START=90
STOP=10
-. $IPKG_INSTROOT/lib/functions.sh
+USE_PROCD=1
+PROG=/usr/lib/ipsec/starter
-UCI_IPSEC_CONFIG=/etc/config/ipsec
+. $IPKG_INSTROOT/lib/functions.sh
IPSEC_SECRETS_FILE=/etc/ipsec.secrets
IPSEC_CONN_FILE=/etc/ipsec.conf
IPSEC_VAR_CONN_FILE=/var/ipsec/ipsec.conf
STRONGSWAN_VAR_CONF_FILE=/var/ipsec/strongswan.conf
-ENABLED_REMOTE_PEERS=0
-
file_reset() {
: > "$1"
}
config_get_bool enabled "$1" enabled 0
[ "$enabled" = "0" ] && return
- ENABLED_REMOTE_PEERS=$((ENABLED_REMOTE_PEERS + 1))
-
config_get gateway "$1" gateway
config_get pre_shared_key "$1" pre_shared_key
config_get auth_method "$1" authentication_method
config_foreach config_remote remote
}
-start() {
+reload_service() {
prepare_env
- [ $ENABLED_REMOTE_PEERS != 0 -o ! -f $UCI_IPSEC_CONFIG ] && ipsec start
+ if ipsec status > /dev/null 2>&1; then
+ ipsec rereadall
+ ipsec reload
+ else
+ ipsec start
+ fi
}
-stop() {
- ipsec stop
+service_triggers() {
+ procd_add_reload_trigger "ipsec"
}
-restart() {
+start_service() {
prepare_env
- [ $ENABLED_REMOTE_PEERS != 0 -o ! -f $UCI_IPSEC_CONFIG ] && ipsec restart || ipsec stop
-}
-reload() {
- prepare_env
- [ $ENABLED_REMOTE_PEERS != 0 -o ! -f $UCI_IPSEC_CONFIG ] && {
- ipsec secrets
- if [[ ! -z "$(ipsec status)" ]]; then
- ipsec reload
- else
- ipsec start
- fi
- } || ipsec stop
+ procd_open_instance
+
+ procd_set_param command $PROG --daemon charon --nofork
+
+ procd_set_param file $IPSEC_CONN_FILE
+ procd_append_param file $IPSEC_SECRETS_FILE
+ procd_append_param file $STRONGSWAN_CONF_FILE
+ procd_append_param file /etc/strongswan.d/*.conf
+ procd_append_param file /etc/strongswan.d/charon/*.conf
+
+ procd_set_param respawn
+
+ procd_close_instance
}