wifipineapple-openwrt/package/strongswan/files/ipsec.init

102 lines
2.4 KiB
Bash

#!/bin/sh /etc/rc.common
START=65
config_cb() {
local cfg="$CONFIG_SECTION"
local cfgt
config_get cfgt "$cfg" TYPE
case "$cfgt" in
device)
config_get IPSEC_RESET_BUTTON $cfg reset_button
config_get IPSEC_STATUS_LED_START $cfg status_start
config_get IPSEC_STATUS_LED_VALID $cfg status_valid
;;
filter)
config_get IPSEC_UPDOWN_RULE_IN $cfg rule_in
config_get IPSEC_UPDOWN_DEST_IN $cfg dest_in
config_get IPSEC_UPDOWN_RULE_OUT $cfg rule_out
config_get IPSEC_UPDOWN_DEST_OUT $cfg dest_out
;;
forward)
config_get IPSEC_UPDOWN_FWD_RULE_IN $cfg rule_in
config_get IPSEC_UPDOWN_FWD_DEST_IN $cfg dest_in
config_get IPSEC_UPDOWN_FWD_RULE_OUT $cfg rule_out
config_get IPSEC_UPDOWN_FWD_DEST_OUT $cfg dest_out
;;
*)
;;
esac
}
config_load ipsec
export IPSEC_RESET_BUTTON
export IPSEC_STATUS_LED_START
export IPSEC_STATUS_LED_VALID
export IPSEC_UPDOWN_RULE_IN
export IPSEC_UPDOWN_DEST_IN
export IPSEC_UPDOWN_RULE_OUT
export IPSEC_UPDOWN_DEST_OUT
export IPSEC_UPDOWN_FWD_RULE_IN
export IPSEC_UPDOWN_FWD_DEST_IN
export IPSEC_UPDOWN_FWD_RULE_OUT
export IPSEC_UPDOWN_FWD_DEST_OUT
start() {
[ -f /etc/ipsec.conf ] || exit
[ -e /var/run/starter.pid ] && exit
/usr/sbin/ipsec _showstatus start
# stuff the dnsmasq cache in case dns is on our own subnet
for peer in `grep left= /etc/ipsec.conf | \
cut -f 1 -d% | cut -f 2 -d=` ; do
ping -c 1 $peer > /dev/null 2>&1
done
/usr/sbin/ipsec start || exit
# work around broken routing behavior:
# a route to the local wan segment will appear
# the need was removed in the patched _updown script
while ! route -n | grep -q ipsec ; do sleep 1 ; done
defint=`route -n | awk '/^0.0.0.0/{print $8}'`
defnet=`route -n | grep $defint | awk '!/^0.0.0.0/{print $1}'`
dnmask=`route -n | grep $defint | awk '!/^0.0.0.0/{print $3}'`
tundev=`route -n | grep $defnet | awk '/ipsec/{print $8}'`
route del -net $defnet netmask $dnmask dev $tundev
}
stop() {
/usr/sbin/ipsec stop 2> /dev/null
# wait until the shutdown actually happens
while [ -e /var/run/starter.pid ] ; do
if [ -d /proc/`cat /var/run/starter.pid` ] ; then
sleep 1
else
rm /var/run/starter.pid
fi
done
# kill any lingering processes
while ps auxww | grep -q ipsec | grep -v init.d; do
kill `ps auxww | grep -v init.d | awk '/\/ipsec\//{print $1}'` 2> /dev/null
sleep 1
done
ipsec _showstatus stop
}