Browse Source

strongswan: remove checks for UCI config

In commit 36e073d820, some checks were
added to see if the UCI config file exists and if there are any peers
configured in it. Due to these checks, if /etc/config/ipsec exists, but
contains no enabled peers, strongswan will not be started. This is not
ideal, as a user might want to experiment with the UCI config while
keeping existing connections in /etc/ipsec.conf operational.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
lilik-openwrt-22.03
Stijn Tintel 7 years ago
parent
commit
44ef6048e2
1 changed files with 8 additions and 16 deletions
  1. +8
    -16
      net/strongswan/files/ipsec.init

+ 8
- 16
net/strongswan/files/ipsec.init View File

@ -5,8 +5,6 @@ STOP=10
. $IPKG_INSTROOT/lib/functions.sh
UCI_IPSEC_CONFIG=/etc/config/ipsec
IPSEC_SECRETS_FILE=/etc/ipsec.secrets
IPSEC_CONN_FILE=/etc/ipsec.conf
STRONGSWAN_CONF_FILE=/etc/strongswan.conf
@ -15,8 +13,6 @@ IPSEC_VAR_SECRETS_FILE=/var/ipsec/ipsec.secrets
IPSEC_VAR_CONN_FILE=/var/ipsec/ipsec.conf
STRONGSWAN_VAR_CONF_FILE=/var/ipsec/strongswan.conf
ENABLED_REMOTE_PEERS=0
file_reset() {
: > "$1"
}
@ -227,8 +223,6 @@ config_remote() {
config_get_bool enabled "$1" enabled 0
[ "$enabled" = "0" ] && return
ENABLED_REMOTE_PEERS=$((ENABLED_REMOTE_PEERS + 1))
config_get gateway "$1" gateway
config_get pre_shared_key "$1" pre_shared_key
config_get auth_method "$1" authentication_method
@ -323,7 +317,7 @@ prepare_env() {
start() {
prepare_env
[ $ENABLED_REMOTE_PEERS != 0 -o ! -f $UCI_IPSEC_CONFIG ] && ipsec start
ipsec start
}
stop() {
@ -332,17 +326,15 @@ stop() {
restart() {
prepare_env
[ $ENABLED_REMOTE_PEERS != 0 -o ! -f $UCI_IPSEC_CONFIG ] && ipsec restart || ipsec stop
ipsec restart
}
reload() {
prepare_env
[ $ENABLED_REMOTE_PEERS != 0 -o ! -f $UCI_IPSEC_CONFIG ] && {
ipsec secrets
if [[ ! -z "$(ipsec status)" ]]; then
ipsec reload
else
ipsec start
fi
} || ipsec stop
ipsec secrets
if [[ ! -z "$(ipsec status)" ]]; then
ipsec reload
else
ipsec start
fi
}

Loading…
Cancel
Save