PROG=/usr/lib/ipsec/starter
. $IPKG_INSTROOT/lib/functions.sh
+. $IPKG_INSTROOT/lib/functions/network.sh
IPSEC_SECRETS_FILE=/etc/ipsec.secrets
IPSEC_CONN_FILE=/etc/ipsec.conf
IPSEC_VAR_CONN_FILE=/var/ipsec/ipsec.conf
STRONGSWAN_VAR_CONF_FILE=/var/ipsec/strongswan.conf
+WAIT_FOR_INTF=0
+
file_reset() {
: > "$1"
}
[ -n "$routing_table_id" ] && append routing_tables_ignored "$routing_table_id"
done
+ local interface_list=$(config_get "$1" "interface")
+ if [ -z "$interface_list" ]; then
+ WAIT_FOR_INTF=0
+ else
+ for interface in $interface_list; do
+ network_get_device device $interface
+ [ -n "$device" ] && append device_list "$device" ","
+ done
+ [ -n "$device_list" ] && WAIT_FOR_INTF=0 || WAIT_FOR_INTF=1
+ fi
+
swan_xappend "# generated by /etc/init.d/ipsec"
swan_xappend "charon {"
swan_xappend " load_modular = yes"
swan_xappend " install_routes = $install_routes"
[ -n "$routing_tables_ignored" ] && swan_xappend " ignore_routing_tables = $routing_tables_ignored"
+ [ -n "$device_list" ] && swan_xappend " interfaces_use = $device_list"
swan_xappend " plugins {"
swan_xappend " include /etc/strongswan.d/charon/*.conf"
swan_xappend " }"
reload_service() {
running && {
prepare_env
- ipsec rereadall
- ipsec reload
- return
+ [ $WAIT_FOR_INTF -eq 0 ] && {
+ ipsec rereadall
+ ipsec reload
+ return
+ }
}
start
}
+check_ipsec_interface() {
+ local intf
+
+ for intf in $(config_get "$1" interface); do
+ procd_add_interface_trigger "interface.*" "$intf" /etc/init.d/ipsec reload
+ done
+}
+
service_triggers() {
procd_add_reload_trigger "ipsec"
+ config load "ipsec"
+ config_foreach check_ipsec_interface ipsec
}
start_service() {
prepare_env
+ [ $WAIT_FOR_INTF -eq 1 ] && return
+
procd_open_instance
procd_set_param command $PROG --daemon charon --nofork