1 #!/bin/sh /etc/rc.common
2 # IPsec startup and shutdown script
3 # Copyright (C) 1998, 1999, 2001 Henry Spencer.
4 # Copyright (C) 2002 Michael Richardson <mcr@freeswan.org>
5 # Copyright (C) 2006 OpenWrt.org
7 # This program is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by the
9 # Free Software Foundation; either version 2 of the License, or (at your
10 # option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 # This program is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 # RCSID $Id: setup.in,v 1.122.6.1 2005/07/25 19:17:03 ken Exp $
19 # ipsec init.d script for starting and stopping
20 # the IPsec security subsystem (KLIPS and Pluto).
22 # This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec)
23 # and is also accessible as "ipsec setup" (the preferred route for human
26 # The startup and shutdown times are a difficult compromise (in particular,
27 # it is almost impossible to reconcile them with the insanely early/late
28 # times of NFS filesystem startup/shutdown). Startup is after startup of
29 # syslog and pcmcia support; shutdown is just before shutdown of syslog.
31 # chkconfig: 2345 47 76
32 # description: IPsec provides encrypted and authenticated communications; \
33 # KLIPS is the kernel half of it, Pluto is the user-level management daemon.
37 me='ipsec setup' # for messages
39 # where the private directory and the config files are
40 IPSEC_EXECDIR="${IPSEC_EXECDIR-/usr/libexec/ipsec}"
41 IPSEC_LIBDIR="${IPSEC_LIBDIR-/usr/lib/ipsec}"
42 IPSEC_SBINDIR="${IPSEC_SBINDIR-/usr/sbin}"
43 IPSEC_CONFS="${IPSEC_CONFS-/etc}"
45 if test " $IPSEC_DIR" = " " # if we were not called by the ipsec command
47 # we must establish a suitable PATH ourselves
48 PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
51 IPSEC_DIR="$IPSEC_LIBDIR"
52 export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
55 # Check that the ipsec command is available.
57 for dir in `echo $PATH | tr ':' ' '`
59 if test -f $dir/ipsec -a -x $dir/ipsec
62 break # NOTE BREAK OUT
67 echo "cannot find ipsec command -- \`$1' aborted" |
68 logger -s -p daemon.error -t ipsec_setup
72 # Pick up IPsec configuration (until we have done this, successfully, we
73 # do not know where errors should go, hence the explicit "daemon.error"s.)
74 # Note the "--export", which exports the variables created.
75 eval `ipsec _confread $config --optional --varprefix IPSEC --export --type config setup`
77 if test " $IPSEC_confreadstatus" != " "
80 stop|--stop|_autostop)
81 echo "$IPSEC_confreadstatus -- \`$1' may not work" |
82 logger -s -p daemon.error -t ipsec_setup;;
84 *) echo "$IPSEC_confreadstatus -- \`$1' aborted" |
85 logger -s -p daemon.error -t ipsec_setup;
90 IPSEC_confreadsection=${IPSEC_confreadsection:-setup}
91 export IPSEC_confreadsection
93 IPSECsyslog=${IPSECsyslog-daemon.error}
99 mkdir -p /var/run/pluto
103 if [ "${USER}" != "root" ]
105 echo "permission denied (must be superuser)" |
106 logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
109 # make sure all required directories exist
110 if [ ! -d /var/run/pluto ]
112 mkdir -p /var/run/pluto
114 if [ ! -d /var/lock/subsys ]
116 mkdir -p /var/lock/subsys
118 tmp=/var/run/pluto/ipsec_setup.st
119 outtmp=/var/run/pluto/ipsec_setup.out
130 if [ -f ${outtmp} ]; then
131 cat ${outtmp} | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
138 script_init start "$@"
139 script_command start "$@"
143 script_init stop "$@"
144 script_command stop "$@"
148 script_init stop "$@"
149 script_command stop "$@"
150 script_command start "$@"
154 script_init status "$@"
155 ipsec _realsetup status
157 EXTRA_COMMANDS=status
158 EXTRA_HELP=" status Show the status of the service"