ipsec revision 1.12
11.1Sitojun#!/bin/sh 21.1Sitojun# 31.12Schristos# $NetBSD: ipsec,v 1.12 2013/06/14 16:37:55 christos Exp $ 41.1Sitojun# 51.1Sitojun 61.1Sitojun# PROVIDE: ipsec 71.11Stsutsui# REQUIRE: root bootconf mountcritlocal tty 81.7Sthorpej# BEFORE: DAEMON 91.1Sitojun 101.8Smycroft$_rc_subr_loaded . /etc/rc.subr 111.1Sitojun 121.1Sitojunname="ipsec" 131.6Slukemrcvar=$name 141.4Slukemstart_precmd="ipsec_prestart" 151.1Sitojunstart_cmd="ipsec_start" 161.6Slukemstop_precmd="test -f /etc/ipsec.conf" 171.1Sitojunstop_cmd="ipsec_stop" 181.1Sitojunreload_cmd="ipsec_reload" 191.1Sitojunextra_commands="reload" 201.1Sitojun 211.5Slukemipsec_prestart() 221.1Sitojun{ 231.1Sitojun if [ ! -f /etc/ipsec.conf ]; then 241.4Slukem warn "/etc/ipsec.conf not readable; ipsec start aborted." 251.9Sapb 261.9Sapb stop_boot 271.4Slukem return 1 281.1Sitojun fi 291.4Slukem return 0 301.4Slukem} 311.4Slukem 321.12Schristosipsec_getip() { 331.12Schristos ifconfig $1 | while read what address rest; do 341.12Schristos case "$what" in 351.12Schristos inet) echo "$address";; 361.12Schristos esac 371.12Schristos done 381.12Schristos} 391.12Schristos 401.4Slukemipsec_start() 411.4Slukem{ 421.1Sitojun echo "Installing ipsec manual keys/policies." 431.12Schristos if [ -n "$ipsec_flags" ]; then 441.12Schristos sed -e "s/@LOCAL_ADDR@/$(ipsec_getip "$ipsec_flags")/" \ 451.12Schristos < /etc/ipsec.conf | /sbin/setkey -f - 461.12Schristos else 471.12Schristos /sbin/setkey -f /etc/ipsec.conf 481.12Schristos fi 491.1Sitojun} 501.1Sitojun 511.1Sitojunipsec_stop() 521.1Sitojun{ 531.3Sitojun echo "Clearing ipsec manual keys/policies." 541.1Sitojun 551.1Sitojun # still not 100% sure if we would like to do this. 561.1Sitojun # it is very questionable to do this during shutdown session, since 571.1Sitojun # it can hang any of remaining IPv4/v6 session. 581.1Sitojun # 591.1Sitojun /sbin/setkey -F 601.1Sitojun /sbin/setkey -FP 611.1Sitojun} 621.1Sitojun 631.1Sitojunipsec_reload() 641.1Sitojun{ 651.1Sitojun echo "Reloading ipsec manual keys/policies." 661.12Schristos ipsec_stop 671.12Schristos ipsec_start 681.1Sitojun} 691.1Sitojun 701.1Sitojunload_rc_config $name 711.1Sitojunrun_rc_command "$1" 72