|
1
|
#!/bin/sh
|
|
2
|
# Start or stop strongswan with vici
|
|
3
|
# Based on rc script from FreeBSD ports
|
|
4
|
|
|
5
|
. /etc/rc.subr
|
|
6
|
|
|
7
|
name=strongswan
|
|
8
|
desc="Strongswan IPsec startup script"
|
|
9
|
rcvar=strongswan_enable
|
|
10
|
|
|
11
|
load_rc_config $name
|
|
12
|
|
|
13
|
: ${strongswan_enable:=YES}
|
|
14
|
: ${strongswan_interface:="vici"}
|
|
15
|
|
|
16
|
extra_commands="reload statusall"
|
|
17
|
|
|
18
|
charon_command=/usr/local/libexec/ipsec/charon
|
|
19
|
charon_pidfile=/var/run/charon.pid
|
|
20
|
swanctl_command=/usr/local/sbin/swanctl
|
|
21
|
|
|
22
|
# "vici"
|
|
23
|
SWANCTL_DIR=/var/etc/ipsec/
|
|
24
|
export SWANCTL_DIR
|
|
25
|
command=/usr/sbin/daemon
|
|
26
|
pidfile=/var/run/daemon-charon.pid
|
|
27
|
command_args="-S -P ${pidfile} ${charon_command} --use-syslog"
|
|
28
|
|
|
29
|
required_files=${charon_command}
|
|
30
|
extra_commands="reload statusall"
|
|
31
|
|
|
32
|
start_postcmd=${name}_swanctl_poststart
|
|
33
|
status_cmd="${swanctl_command} --stats"
|
|
34
|
reload_cmd=${name}_swanctl_reload
|
|
35
|
statusall_cmd=${name}_swanctl_statusall
|
|
36
|
|
|
37
|
strongswan_swanctl_poststart()
|
|
38
|
{
|
|
39
|
local _waitmax=5
|
|
40
|
|
|
41
|
# Need to wait for charon to finish startup,
|
|
42
|
# else vici socket is unreadable
|
|
43
|
while [ ! -f ${charon_pidfile} ] && [ ${_waitmax} -gt 0 ]; do
|
|
44
|
sleep 1
|
|
45
|
_waitmax=$((_waitmax - 1))
|
|
46
|
done
|
|
47
|
|
|
48
|
${swanctl_command} --load-all --noprompt
|
|
49
|
}
|
|
50
|
|
|
51
|
strongswan_swanctl_reload()
|
|
52
|
{
|
|
53
|
${swanctl_command} --reload-settings
|
|
54
|
${swanctl_command} --load-all --noprompt
|
|
55
|
}
|
|
56
|
|
|
57
|
strongswan_swanctl_statusall()
|
|
58
|
{
|
|
59
|
${swanctl_command} --stats
|
|
60
|
${swanctl_command} --list-conns
|
|
61
|
${swanctl_command} --list-sas
|
|
62
|
}
|
|
63
|
|
|
64
|
run_rc_command "$1"
|