Add strongswan (#1330)
[openwrt/openwrt.git] / package / strongswan / files / ipsec.init
1 #!/bin/sh /etc/rc.common
2
3 START=65
4
5 config_cb() {
6 local cfg="$CONFIG_SECTION"
7 local cfgt
8 config_get cfgt "$cfg" TYPE
9
10 case "$cfgt" in
11 device)
12 config_get IPSEC_RESET_BUTTON $cfg reset_button
13 config_get IPSEC_STATUS_LED_START $cfg status_start
14 config_get IPSEC_STATUS_LED_VALID $cfg status_valid
15 ;;
16 filter)
17 config_get IPSEC_UPDOWN_RULE_IN $cfg rule_in
18 config_get IPSEC_UPDOWN_DEST_IN $cfg dest_in
19 config_get IPSEC_UPDOWN_RULE_OUT $cfg rule_out
20 config_get IPSEC_UPDOWN_DEST_OUT $cfg dest_out
21 ;;
22 forward)
23 config_get IPSEC_UPDOWN_FWD_RULE_IN $cfg rule_in
24 config_get IPSEC_UPDOWN_FWD_DEST_IN $cfg dest_in
25 config_get IPSEC_UPDOWN_FWD_RULE_OUT $cfg rule_out
26 config_get IPSEC_UPDOWN_FWD_DEST_OUT $cfg dest_out
27 ;;
28 *)
29 ;;
30 esac
31 }
32
33 config_load ipsec
34
35 export IPSEC_RESET_BUTTON
36 export IPSEC_STATUS_LED_START
37 export IPSEC_STATUS_LED_VALID
38
39 export IPSEC_UPDOWN_RULE_IN
40 export IPSEC_UPDOWN_DEST_IN
41 export IPSEC_UPDOWN_RULE_OUT
42 export IPSEC_UPDOWN_DEST_OUT
43
44 export IPSEC_UPDOWN_FWD_RULE_IN
45 export IPSEC_UPDOWN_FWD_DEST_IN
46 export IPSEC_UPDOWN_FWD_RULE_OUT
47 export IPSEC_UPDOWN_FWD_DEST_OUT
48
49
50 start() {
51
52 [ -f /etc/ipsec.conf ] || exit
53 [ -e /var/run/starter.pid ] && exit
54
55 /usr/sbin/ipsec _showstatus start
56
57 # stuff the dnsmasq cache in case dns is on our own subnet
58 for peer in `grep left= /etc/ipsec.conf | \
59 cut -f 1 -d% | cut -f 2 -d=` ; do
60 ping -c 1 $peer > /dev/null 2>&1
61 done
62
63 /usr/sbin/ipsec start || exit
64
65 # work around broken routing behavior:
66 # a route to the local wan segment will appear
67 # the need was removed in the patched _updown script
68
69 while ! route -n | grep -q ipsec ; do sleep 1 ; done
70
71 defint=`route -n | awk '/^0.0.0.0/{print $8}'`
72 defnet=`route -n | grep $defint | awk '!/^0.0.0.0/{print $1}'`
73 dnmask=`route -n | grep $defint | awk '!/^0.0.0.0/{print $3}'`
74 tundev=`route -n | grep $defnet | awk '/ipsec/{print $8}'`
75
76 route del -net $defnet netmask $dnmask dev $tundev
77 }
78
79
80 stop() {
81
82 /usr/sbin/ipsec stop 2> /dev/null
83
84 # wait until the shutdown actually happens
85 while [ -e /var/run/starter.pid ] ; do
86 if [ -d /proc/`cat /var/run/starter.pid` ] ; then
87 sleep 1
88 else
89 rm /var/run/starter.pid
90 fi
91 done
92
93 # kill any lingering processes
94 while ps auxww | grep -q ipsec | grep -v init.d; do
95 kill `ps auxww | grep -v init.d | awk '/\/ipsec\//{print $1}'` 2> /dev/null
96 sleep 1
97 done
98
99 ipsec _showstatus stop
100 }
101