2 ###############################################################################
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2017 IPFire Network Development Team #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
20 ###############################################################################
22 IPSEC_CONNECTION_CONFIG_SETTINGS
="AUTH_MODE DPD_ACTION DPD_DELAY DPD_TIMEOUT"
23 IPSEC_CONNECTION_CONFIG_SETTINGS
="INACTIVITY_TIMEOUT LOCAL_ADDRESS LOCAL_ID LOCAL_PREFIX"
24 IPSEC_CONNECTION_CONFIG_SETTINGS
="${IPSEC_CONNECTION_CONFIG_SETTINGS} MODE PEER PSK"
25 IPSEC_CONNECTION_CONFIG_SETTINGS
="${IPSEC_CONNECTION_CONFIG_SETTINGS} REMOTE_ID REMOTE_PREFIX"
26 IPSEC_CONNECTION_CONFIG_SETTINGS
="${IPSEC_CONNECTION_CONFIG_SETTINGS} SECURITY_POLICY"
29 IPSEC_DEFAULT_AUTH_MODE
="PSK"
30 IPSEC_DEFAULT_DPD_ACTION
="restart"
31 IPSEC_DEFAULT_DPD_DELAY
="30"
32 IPSEC_DEFAULT_DPD_TIMEOUT
="120"
33 IPSEC_DEFAULT_INACTIVITY_TIMEOUT
="0"
34 IPSEC_DEFAULT_MODE
="tunnel"
35 IPSEC_DEFAULT_SECURITY_POLICY
="system"
36 IPSEC_DEFAULT_START_ACTION
="on-demand"
38 IPSEC_VALID_MODES
="gre-transport tunnel vti"
39 IPSEC_VALID_AUTH_MODES
="PSK"
47 cli_ipsec_connection $@
50 error
"Unrecognized argument: ${action}"
56 cli_ipsec_connection
() {
57 if ipsec_connection_exists
${1}; then
64 authentication|down|dpd|inactivity_timeout|
local|mode|peer|remote|security_policy|start_action|up
)
65 ipsec_connection_
${key} ${connection} $@
68 cli_ipsec_connection_show
"${connection}"
72 error
"Unrecognized argument: ${key}"
82 ipsec_connection_new $@
85 ipsec_connection_destroy $@
88 if [ -n "${action}" ]; then
89 error
"Unrecognized argument: '${action}'"
97 cli_ipsec_connection_show
() {
98 local connection
="${1}"
100 # Read the config settings
101 local ${IPSEC_CONNECTION_CONFIG_SETTINGS}
102 if ! ipsec_connection_read_config
"${connection}"; then
103 error
"Could not read the connection configuration"
107 cli_headline
0 "IPsec VPN Connection: ${connection}"
112 cli_print_fmt1
1 "Peer" "${PEER}"
116 cli_print_fmt1
1 "Security Policy" "${SECURITY_POLICY-${IPSEC_DEFAULT_SECURITY_POLICY}}"
119 cli_headline
2 "Authentication"
120 case "${AUTH_MODE^^}" in
122 cli_print_fmt1
2 "Mode" "Pre-Shared-Key"
125 cli_print_fmt1
2 "Pre-Shared-Key" "****"
127 cli_print_fmt1
2 "Pre-Shared-Key" "- is not set -"
137 for i
in LOCAL REMOTE
; do
140 cli_headline
2 "Local"
143 cli_headline
2 "Remote"
147 local id_var
="${i}_ID"
148 if [ -n "${!id_var}" ]; then
149 cli_print_fmt1
2 "ID" "${!id_var}"
152 local prefix_var
="${i}_PREFIX"
153 if isset
${prefix_var}; then
154 cli_headline
3 "Prefix(es)"
157 for prefix
in ${!prefix_var}; do
158 cli_print_fmt1
3 "${prefix}"
165 cli_headline
2 "Misc."
