Add strongswan (#1330)
[openwrt.git] / package / strongswan / files / ipsec.init
1 #!/bin/sh /etc/rc.common
2
3 START=65
4
5 config_cb() {
6         local cfg="$CONFIG_SECTION"
7         local cfgt
8         config_get cfgt "$cfg" TYPE
9
10         case "$cfgt" in
11                 device)
12                         config_get IPSEC_RESET_BUTTON           $cfg reset_button
13                         config_get IPSEC_STATUS_LED_START       $cfg status_start
14                         config_get IPSEC_STATUS_LED_VALID       $cfg status_valid
15                         ;;
16                 filter)
17                         config_get IPSEC_UPDOWN_RULE_IN         $cfg rule_in
18                         config_get IPSEC_UPDOWN_DEST_IN         $cfg dest_in
19                         config_get IPSEC_UPDOWN_RULE_OUT        $cfg rule_out
20                         config_get IPSEC_UPDOWN_DEST_OUT        $cfg dest_out
21                         ;;
22                 forward)
23                         config_get IPSEC_UPDOWN_FWD_RULE_IN     $cfg rule_in
24                         config_get IPSEC_UPDOWN_FWD_DEST_IN     $cfg dest_in
25                         config_get IPSEC_UPDOWN_FWD_RULE_OUT    $cfg rule_out
26                         config_get IPSEC_UPDOWN_FWD_DEST_OUT    $cfg dest_out
27                         ;;
28                 *)
29                         ;;
30         esac
31 }
32
33 config_load ipsec
34
35 export IPSEC_RESET_BUTTON
36 export IPSEC_STATUS_LED_START
37 export IPSEC_STATUS_LED_VALID
38
39 export IPSEC_UPDOWN_RULE_IN
40 export IPSEC_UPDOWN_DEST_IN
41 export IPSEC_UPDOWN_RULE_OUT
42 export IPSEC_UPDOWN_DEST_OUT
43
44 export IPSEC_UPDOWN_FWD_RULE_IN
45 export IPSEC_UPDOWN_FWD_DEST_IN
46 export IPSEC_UPDOWN_FWD_RULE_OUT
47 export IPSEC_UPDOWN_FWD_DEST_OUT
48
49
50 start() {
51
52         [ -f /etc/ipsec.conf      ] || exit
53         [ -e /var/run/starter.pid ] && exit
54
55         /usr/sbin/ipsec _showstatus start
56         
57         # stuff the dnsmasq cache in case dns is on our own subnet
58         for peer in `grep left= /etc/ipsec.conf | \
59                                 cut -f 1 -d% | cut -f 2 -d=` ; do
60                 ping -c 1 $peer > /dev/null 2>&1
61         done
62         
63         /usr/sbin/ipsec start || exit
64         
65         # work around broken routing behavior:
66         # a route to the local wan segment will appear
67         # the need was removed in the patched _updown script
68
69         while ! route -n | grep -q ipsec ; do sleep 1 ; done
70
71         defint=`route -n | awk '/^0.0.0.0/{print $8}'`
72         defnet=`route -n | grep $defint | awk  '!/^0.0.0.0/{print $1}'`
73         dnmask=`route -n | grep $defint | awk  '!/^0.0.0.0/{print $3}'`
74         tundev=`route -n | grep $defnet | awk '/ipsec/{print $8}'`
75         
76         route del -net $defnet netmask $dnmask dev $tundev
77 }
78
79
80 stop() {
81
82         /usr/sbin/ipsec stop 2> /dev/null
83
84         # wait until the shutdown actually happens
85         while [ -e /var/run/starter.pid ] ; do
86                 if [ -d /proc/`cat /var/run/starter.pid` ] ; then
87                         sleep 1
88                 else
89                         rm /var/run/starter.pid
90                 fi
91         done
92
93         # kill any lingering processes
94         while ps auxww | grep -q ipsec | grep -v init.d; do
95                 kill `ps auxww | grep -v init.d | awk '/\/ipsec\//{print $1}'` 2> /dev/null
96                 sleep 1
97         done
98
99         ipsec _showstatus stop
100 }
101