|
|
@ -7,6 +7,7 @@ USE_PROCD=1 |
|
|
|
PROG=/usr/lib/ipsec/starter |
|
|
|
|
|
|
|
. $IPKG_INSTROOT/lib/functions.sh |
|
|
|
. $IPKG_INSTROOT/lib/functions/network.sh |
|
|
|
|
|
|
|
IPSEC_SECRETS_FILE=/etc/ipsec.secrets |
|
|
|
IPSEC_CONN_FILE=/etc/ipsec.conf |
|
|
@ -16,6 +17,8 @@ IPSEC_VAR_SECRETS_FILE=/var/ipsec/ipsec.secrets |
|
|
|
IPSEC_VAR_CONN_FILE=/var/ipsec/ipsec.conf |
|
|
|
STRONGSWAN_VAR_CONF_FILE=/var/ipsec/strongswan.conf |
|
|
|
|
|
|
|
WAIT_FOR_INTF=0 |
|
|
|
|
|
|
|
file_reset() { |
|
|
|
: > "$1" |
|
|
|
} |
|
|
@ -290,11 +293,23 @@ config_ipsec() { |
|
|
|
[ -n "$routing_table_id" ] && append routing_tables_ignored "$routing_table_id" |
|
|
|
done |
|
|
|
|
|
|
|
local interface_list=$(config_get "$1" "interface") |
|
|
|
if [ -z "$interface_list" ]; then |
|
|
|
WAIT_FOR_INTF=0 |
|
|
|
else |
|
|
|
for interface in $interface_list; do |
|
|
|
network_get_device device $interface |
|
|
|
[ -n "$device" ] && append device_list "$device" "," |
|
|
|
done |
|
|
|
[ -n "$device_list" ] && WAIT_FOR_INTF=0 || WAIT_FOR_INTF=1 |
|
|
|
fi |
|
|
|
|
|
|
|
swan_xappend "# generated by /etc/init.d/ipsec" |
|
|
|
swan_xappend "charon {" |
|
|
|
swan_xappend " load_modular = yes" |
|
|
|
swan_xappend " install_routes = $install_routes" |
|
|
|
[ -n "$routing_tables_ignored" ] && swan_xappend " ignore_routing_tables = $routing_tables_ignored" |
|
|
|
[ -n "$device_list" ] && swan_xappend " interfaces_use = $device_list" |
|
|
|
swan_xappend " plugins {" |
|
|
|
swan_xappend " include /etc/strongswan.d/charon/*.conf" |
|
|
|
swan_xappend " }" |
|
|
@ -318,23 +333,42 @@ prepare_env() { |
|
|
|
config_foreach config_remote remote |
|
|
|
} |
|
|
|
|
|
|
|
service_running() { |
|
|
|
ipsec status > /dev/null 2>&1 |
|
|
|
} |
|
|
|
|
|
|
|
reload_service() { |
|
|
|
prepare_env |
|
|
|
if ipsec status > /dev/null 2>&1; then |
|
|
|
ipsec rereadall |
|
|
|
ipsec reload |
|
|
|
else |
|
|
|
ipsec start |
|
|
|
fi |
|
|
|
running && { |
|
|
|
prepare_env |
|
|
|
[ $WAIT_FOR_INTF -eq 0 ] && { |
|
|
|
ipsec rereadall |
|
|
|
ipsec reload |
|
|
|
return |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
start |
|
|
|
} |
|
|
|
|
|
|
|
check_ipsec_interface() { |
|
|
|
local intf |
|
|
|
|
|
|
|
for intf in $(config_get "$1" interface); do |
|
|
|
procd_add_interface_trigger "interface.*" "$intf" /etc/init.d/ipsec reload |
|
|
|
done |
|
|
|
} |
|
|
|
|
|
|
|
service_triggers() { |
|
|
|
procd_add_reload_trigger "ipsec" |
|
|
|
config load "ipsec" |
|
|
|
config_foreach check_ipsec_interface ipsec |
|
|
|
} |
|
|
|
|
|
|
|
start_service() { |
|
|
|
prepare_env |
|
|
|
|
|
|
|
[ $WAIT_FOR_INTF -eq 1 ] && return |
|
|
|
|
|
|
|
procd_open_instance |
|
|
|
|
|
|
|
procd_set_param command $PROG --daemon charon --nofork |
|
|
|