169 cli_print_fmt1
2 "Transport Mode" "GRE Transport"
172 cli_print_fmt1
2 "Transport Mode" "Tunnel"
175 cli_print_fmt1
2 "Transport Mode" "Virtual Tunnel Interface"
178 cli_print_fmt1
2 "Transport Mode" "- Unknown -"
183 if isset INACTIVITY_TIMEOUT
&& [ ${INACTIVITY_TIMEOUT} -gt 0 ]; then
184 cli_print_fmt1
2 "Inactivity Timeout" "$(format_time ${INACTIVITY_TIMEOUT})"
191 # This function writes all values to a via ${connection} specificated VPN IPsec configuration file
192 ipsec_connection_write_config
() {
195 local connection
="${1}"
197 if ! ipsec_connection_exists
"${connection}"; then
198 log ERROR
"No such VPN IPsec connection: ${connection}"
202 local path
="${NETWORK_IPSEC_CONNS_DIR}/${connection}/settings"
204 if ! settings_write
"${path}" ${IPSEC_CONNECTION_CONFIG_SETTINGS}; then
205 log ERROR
"Could not write configuration settings for VPN IPsec connection ${connection}"
209 ipsec_reload
${connection}
212 # This funtion writes the value for one key to a via ${connection} specificated VPN IPsec connection configuration file
213 ipsec_connection_write_config_key
() {
216 local connection
=${1}
222 if ! ipsec_connection_exists
"${connection}"; then
223 log ERROR
"No such VPN ipsec connection: ${connection}"
227 log DEBUG
"Set '${key}' to new value '${value}' in VPN ipsec connection '${connection}'"
229 local ${IPSEC_CONNECTION_CONFIG_SETTINGS}
231 # Read the config settings
232 if ! ipsec_connection_read_config
"${connection}"; then
236 # Set the key to a new value
237 assign
"${key}" "${value}"
239 if ! ipsec_connection_write_config
"${connection}"; then
246 # Reads one or more keys out of a settings file or all if no key is provided.
247 ipsec_connection_read_config
() {
250 local connection
="${1}"
253 if ! ipsec_connection_exists
"${connection}"; then
254 log ERROR
"No such VPN IPsec connection : ${connection}"
260 if [ $# -eq 0 ] && [ -n "${IPSEC_CONNECTION_CONFIG_SETTINGS}" ]; then
261 list_append args
${IPSEC_CONNECTION_CONFIG_SETTINGS}
266 local path
="${NETWORK_IPSEC_CONNS_DIR}/${connection}/settings"
268 if ! settings_read
"${path}" ${args}; then
269 log ERROR
"Could not read settings for VPN IPsec connection ${connection}"
274 # This function checks if a vpn ipsec connection exists
275 # Returns True when yes and false when not
276 ipsec_connection_exists
() {
279 local connection
=${1}
281 local path
="${NETWORK_IPSEC_CONNS_DIR}/${connection}"
283 [ -d "${path}" ] && return ${EXIT_TRUE} || return ${EXIT_FALSE}
286 # Reloads the connection after config changes
291 # Handle the cli after authentification
292 ipsec_connection_authentication() {
293 if [ ! $# -gt 1 ]; then
294 log ERROR "Not enough arguments
"
298 local connection=${1}
304 ipsec_connection_authentication_mode "${connection}" $@
307 ipsec_connection_authentication_psk "${connection}" $@
310 log ERROR "Unrecognized argument
: ${cmd}"
316 # Set the authentification mode
317 ipsec_connection_authentication_mode() {
318 if [ ! $# -eq 2 ]; then
