Attachment #204703 for bug #236944

Lines 3-11 Link Here

(-)Makefile (-2 / +3 lines)
3		3
4	PORTNAME= strongswan	4	PORTNAME= strongswan
5	PORTVERSION= 5.8.0	5	PORTVERSION= 5.8.0
		6	PORTREVISION= 1
6	CATEGORIES= security	7	CATEGORIES= security
7	MASTER_SITES= http://download.strongswan.org/ \	8	MASTER_SITES= https://download.strongswan.org/ \
8	http://download2.strongswan.org/	9	https://download2.strongswan.org/
9		10
10	MAINTAINER= strongswan@nanoteq.com	11	MAINTAINER= strongswan@nanoteq.com
11	COMMENT= Open Source IKEv2 IPsec-based VPN solution	12	COMMENT= Open Source IKEv2 IPsec-based VPN solution




# strongswan_interface (string):
#	Set the control interface to use.
#	Valid options are:
#	"stroke" for the old ipsec/starter interface
#	"vici" for the newer swanctl interface
#	Default is "stroke"

. /etc/rc.subr

load_rc_config $name

: ${strongswan_enable:=NO}
strongswan_interface=${strongswan_interface:-"stroke"}

extra_commands="reload statusall"

charon_command=%%PREFIX%%/libexec/ipsec/charon
charon_pidfile=/var/run/charon.pid
swanctl_command=%%PREFIX%%/sbin/swanctl

case $strongswan_interface in
[Ss][Tt][Rr][Oo][Kk][Ee])
	# "stroke"

[Vv][Ii][Cc][Ii])
	# "vici"
	command=/usr/sbin/daemon
	charon_command=%%PREFIX%%/libexec/ipsec/charon
	charon_pidfile=/var/run/charon.pid
	swanctl_command=%%PREFIX%%/sbin/swanctl
	pidfile=/var/run/daemon-charon.pid
	command_args="-S -P ${pidfile} ${charon_command} --use-syslog"

	required_files=${charon_command}
	extra_commands="reload statusall"

	start_postcmd=${name}_swanctl_poststart
	status_cmd=${name}_swanctl_status
	stop_postcmd="wait_charon stop"
	reload_cmd=${name}_swanctl_reload
	statusall_cmd=${name}_swanctl_statusall
	;;

*)
	# "default"
	warn "\$strongswan_interface setting is invalid - supported options are \"stroke\" or \"vici\"."
	exit 1
	;;
esac

strongswan_swanctl_poststart()
{
	wait_charon

	# Need to wait for charon to finish startup,
	# else vici socket is unreadable
	while [ ! -f ${charon_pidfile} ] && [ ${_waitmax} -gt 0 ]; do
		sleep 1
		_waitmax=$((_waitmax - 1))
	done

	${swanctl_command} --load-all --noprompt
}

strongswan_swanctl_reload()
{
	check_charon

	${swanctl_command} --reload-settings
	${swanctl_command} --load-all --noprompt
}

strongswan_swanctl_status()
{
	check_charon

	${swanctl_command} --stats
}

strongswan_swanctl_statusall()
{
	check_charon

	${swanctl_command} --stats
	${swanctl_command} --list-conns
	${swanctl_command} --list-sas
}

check_charon()
{
	if [ ! -e "${charon_pidfile}" ]; then
		echo "${name} is not running." >&2
		exit 7
	fi
}

wait_charon()
{
	if [ "$1" = "stop" ]; then
		charon_status="[ -f ${charon_pidfile} ]"
	else
		charon_status="[ ! -f ${charon_pidfile} ]"
	fi

	local _waitmax=5

	# Need to wait for charon,
	# else vici socket is unreadable
	while eval "${charon_status}" && [ ${_waitmax} -gt 0 ]; do
		sleep 1
		_waitmax=$((_waitmax - 1))
	done
}

run_rc_command "$1"

Lines 2-5 Strongswan is an open source IPsec-based VPN solution. Link Here

(-)pkg-descr (-1 / +1 lines)
2	Strongswan for FreeBSD implements both the IKEv1 and IKEv2 (RFC 5996) key	2	Strongswan for FreeBSD implements both the IKEv1 and IKEv2 (RFC 5996) key
3	exchange protocols.	3	exchange protocols.
4		4
5	WWW: http://www.strongswan.org	5	WWW: https://www.strongswan.org

