ipsec revision 1.15
1 1.1 itojun #!/bin/sh 2 1.1 itojun # 3 1.15 christos # $NetBSD: ipsec,v 1.15 2018/08/13 09:16:06 christos Exp $ 4 1.1 itojun # 5 1.1 itojun 6 1.1 itojun # PROVIDE: ipsec 7 1.11 tsutsui # REQUIRE: root bootconf mountcritlocal tty 8 1.7 thorpej # BEFORE: DAEMON 9 1.1 itojun 10 1.8 mycroft $_rc_subr_loaded . /etc/rc.subr 11 1.1 itojun 12 1.1 itojun name="ipsec" 13 1.6 lukem rcvar=$name 14 1.4 lukem start_precmd="ipsec_prestart" 15 1.1 itojun start_cmd="ipsec_start" 16 1.6 lukem stop_precmd="test -f /etc/ipsec.conf" 17 1.1 itojun stop_cmd="ipsec_stop" 18 1.1 itojun reload_cmd="ipsec_reload" 19 1.1 itojun extra_commands="reload" 20 1.1 itojun 21 1.5 lukem ipsec_prestart() 22 1.1 itojun { 23 1.1 itojun if [ ! -f /etc/ipsec.conf ]; then 24 1.4 lukem warn "/etc/ipsec.conf not readable; ipsec start aborted." 25 1.9 apb 26 1.9 apb stop_boot 27 1.4 lukem return 1 28 1.1 itojun fi 29 1.4 lukem return 0 30 1.4 lukem } 31 1.4 lukem 32 1.12 christos ipsec_getip() { 33 1.14 christos ifconfig $1 | while IFS="${IFS}/" read what address rest; do 34 1.12 christos case "$what" in 35 1.15 christos inet) echo "local v4_addr=$address;";; 36 1.15 christos inet6) case "$address" in 37 1.15 christos fe80:) ;; 38 1.15 christos *) echo "local v6_addr=$address;";; 39 1.15 christos esac;; 40 1.12 christos esac 41 1.12 christos done 42 1.12 christos } 43 1.12 christos 44 1.13 christos ipsec_load() { 45 1.13 christos if [ -z "$1" ]; then 46 1.13 christos /sbin/setkey -f /etc/ipsec.conf 47 1.13 christos else 48 1.15 christos sed -e "s/@LOCAL_ADDR@/$1/" \ 49 1.15 christos -e "s/@LOCAL_ADDR_V4@/$1/" \ 50 1.15 christos -e "s/@LOCAL_ADDR_V6@/$2/" /etc/ipsec.conf | \ 51 1.13 christos /sbin/setkey -f - 52 1.13 christos fi 53 1.13 christos } 54 1.13 christos 55 1.13 christos ipsec_configure() { 56 1.13 christos while true; do 57 1.15 christos eval $(ipsec_getip "$ipsec_flags") 58 1.15 christos case "$v4_addr" in 59 1.13 christos '') sleep 1;; 60 1.13 christos "0.0.0.0") sleep 1;; 61 1.15 christos *) ipsec_load "$v4_addr" "$v6_addr"; return;; 62 1.13 christos esac 63 1.13 christos done & 64 1.13 christos } 65 1.13 christos 66 1.4 lukem ipsec_start() 67 1.4 lukem { 68 1.1 itojun echo "Installing ipsec manual keys/policies." 69 1.12 christos if [ -n "$ipsec_flags" ]; then 70 1.13 christos ipsec_configure 71 1.12 christos else 72 1.13 christos ipsec_load 73 1.12 christos fi 74 1.1 itojun } 75 1.1 itojun 76 1.1 itojun ipsec_stop() 77 1.1 itojun { 78 1.3 itojun echo "Clearing ipsec manual keys/policies." 79 1.1 itojun 80 1.1 itojun # still not 100% sure if we would like to do this. 81 1.1 itojun # it is very questionable to do this during shutdown session, since 82 1.1 itojun # it can hang any of remaining IPv4/v6 session. 83 1.1 itojun # 84 1.1 itojun /sbin/setkey -F 85 1.1 itojun /sbin/setkey -FP 86 1.1 itojun } 87 1.1 itojun 88 1.1 itojun ipsec_reload() 89 1.1 itojun { 90 1.1 itojun echo "Reloading ipsec manual keys/policies." 91 1.12 christos ipsec_stop 92 1.12 christos ipsec_start 93 1.1 itojun } 94 1.1 itojun 95 1.1 itojun load_rc_config $name 96 1.1 itojun run_rc_command "$1" 97
Indexes created Fri Oct 31 11:10:07 GMT 2025