319 log ERROR "Not enough arguments
"
322 local connection=${1}
325 if ! isoneof mode ${IPSEC_VALID_AUTH_MODES}; then
326 log ERROR "Auth mode
'${mode}' is invalid
"
330 if ! ipsec_connection_write_config_key "${connection}" "AUTH_MODE
" ${mode^^}; then
331 log ERROR "Could not
write configuration settings
"
337 ipsec_connection_authentication_psk() {
338 if [ ! $# -eq 2 ]; then
339 log ERROR "Not enough arguments
"
343 local connection=${1}
348 if [ ${length} -lt 4 ]; then
349 error "The PSK must be longer than four characters
"
353 if [ ${length} -gt 128 ]; then
354 error "The PSK cannot be longer than
128 characters
"
358 if ! ipsec_connection_write_config_key "${connection}" "PSK
" "${psk}"; then
359 log ERROR "Could not
write configuration settings
"
366 ipsec_connection_up() {
367 local connection="${1}"
369 if ! ipsec_connection_exists "${connection}"; then
370 error "No such VPN IPsec connection
: ${connection}"
374 cmd swanctl --initiate --child "${connection}"
377 ipsec_connection_down() {
378 local connection="${1}"
380 if ! ipsec_connection_exists "${connection}"; then
381 error "No such VPN IPsec connection
: ${connection}"
385 cmd swanctl --terminate --ike "${connection}"
388 # Handle the cli after authentification
389 ipsec_connection_dpd() {
390 if [ ! $# -gt 1 ]; then
391 log ERROR "Not enough arguments
"
395 local connection=${1}
401 ipsec_connection_dpd_action "${connection}" $@
404 ipsec_connection_dpd_delay "${connection}" $@
407 ipsec_connection_dpd_timeout "${connection}" $@
410 log ERROR "Unrecognized argument
: ${cmd}"
416 # Set the default dpd action
417 ipsec_connection_dpd_action() {
418 if [ ! $# -eq 2 ]; then
419 log ERROR "Not enough arguments
"
422 local connection=${1}
425 if ! isoneof action "restart
" "clear"; then
426 log ERROR "dpd action
'${action}' is invalid
"
430 if ! ipsec_connection_write_config_key "${connection}" "DPD_ACTION
" ${action}; then
431 log ERROR "Could not
write configuration settings
"
437 ipsec_connection_dpd_delay() {
438 if [ ! $# -ge 2 ]; then
439 log ERROR "Not enough arguments
"
443 local connection=${1}
447 if ! isinteger value; then
448 value=$(parse_time $@)
449 if [ ! $? -eq 0 ]; then
450 log ERROR "Parsing the passed
time was not sucessful please check the passed values.
"
455 if [ ${value} -lt 0 ]; then
456 log ERROR "The passed
time value must be
in the
sum greater or equal zero seconds.
"
460 if ! ipsec_connection_write_config_key "${connection}" "DPD_DELAY
" ${value}; then
461 log ERROR "Could not
write configuration settings
"
468 # Set the dpd timeout
469 ipsec_connection_dpd_timeout() {
470 if [ ! $# -ge 2 ]; then
471 log ERROR "Not enough arguments
"
475 local connection=${1}
479 if ! isinteger value; then
480 value=$(parse_time $@)
481 if [ ! $? -eq 0 ]; then
482 log ERROR "Parsing the passed
time was not sucessful please check the passed values.
"
487 if [ ${value} -le 0 ]; then
488 log ERROR "The passed
time value must be
in the
sum greater or equal zero seconds.
