LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
15981 Commits
1 Branch
46 MiB
Tree: ff216608a0
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ff216608a0'
${ noResults }
openwrt-packages-dist/net/libreswan/files/ipsec.init

207 lines
4.4 KiB
Raw Normal View History

libreswan: add package Libreswan is a free software implementation of the most widely supported and standardized VPN protocol based on ("IPsec") and the Internet Key Exchange ("IKE"). These standards are produced and maintained by the Internet Engineering Task Force ("IETF"). Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
5 years ago
 
  1. #!/bin/sh /etc/rc.common
  2. 

  3. START=90
  4. STOP=10
  5. 

  6. #USE_PROCD=1
  7. 

  8. . $IPKG_INSTROOT/lib/functions.sh
  9. 

  10. EXTRA_COMMANDS=status
  11. EXTRA_HELP="	status	Show the status of the service"
  12. 

  13. # Check that networking is up.
  14. [ "${NETWORKING}" = "no" ] && exit 6
  15. 

  16. if [ $(id -u) -ne 0 ]; then
  17.     echo "permission denied (must be superuser)" | \
  18. 	logger -s -p daemon.error -t ipsec_setup 2>&1
  19.     exit 4
  20. fi
  21. 

  22. # where the private directory and the config files are
  23. IPSEC_EXECDIR="${IPSEC_EXECDIR-/usr/libexec/ipsec}"
  24. IPSEC_SBINDIR="${IPSEC_SBINDIR-/usr/sbin}"
  25. IPSEC_CONF="${IPSEC_CONF-/etc/ipsec.conf}"
  26. unset PLUTO_OPTIONS
  27. 

  28. rundir=/var/run/pluto
  29. plutopid=${rundir}/pluto.pid
  30. plutoctl=${rundir}/pluto.ctl
  31. lockdir=/var/lock
  32. lockfile=${lockdir}/ipsec
  33. ipsecversion=/proc/net/ipsec_version
  34. kamepfkey=/proc/net/pfkey
  35. 

  36. # /etc/resolv.conf related paths
  37. LIBRESWAN_RESOLV_CONF=${rundir}/libreswan-resolv-conf-backup
  38. ORIG_RESOLV_CONF=/etc/resolv.conf
  39. 

  40. # misc setup
  41. umask 022
  42. 

  43. # standardize PATH, and export it for everything else's benefit
  44. PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
  45. export PATH
  46. 

  47. mkdir -p ${rundir}
  48. chmod 700 ${rundir}
  49. 

  50. verify_config() {
  51. 	[ -f ${IPSEC_CONF} ] || exit 6
  52. 	config_error=$(ipsec addconn --config ${IPSEC_CONF} --checkconfig 2>&1)
  53. 	RETVAL=$?
  54. 	if [ ${RETVAL} -gt 0 ]; then
  55. 		echo "Configuration error - the following error occurred:"
  56. 		echo ${config_error}
  57. 		echo "IKE daemon status was not modified"
  58. 		exit ${RETVAL}
  59. 	fi
  60. }
  61. 

  62. start() {
  63. 	echo -n "Starting pluto IKE daemon for IPsec: "
  64. 	ipsec _stackmanager start
  65. 	# pluto searches the current directory, so this is required for making it selinux compliant
  66. 	cd /
  67. 	# Create nss db or convert from old format to new sql format
  68. 	ipsec --checknss
  69. 	# Enable nflog if configured
  70. 	ipsec --checknflog > /dev/null
  71. 	# This script will enter an endless loop to ensure pluto restarts on crash
  72. 	ipsec _plutorun --config ${IPSEC_CONF} --nofork ${PLUTO_OPTIONS} & [ -d ${lockdir} ] || mkdir -p ${lockdir}
  73. 	touch ${lockfile}
  74. 	# Because _plutorun starts pluto at background we need to make sure pluto is started
  75. 	# before we know if start was successful or not
  76. 	for waitsec in 1 2 3 4 5; do
  77. 	    if status >/dev/null; then
  78. 		RETVAL=0
  79. 		break
  80. 		else
  81. 		echo -n "."
  82. 		sleep 1
  83. 		RETVAL=1
  84. 	    fi
  85. 	done
  86. 	if [ ${RETVAL} -ge 1 ]; then
  87. 	    rm -f ${lockfile}
  88. 	fi
  89. 	echo
  90. 	return ${RETVAL}
  91. }
  92. 

