ipsec revision 1.1
1#!/bin/sh 2# 3# $NetBSD: ipsec,v 1.1 2000/06/13 16:29:54 itojun Exp $ 4# 5 6# PROVIDE: ipsec 7# REQUIRE: root beforenetlkm mountcritlocal tty 8 9# it does not really require beforenetlkm. 10 11. /etc/rc.subr 12 13name="ipsec" 14start_cmd="ipsec_start" 15stop_precmd="checkyesno ipsec && [ -f /etc/ipsec.conf ]" 16stop_cmd="ipsec_stop" 17reload_precmd="$stop_precmd" 18reload_cmd="ipsec_reload" 19extra_commands="reload" 20 21ipsec_start() 22{ 23 if ! checkyesno ipsec; then 24 return 0 25 fi 26 27 # if /etc/ipsec.conf isn't readable, abort the boot rather 28 # than risk a security problem 29 # 30 if [ ! -f /etc/ipsec.conf ]; then 31 err 1 "/etc/ipsec.conf not readable; ipsec start aborted." 32 fi 33 echo "Installing ipsec manual keys/policies." 34 /sbin/setkey -f /etc/ipsec.conf 35} 36 37ipsec_stop() 38{ 39 echo "Clearing ipesc manual keys/policies." 40 41 # still not 100% sure if we would like to do this. 42 # it is very questionable to do this during shutdown session, since 43 # it can hang any of remaining IPv4/v6 session. 44 # 45 /sbin/setkey -F 46 /sbin/setkey -FP 47} 48 49ipsec_reload() 50{ 51 echo "Reloading ipsec manual keys/policies." 52 /sbin/setkey -F 53 /sbin/setkey -FP 54 /sbin/setkey -f /etc/ipsec.conf 55} 56 57load_rc_config $name 58run_rc_command "$1" 59