1 #!/bin/sh /etc/rc.common
6 local cfg="$CONFIG_SECTION"
8 config_get cfgt "$cfg" TYPE
12 config_get IPSEC_RESET_BUTTON $cfg reset_button
13 config_get IPSEC_STATUS_LED_START $cfg status_start
14 config_get IPSEC_STATUS_LED_VALID $cfg status_valid
17 config_get IPSEC_UPDOWN_RULE_IN $cfg rule_in
18 config_get IPSEC_UPDOWN_DEST_IN $cfg dest_in
19 config_get IPSEC_UPDOWN_RULE_OUT $cfg rule_out
20 config_get IPSEC_UPDOWN_DEST_OUT $cfg dest_out
23 config_get IPSEC_UPDOWN_FWD_RULE_IN $cfg rule_in
24 config_get IPSEC_UPDOWN_FWD_DEST_IN $cfg dest_in
25 config_get IPSEC_UPDOWN_FWD_RULE_OUT $cfg rule_out
26 config_get IPSEC_UPDOWN_FWD_DEST_OUT $cfg dest_out
35 export IPSEC_RESET_BUTTON
36 export IPSEC_STATUS_LED_START
37 export IPSEC_STATUS_LED_VALID
39 export IPSEC_UPDOWN_RULE_IN
40 export IPSEC_UPDOWN_DEST_IN
41 export IPSEC_UPDOWN_RULE_OUT
42 export IPSEC_UPDOWN_DEST_OUT
44 export IPSEC_UPDOWN_FWD_RULE_IN
45 export IPSEC_UPDOWN_FWD_DEST_IN
46 export IPSEC_UPDOWN_FWD_RULE_OUT
47 export IPSEC_UPDOWN_FWD_DEST_OUT
52 [ -f /etc/ipsec.conf ] || exit
53 [ -e /var/run/starter.pid ] && exit
55 /usr/sbin/ipsec _showstatus start
57 # stuff the dnsmasq cache in case dns is on our own subnet
58 for peer in `grep left= /etc/ipsec.conf | \
59 cut -f 1 -d% | cut -f 2 -d=` ; do
60 ping -c 1 $peer > /dev/null 2>&1
63 /usr/sbin/ipsec start || exit
65 # work around broken routing behavior:
66 # a route to the local wan segment will appear
67 # the need was removed in the patched _updown script
69 while ! route -n | grep -q ipsec ; do sleep 1 ; done
71 defint=`route -n | awk '/^0.0.0.0/{print $8}'`
72 defnet=`route -n | grep $defint | awk '!/^0.0.0.0/{print $1}'`
73 dnmask=`route -n | grep $defint | awk '!/^0.0.0.0/{print $3}'`
74 tundev=`route -n | grep $defnet | awk '/ipsec/{print $8}'`
76 route del -net $defnet netmask $dnmask dev $tundev
82 /usr/sbin/ipsec stop 2> /dev/null
84 # wait until the shutdown actually happens
85 while [ -e /var/run/starter.pid ] ; do
86 if [ -d /proc/`cat /var/run/starter.pid` ] ; then
89 rm /var/run/starter.pid
93 # kill any lingering processes
94 while ps auxww | grep -q ipsec | grep -v init.d; do
95 kill `ps auxww | grep -v init.d | awk '/\/ipsec\//{print $1}'` 2> /dev/null
99 ipsec _showstatus stop