ipsec revision 1.14
11.1Sitojun#!/bin/sh 21.1Sitojun# 31.14Schristos# $NetBSD: ipsec,v 1.14 2016/10/19 21:27:10 christos Exp $ 41.1Sitojun# 51.1Sitojun 61.1Sitojun# PROVIDE: ipsec 71.11Stsutsui# REQUIRE: root bootconf mountcritlocal tty 81.7Sthorpej# BEFORE: DAEMON 91.1Sitojun 101.8Smycroft$_rc_subr_loaded . /etc/rc.subr 111.1Sitojun 121.1Sitojunname="ipsec" 131.6Slukemrcvar=$name 141.4Slukemstart_precmd="ipsec_prestart" 151.1Sitojunstart_cmd="ipsec_start" 161.6Slukemstop_precmd="test -f /etc/ipsec.conf" 171.1Sitojunstop_cmd="ipsec_stop" 181.1Sitojunreload_cmd="ipsec_reload" 191.1Sitojunextra_commands="reload" 201.1Sitojun 211.5Slukemipsec_prestart() 221.1Sitojun{ 231.1Sitojun if [ ! -f /etc/ipsec.conf ]; then 241.4Slukem warn "/etc/ipsec.conf not readable; ipsec start aborted." 251.9Sapb 261.9Sapb stop_boot 271.4Slukem return 1 281.1Sitojun fi 291.4Slukem return 0 301.4Slukem} 311.4Slukem 321.12Schristosipsec_getip() { 331.14Schristos ifconfig $1 | while IFS="${IFS}/" read what address rest; do 341.12Schristos case "$what" in 351.12Schristos inet) echo "$address";; 361.12Schristos esac 371.12Schristos done 381.12Schristos} 391.12Schristos 401.13Schristosipsec_load() { 411.13Schristos if [ -z "$1" ]; then 421.13Schristos /sbin/setkey -f /etc/ipsec.conf 431.13Schristos else 441.13Schristos sed -e "s/@LOCAL_ADDR@/$1/" < /etc/ipsec.conf | \ 451.13Schristos /sbin/setkey -f - 461.13Schristos fi 471.13Schristos} 481.13Schristos 491.13Schristosipsec_configure() { 501.13Schristos while true; do 511.13Schristos local addr="$(ipsec_getip "$ipsec_flags")" 521.13Schristos case "$addr" in 531.13Schristos '') sleep 1;; 541.13Schristos "0.0.0.0") sleep 1;; 551.13Schristos *) ipsec_load "$addr"; return;; 561.13Schristos esac 571.13Schristos done & 581.13Schristos} 591.13Schristos 601.4Slukemipsec_start() 611.4Slukem{ 621.1Sitojun echo "Installing ipsec manual keys/policies." 631.12Schristos if [ -n "$ipsec_flags" ]; then 641.13Schristos ipsec_configure 651.12Schristos else 661.13Schristos ipsec_load 671.12Schristos fi 681.1Sitojun} 691.1Sitojun 701.1Sitojunipsec_stop() 711.1Sitojun{ 721.3Sitojun echo "Clearing ipsec manual keys/policies." 731.1Sitojun 741.1Sitojun # still not 100% sure if we would like to do this. 751.1Sitojun # it is very questionable to do this during shutdown session, since 761.1Sitojun # it can hang any of remaining IPv4/v6 session. 771.1Sitojun # 781.1Sitojun /sbin/setkey -F 791.1Sitojun /sbin/setkey -FP 801.1Sitojun} 811.1Sitojun 821.1Sitojunipsec_reload() 831.1Sitojun{ 841.1Sitojun echo "Reloading ipsec manual keys/policies." 851.12Schristos ipsec_stop 861.12Schristos ipsec_start 871.1Sitojun} 881.1Sitojun 891.1Sitojunload_rc_config $name 901.1Sitojunrun_rc_command "$1" 91