  93. stop() {
  94.     if [ -e ${plutoctl} ]; then
  95. 	echo "Shutting down pluto IKE daemon"
  96. 	ipsec whack --shutdown 2>/dev/null
  97. 	# don't use seq, might not exist on embedded
  98. 	for waitsec in 1 2 3 4 5 6 7 8 9 10; do
  99. 	    if [ -s ${plutopid} ]; then
  100. 		echo -n "."
  101. 		sleep 1
  102. 	    else
  103. 		break
  104. 	    fi
  105. 	done
  106. 	echo
  107. 	rm -f ${plutoctl} # we won't be using this anymore
  108.     fi
  109.     if [ -s ${plutopid} ]; then
  110. 	# pluto did not die peacefully
  111. 	pid=$(cat ${plutopid})
  112. 	if [ -d /proc/${pid} ]; then
  113. 	    kill -TERM ${pid}
  114. 	    RETVAL=$?
  115. 	    sleep 5;
  116. 	    if [ -d /proc/${pid} ]; then
  117. 		kill -KILL ${pid}
  118. 		RETVAL=$?
  119. 	    fi
  120. 	    if [ ${RETVAL} -ne 0 ]; then
  121. 		echo "Kill failed - removing orphaned ${plutopid}"
  122. 	    fi
  123. 	else
  124. 	    echo "Removing orphaned ${plutopid}"
  125. 	fi
  126. 	rm -f ${plutopid}
  127.     fi
  128. 

  129.     ipsec _stackmanager stop
  130.     ipsec --stopnflog > /dev/null
  131. 

  132.     # cleaning up backup resolv.conf
  133.     if [ -e ${LIBRESWAN_RESOLV_CONF} ]; then
  134. 	if grep 'Libreswan' ${ORIG_RESOLV_CONF} > /dev/null 2>&1; then
  135. 	    cp ${LIBRESWAN_RESOLV_CONF} ${ORIG_RESOLV_CONF}
  136. 	fi
  137. 	rm -f  ${LIBRESWAN_RESOLV_CONF}
  138.     fi
  139. 

  140.     rm -f ${lockfile}
  141.     return ${RETVAL}
  142. }
  143. 

  144. restart() {
  145.     verify_config
  146.     stop
  147.     start
  148.     return $?
  149. }
  150. 

  151. status() {
  152.     local RC
  153.     if [ -f ${plutopid} ]; then
  154. 	if [ -r ${plutopid} ]; then
  155. 	    pid=$(cat ${plutopid})
  156. 	    if [ -n "$pid" -a -d /proc/${pid} ]; then
  157. 		RC=0    # running
  158. 	    else
  159. 		RC=1    # not running but pid exists
  160. 	    fi
  161. 	else
  162. 	    RC=4        # insufficient privileges
  163. 	fi
  164.     fi
  165.     if [ -z "${RC}" ]; then
  166. 	if [ -f ${lockfile} ]; then
  167. 	    RC=2
  168. 	else
  169. 	    RC=3
  170. 	fi
  171.     fi
  172.     case "${RC}" in
  173. 	0)
  174. 	    echo "ipsec: pluto (pid ${pid}) is running..."
  175. 	    return 0
  176. 	    ;;
  177. 	1)
  178. 	    echo "ipsec: pluto dead but pid file exits"
  179. 	    return 1
  180. 	    ;;
  181. 	2)
  182. 	    echo "ipsec: pluto dead but subsys locked"
  183. 	    return 2
  184. 	    ;;
  185. 	4)
  186. 	    echo "ipsec: pluto status unknown due to insufficient privileges."
  187. 	    return 4
  188. 	    ;;
  189.     esac
  190.     echo "ipsec: pluto is stopped"
  191.     return 3
  192. }
  193. 

  194. condrestart() {
  195.     verify_config
  196.     RETVAL=$?
  197.     if [ -f ${lockfile} ]; then
  198. 	restart
  199. 	RETVAL=$?
  200.     fi
  201.     return ${RETVAL}
  202. }
  203. 

  204. version() {
  205.     ipsec version
  206.     return $?
  207. }