan_interface:="stroke"} |
| 28 |
|
| 15 |
extra_commands="reload statusall" |
29 |
extra_commands="reload statusall" |
| 16 |
|
30 |
|
| 17 |
load_rc_config $name |
31 |
charon_command=%%PREFIX%%/libexec/ipsec/charon |
|
|
32 |
charon_pidfile=/var/run/charon.pid |
| 33 |
swanctl_command=%%PREFIX%%/sbin/swanctl |
| 18 |
|
34 |
|
| 19 |
command="%%PREFIX%%/sbin/ipsec" |
35 |
case $strongswan_interface in |
|
|
36 |
# "stroke" |
| 37 |
[Ss][Tt][Rr][Oo][Kk][Ee]) |
| 38 |
command="%%PREFIX%%/sbin/ipsec" |
| 20 |
|
39 |
|
| 21 |
start_precmd="strongswan_precmd" |
40 |
start_precmd=command_args=start |
| 22 |
stop_cmd="strongswan_cmd" |
41 |
stop_cmd="${command} stop" |
| 23 |
status_cmd="strongswan_cmd" |
42 |
status_cmd="${command} status" |
| 24 |
reload_cmd="strongswan_cmd" |
43 |
reload_cmd="${command} reload" |
| 25 |
statusall_cmd="strongswan_cmd" |
44 |
statusall_cmd="${command} statusall" |
|
|
45 |
;; |
| 26 |
|
46 |
|
| 27 |
strongswan_precmd() |
47 |
# "vici" |
|
|
48 |
[Vv][Ii][Cc][Ii]) |
| 49 |
command=/usr/sbin/daemon |
| 50 |
pidfile=/var/run/daemon-charon.pid |
| 51 |
command_args="-S -P ${pidfile} ${charon_command} --use-syslog" |
| 52 |
|
| 53 |
required_files=${charon_command} |
| 54 |
extra_commands="reload statusall" |
| 55 |
|
| 56 |
start_postcmd=${name}_swanctl_poststart |
| 57 |
status_cmd="${swanctl_command} --stats" |
| 58 |
reload_cmd=${name}_swanctl_reload |
| 59 |
statusall_cmd=${name}_swanctl_statusall |
| 60 |
|
| 61 |
;; |
| 62 |
esac |
| 63 |
|
| 64 |
strongswan_swanctl_poststart() |
| 28 |
{ |
65 |
{ |
| 29 |
command_args=${rc_arg} |
66 |
local _waitmax=5 |
|
|
67 |
|
| 68 |
# Need to wait for charon to finish startup, else vici socket is unreadable |
| 69 |
while [ ! -f ${charon_pidfile} ] && [ ${_waitmax} -gt 0 ]; do |
| 70 |
sleep 1 |
| 71 |
_waitmax=$((_waitmax - 1)) |
| 72 |
done |
| 73 |
|
| 74 |
${swanctl_command} --load-all --noprompt |
| 30 |
} |
75 |
} |
| 31 |
|
76 |
|
| 32 |
strongswan_cmd() |
77 |
strongswan_swanctl_reload() |
| 33 |
{ |
78 |
{ |
| 34 |
${command} ${rc_arg} |
79 |
${swanctl_command} --reload-settings |
|
|
80 |
${swanctl_command} --load-all --noprompt |
| 35 |
} |
81 |
} |
| 36 |
|
82 |
|
|
|
83 |
strongswan_swanctl_statusall() |
| 84 |
{ |
| 85 |
${swanctl_command} --stats |
| 86 |
${swanctl_command} --list-conns |
| 87 |
${swanctl_command} --list-sas |
| 88 |
} |
| 89 |
|
| 37 |
run_rc_command "$1" |
90 |
run_rc_command "$1" |