Return to bug 236944

Lines 13-20 Link Here

(-)files/strongswan.in (-21 / +48 lines)
13	# strongswan_interface (string):	13	# strongswan_interface (string):
14	# Set the control interface to use.	14	# Set the control interface to use.
15	# Valid options are:	15	# Valid options are:
16	# "stroke" for the old ipsec/startr interface	16	# "stroke" for the old ipsec/starter interface
17	# "vici" for the newer swanctl intrface	17	# "vici" for the newer swanctl interface
18	# Default is "stroke"	18	# Default is "stroke"
19		19
20	. /etc/rc.subr	20	. /etc/rc.subr
Lines 26-39 rcvar=strongswan_enable Link Here
26	load_rc_config $name	26	load_rc_config $name
27		27
28	: ${strongswan_enable:=NO}	28	: ${strongswan_enable:=NO}
29	: ${strongswan_interface:="stroke"}	29	strongswan_interface=${strongswan_interface:-"stroke"}
30		30
31	extra_commands="reload statusall"	31	extra_commands="reload statusall"
32		32
33	charon_command=%%PREFIX%%/libexec/ipsec/charon
34	charon_pidfile=/var/run/charon.pid
35	swanctl_command=%%PREFIX%%/sbin/swanctl
36
37	case $strongswan_interface in	33	case $strongswan_interface in
38	[Ss][Tt][Rr][Oo][Kk][Ee])	34	[Ss][Tt][Rr][Oo][Kk][Ee])
39	# "stroke"	35	# "stroke"
Lines 48-97 case $strongswan_interface in Link Here
48	[Vv][Ii][Cc][Ii])	44	[Vv][Ii][Cc][Ii])
49	# "vici"	45	# "vici"
50	command=/usr/sbin/daemon	46	command=/usr/sbin/daemon
		47	charon_command=%%PREFIX%%/libexec/ipsec/charon
		48	charon_pidfile=/var/run/charon.pid
		49	swanctl_command=%%PREFIX%%/sbin/swanctl
51	pidfile=/var/run/daemon-charon.pid	50	pidfile=/var/run/daemon-charon.pid
52	command_args="-S -P ${pidfile} ${charon_command} --use-syslog"	51	command_args="-S -P ${pidfile} ${charon_command} --use-syslog"
53		52
54	required_files=${charon_command}
55	extra_commands="reload statusall"
56
57	start_postcmd=${name}_swanctl_poststart	53	start_postcmd=${name}_swanctl_poststart
58	status_cmd="${swanctl_command} --stats"	54	status_cmd=${name}_swanctl_status
		55	stop_postcmd="wait_charon stop"
59	reload_cmd=${name}_swanctl_reload	56	reload_cmd=${name}_swanctl_reload
60	statusall_cmd=${name}_swanctl_statusall	57	statusall_cmd=${name}_swanctl_statusall
61	;;	58	;;
62		59
63	*)	60	*)
64	# "default"	61	# "default"
65	warn "\$strongswan_interface setting is invalid - options supported are \"stroke\" or \"vici\"."	62	warn "\$strongswan_interface setting is invalid - supported options are \"stroke\" or \"vici\"."
66	exit 1	63	exit 1
67	;;	64	;;
68	esac	65	esac
69		66
70	strongswan_swanctl_poststart()	67	strongswan_swanctl_poststart()
71	{	68	{
72	local _waitmax=5	69	wait_charon
73
74	# Need to wait for charon to finish startup,
75	# else vici socket is unreadable
76	while [ ! -f ${charon_pidfile} ] && [ ${_waitmax} -gt 0 ]; do
77	sleep 1
78	_waitmax=$((_waitmax - 1))
79	done
80		70
81	${swanctl_command} --load-all --noprompt	71	${swanctl_command} --load-all --noprompt
82	}	72	}
83		73
84	strongswan_swanctl_reload()	74	strongswan_swanctl_reload()
85	{	75	{
		76	check_charon
		77
86	${swanctl_command} --reload-settings	78	${swanctl_command} --reload-settings
87	${swanctl_command} --load-all --noprompt	79	${swanctl_command} --load-all --noprompt
88	}	80	}
89		81
		82	strongswan_swanctl_status()
		83	{
		84	check_charon
		85
		86	${swanctl_command} --stats
		87	}
		88
90	strongswan_swanctl_statusall()	89	strongswan_swanctl_statusall()
91	{	90	{
		91	check_charon
		92
92	${swanctl_command} --stats	93	${swanctl_command} --stats
93	${swanctl_command} --list-conns	94	${swanctl_command} --list-conns
94	${swanctl_command} --list-sas	95	${swanctl_command} --list-sas
95	}	96	}
96		97
		98	check_charon()
		99	{
		100	if [ ! -e "${charon_pidfile}" ]; then
		101	echo "${name} is not running." >&2
		102	exit 7
		103	fi
		104	}
		105
		106	wait_charon()
		107	{
		108	if [ "$1" = "stop" ]; then
		109	charon_status="[ -f ${charon_pidfile} ]"
		110	else
		111	charon_status="[ ! -f ${charon_pidfile} ]"
		112	fi
		113
		114	local _waitmax=5
		115
		116	# Need to wait for charon,
		117	# else vici socket is unreadable
		118	while eval "${charon_status}" && [ ${_waitmax} -gt 0 ]; do
		119	sleep 1
		120	_waitmax=$((_waitmax - 1))
		121	done
		122	}
		123
97	run_rc_command "$1"	124	run_rc_command "$1"