aboutsummaryrefslogtreecommitdiffstats
path: root/package/strongswan/files/ipsec.init
diff options
context:
space:
mode:
Diffstat (limited to 'package/strongswan/files/ipsec.init')
-rw-r--r--package/strongswan/files/ipsec.init101
1 files changed, 101 insertions, 0 deletions
diff --git a/package/strongswan/files/ipsec.init b/package/strongswan/files/ipsec.init
new file mode 100644
index 0000000000..4e8b8a2166
--- /dev/null
+++ b/package/strongswan/files/ipsec.init
@@ -0,0 +1,101 @@
+#!/bin/sh /etc/rc.common
+
+START=65
+
+config_cb() {
+ local cfg="$CONFIG_SECTION"
+ local cfgt
+ config_get cfgt "$cfg" TYPE
+
+ case "$cfgt" in
+ device)
+ config_get IPSEC_RESET_BUTTON $cfg reset_button
+ config_get IPSEC_STATUS_LED_START $cfg status_start
+ config_get IPSEC_STATUS_LED_VALID $cfg status_valid
+ ;;
+ filter)
+ config_get IPSEC_UPDOWN_RULE_IN $cfg rule_in
+ config_get IPSEC_UPDOWN_DEST_IN $cfg dest_in
+ config_get IPSEC_UPDOWN_RULE_OUT $cfg rule_out
+ config_get IPSEC_UPDOWN_DEST_OUT $cfg dest_out
+ ;;
+ forward)
+ config_get IPSEC_UPDOWN_FWD_RULE_IN $cfg rule_in
+ config_get IPSEC_UPDOWN_FWD_DEST_IN $cfg dest_in
+ config_get IPSEC_UPDOWN_FWD_RULE_OUT $cfg rule_out
+ config_get IPSEC_UPDOWN_FWD_DEST_OUT $cfg dest_out
+ ;;
+ *)
+ ;;
+ esac
+}
+
+config_load ipsec
+
+export IPSEC_RESET_BUTTON
+export IPSEC_STATUS_LED_START
+export IPSEC_STATUS_LED_VALID
+
+export IPSEC_UPDOWN_RULE_IN
+export IPSEC_UPDOWN_DEST_IN
+export IPSEC_UPDOWN_RULE_OUT
+export IPSEC_UPDOWN_DEST_OUT
+
+export IPSEC_UPDOWN_FWD_RULE_IN
+export IPSEC_UPDOWN_FWD_DEST_IN
+export IPSEC_UPDOWN_FWD_RULE_OUT
+export IPSEC_UPDOWN_FWD_DEST_OUT
+
+
+start() {
+
+ [ -f /etc/ipsec.conf ] || exit
+ [ -e /var/run/starter.pid ] && exit
+
+ /usr/sbin/ipsec _showstatus start
+
+ # stuff the dnsmasq cache in case dns is on our own subnet
+ for peer in `grep left= /etc/ipsec.conf | \
+ cut -f 1 -d% | cut -f 2 -d=` ; do
+ ping -c 1 $peer > /dev/null 2>&1
+ done
+
+ /usr/sbin/ipsec start || exit
+
+ # work around broken routing behavior:
+ # a route to the local wan segment will appear
+ # the need was removed in the patched _updown script
+
+ while ! route -n | grep -q ipsec ; do sleep 1 ; done
+
+ defint=`route -n | awk '/^0.0.0.0/{print $8}'`
+ defnet=`route -n | grep $defint | awk '!/^0.0.0.0/{print $1}'`
+ dnmask=`route -n | grep $defint | awk '!/^0.0.0.0/{print $3}'`
+ tundev=`route -n | grep $defnet | awk '/ipsec/{print $8}'`
+
+ route del -net $defnet netmask $dnmask dev $tundev
+}
+
+
+stop() {
+
+ /usr/sbin/ipsec stop 2> /dev/null
+
+ # wait until the shutdown actually happens
+ while [ -e /var/run/starter.pid ] ; do
+ if [ -d /proc/`cat /var/run/starter.pid` ] ; then
+ sleep 1
+ else
+ rm /var/run/starter.pid
+ fi
+ done
+
+ # kill any lingering processes
+ while ps auxww | grep -q ipsec | grep -v init.d; do
+ kill `ps auxww | grep -v init.d | awk '/\/ipsec\//{print $1}'` 2> /dev/null
+ sleep 1
+ done
+
+ ipsec _showstatus stop
+}
+