|
|
@ -27,58 +27,31 @@ xappend() { |
|
|
|
local file="$1" |
|
|
|
shift |
|
|
|
|
|
|
|
echo "${@}" >> "${file}" |
|
|
|
} |
|
|
|
|
|
|
|
remove_include() { |
|
|
|
local file="$1" |
|
|
|
local include="$2" |
|
|
|
|
|
|
|
sed -i "\_${include}_d" "${file}" |
|
|
|
} |
|
|
|
|
|
|
|
remove_includes() { |
|
|
|
remove_include "${IPSEC_CONN_FILE}" "${IPSEC_VAR_CONN_FILE}" |
|
|
|
remove_include "${IPSEC_SECRETS_FILE}" "${IPSEC_VAR_SECRETS_FILE}" |
|
|
|
remove_include "${STRONGSWAN_CONF_FILE}" "${STRONGSWAN_VAR_CONF_FILE}" |
|
|
|
} |
|
|
|
|
|
|
|
do_include() { |
|
|
|
local conf="$1" |
|
|
|
local uciconf="$2" |
|
|
|
local backup=`mktemp -t -p /tmp/ ipsec-init-XXXXXX` |
|
|
|
|
|
|
|
[ ! -f "${conf}" ] && rm -rf "${conf}" |
|
|
|
touch "${conf}" |
|
|
|
|
|
|
|
cat "${conf}" | grep -v "${uciconf}" > "${backup}" |
|
|
|
mv "${backup}" "${conf}" |
|
|
|
xappend "${conf}" "include ${uciconf}" |
|
|
|
file_reset "${uciconf}" |
|
|
|
echo "$@" >> "$file" |
|
|
|
} |
|
|
|
|
|
|
|
ipsec_reset() { |
|
|
|
do_include "${IPSEC_CONN_FILE}" "${IPSEC_VAR_CONN_FILE}" |
|
|
|
file_reset "$IPSEC_VAR_CONN_FILE" |
|
|
|
} |
|
|
|
|
|
|
|
ipsec_xappend() { |
|
|
|
xappend "${IPSEC_VAR_CONN_FILE}" "$@" |
|
|
|
xappend "$IPSEC_VAR_CONN_FILE" "$@" |
|
|
|
} |
|
|
|
|
|
|
|
swan_reset() { |
|
|
|
do_include "${STRONGSWAN_CONF_FILE}" "${STRONGSWAN_VAR_CONF_FILE}" |
|
|
|
file_reset "$STRONGSWAN_VAR_CONF_FILE" |
|
|
|
} |
|
|
|
|
|
|
|
swan_xappend() { |
|
|
|
xappend "${STRONGSWAN_VAR_CONF_FILE}" "$@" |
|
|
|
xappend "$STRONGSWAN_VAR_CONF_FILE" "$@" |
|
|
|
} |
|
|
|
|
|
|
|
secret_reset() { |
|
|
|
do_include "${IPSEC_SECRETS_FILE}" "${IPSEC_VAR_SECRETS_FILE}" |
|
|
|
file_reset "$IPSEC_VAR_SECRETS_FILE" |
|
|
|
} |
|
|
|
|
|
|
|
secret_xappend() { |
|
|
|
xappend "${IPSEC_VAR_SECRETS_FILE}" "$@" |
|
|
|
xappend "$IPSEC_VAR_SECRETS_FILE" "$@" |
|
|
|
} |
|
|
|
|
|
|
|
warning() { |
|
|
@ -204,7 +177,7 @@ config_conn() { |
|
|
|
[ -n "$remote_identifier" ] && ipsec_xappend " rightid=$remote_identifier" |
|
|
|
[ -n "$local_updown" ] && ipsec_xappend " leftupdown=$local_updown" |
|
|
|
[ -n "$remote_updown" ] && ipsec_xappend " rightupdown=$remote_updown" |
|
|
|
[ -n "$packet_marker" ] && ipsec_xappend " mark=$packet_marker" |
|
|
|
[ -n "$packet_marker" ] && ipsec_xappend " mark=$packet_marker" |
|
|
|
ipsec_xappend " keyexchange=$keyexchange" |
|
|
|
|
|
|
|
set_crypto_proposal "$1" |
|
|
@ -267,6 +240,14 @@ config_remote() { |
|
|
|
ipsec_xappend "" |
|
|
|
} |
|
|
|
|
|
|
|
do_preamble() { |
|
|
|
ipsec_xappend "# generated by /etc/init.d/ipsec" |
|
|
|
ipsec_xappend "version 2" |
|
|
|
ipsec_xappend "" |
|
|
|
|
|
|
|
secret_xappend "# generated by /etc/init.d/ipsec" |
|
|
|
} |
|
|
|
|
|
|
|
config_ipsec() { |
|
|
|
local debug |
|
|
|
local rtinstall_enabled |
|
|
@ -280,11 +261,7 @@ config_ipsec() { |
|
|
|
secret_reset |
|
|
|
swan_reset |
|
|
|
|
|
|
|
ipsec_xappend "# generated by /etc/init.d/ipsec" |
|
|
|
ipsec_xappend "version 2" |
|
|
|
ipsec_xappend "" |
|
|
|
|
|
|
|
secret_xappend "# generated by /etc/init.d/ipsec" |
|
|
|
do_preamble |
|
|
|
|
|
|
|
config_get debug "$1" debug 0 |
|
|
|
config_get_bool rtinstall_enabled "$1" rtinstall_enabled 1 |
|
|
@ -332,7 +309,6 @@ config_ipsec() { |
|
|
|
|
|
|
|
prepare_env() { |
|
|
|
mkdir -p /var/ipsec |
|
|
|
remove_includes |
|
|
|
config_load ipsec |
|
|
|
config_foreach config_ipsec ipsec |
|
|
|
config_foreach config_remote remote |
|
|
|