Browse Source

Merge pull request #5272 from dedeckeh/pr-strongswan-1

Fix ipsec reload and extend uci
lilik-openwrt-22.03
Stijn Tintel 7 years ago
committed by GitHub
parent
commit
8941bd7869
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 42 additions and 8 deletions
  1. +1
    -1
      net/strongswan/Makefile
  2. +41
    -7
      net/strongswan/files/ipsec.init

+ 1
- 1
net/strongswan/Makefile View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=strongswan
PKG_VERSION:=5.6.1
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_HASH:=e0c282d8ad418609c5dfb5e8efa01b28b95ef3678070ed47bf2a229f55f4ab53


+ 41
- 7
net/strongswan/files/ipsec.init View File

@ -7,6 +7,7 @@ USE_PROCD=1
PROG=/usr/lib/ipsec/starter
. $IPKG_INSTROOT/lib/functions.sh
. $IPKG_INSTROOT/lib/functions/network.sh
IPSEC_SECRETS_FILE=/etc/ipsec.secrets
IPSEC_CONN_FILE=/etc/ipsec.conf
@ -16,6 +17,8 @@ IPSEC_VAR_SECRETS_FILE=/var/ipsec/ipsec.secrets
IPSEC_VAR_CONN_FILE=/var/ipsec/ipsec.conf
STRONGSWAN_VAR_CONF_FILE=/var/ipsec/strongswan.conf
WAIT_FOR_INTF=0
file_reset() {
: > "$1"
}
@ -290,11 +293,23 @@ config_ipsec() {
[ -n "$routing_table_id" ] && append routing_tables_ignored "$routing_table_id"
done
local interface_list=$(config_get "$1" "interface")
if [ -z "$interface_list" ]; then
WAIT_FOR_INTF=0
else
for interface in $interface_list; do
network_get_device device $interface
[ -n "$device" ] && append device_list "$device" ","
done
[ -n "$device_list" ] && WAIT_FOR_INTF=0 || WAIT_FOR_INTF=1
fi
swan_xappend "# generated by /etc/init.d/ipsec"
swan_xappend "charon {"
swan_xappend " load_modular = yes"
swan_xappend " install_routes = $install_routes"
[ -n "$routing_tables_ignored" ] && swan_xappend " ignore_routing_tables = $routing_tables_ignored"
[ -n "$device_list" ] && swan_xappend " interfaces_use = $device_list"
swan_xappend " plugins {"
swan_xappend " include /etc/strongswan.d/charon/*.conf"
swan_xappend " }"
@ -318,23 +333,42 @@ prepare_env() {
config_foreach config_remote remote
}
service_running() {
ipsec status > /dev/null 2>&1
}
reload_service() {
prepare_env
if ipsec status > /dev/null 2>&1; then
ipsec rereadall
ipsec reload
else
ipsec start
fi
running && {
prepare_env
[ $WAIT_FOR_INTF -eq 0 ] && {
ipsec rereadall
ipsec reload
return
}
}
start
}
check_ipsec_interface() {
local intf
for intf in $(config_get "$1" interface); do
procd_add_interface_trigger "interface.*" "$intf" /etc/init.d/ipsec reload
done
}
service_triggers() {
procd_add_reload_trigger "ipsec"
config load "ipsec"
config_foreach check_ipsec_interface ipsec
}
start_service() {
prepare_env
[ $WAIT_FOR_INTF -eq 1 ] && return
procd_open_instance
procd_set_param command $PROG --daemon charon --nofork


Loading…
Cancel
Save