"
492 if ! ipsec_connection_write_config_key "${connection}" "DPD_TIMEOUT
" ${value}; then
493 log ERROR "Could not
write configuration settings
"
500 # Handle the cli after local
501 ipsec_connection_local() {
502 if [ ! $# -ge 2 ]; then
503 log ERROR "Not enough arguments
"
507 local connection=${1}
513 ipsec_connection_local_address "${connection}" $@
516 ipsec_connection_id "${connection}" "LOCAL
" $@
519 ipsec_connection_prefix "${connection}" "LOCAL
" $@
522 log ERROR "Unrecognized argument
: ${cmd}"
530 # Set the connection mode
531 ipsec_connection_mode() {
532 if [ ! $# -eq 2 ]; then
533 log ERROR "Not enough arguments
"
536 local connection=${1}
539 if ! isoneof mode ${IPSEC_VALID_MODES}; then
540 log ERROR "Mode
'${mode}' is invalid
"
544 if ! ipsec_connection_write_config_key "${connection}" "MODE
" ${mode}; then
545 log ERROR "Could not
write configuration settings
"
552 # Set the local address
553 ipsec_connection_local_address() {
554 if [ ! $# -eq 2 ]; then
555 log ERROR "Not enough arguments
"
558 local connection=${1}
559 local local_address=${2}
561 if ! ipsec_connection_check_peer ${local_address}; then
562 log ERROR "Local address
'${local_address}' is invalid
"
566 if ! ipsec_connection_write_config_key "${connection}" "LOCAL_ADDRESS
" ${local_address}; then
567 log ERROR "Could not
write configuration settings
"
574 # Set the peer to connect to
575 ipsec_connection_peer() {
576 if [ ! $# -eq 2 ]; then
577 log ERROR "Not enough arguments
"
580 local connection=${1}
583 if ! ipsec_connection_check_peer ${peer}; then
584 log ERROR "Peer
'${peer}' is invalid
"
588 if ! ipsec_connection_write_config_key "${connection}" "PEER
" ${peer}; then
589 log ERROR "Could not
write configuration settings
"
596 #Set the local or remote id
597 ipsec_connection_id() {
598 if [ ! $# -eq 3 ]; then
599 log ERROR "Not enough arguments
"
602 local connection=${1}
606 if ! ipsec_connection_check_id ${id}; then
607 log ERROR "Id
'${id}' is invalid
"
611 if ! ipsec_connection_write_config_key "${connection}" "${type}_ID" ${id}; then
612 log ERROR
"Could not write configuration settings"
619 # Set the local or remote prefix
620 ipsec_connection_prefix
() {
621 if [ ! $# -ge 3 ]; then
622 log ERROR
"Not enough arguments"
625 local connection
=${1}
629 local _prefix
="${type}_PREFIX"
631 if ! ipsec_connection_read_config
"${connection}" "${_prefix}"; then
635 # Remove duplicated entries to proceed the list safely
636 assign
"${_prefix}" "$(list_unique ${!_prefix} )"
639 local prefixes_removed
642 while [ $# -gt 0 ]; do
647 list_append prefixes_added
"${arg:1}"
650 list_append prefixes_removed
"${arg:1}"
653 list_append prefixes_set
"${arg}"
656 error
"Invalid argument: ${arg}"
663 # Check if the user is trying a mixed operation
664 if ! list_is_empty prefixes_set
&& (! list_is_empty prefixes_added ||
! list_is_empty prefixes_removed
); then
665 error
"You cannot reset the prefix list and add or remove prefixes at the same time"
669 # Set new prefix list
670 if ! list_is_empty prefixes_set
; then
671 # Check if all prefixes are valid
673 for prefix
in ${prefixes_set}; do
674 if ! ip_net_is_valid
${prefix}; then
675 error
"Unsupported prefix: ${prefix}"
680 assign
"${_prefix}" "${prefixes_set}"
682 # Perform incremental updates
686 # Perform all removals
687 for prefix
in ${prefixes_removed}; do
688 if ! list_remove
"${_prefix}" ${prefix}; then
689 warning
"${prefix} was not on the list and could not be removed"
694 for prefix
in ${prefixes_added}; do
695 if ip_net_is_valid
${prefix}; then
696 if ! list_append_unique
"${_prefix}" ${prefix}; then
697 warning
"${prefix} is already on the prefix list"
700 warning
"${prefix} is not a valid IP network and could not be added"
705 # Check if the list contain at least one valid prefix
706 if list_is_empty
${_prefix}; then
707 error
"Cannot save an empty prefix list"
712 if ! ipsec_connection_write_config_key
"${connection}" "${_prefix}" ${!_prefix}; then
713 log ERROR "Could not
write configuration settings
"
719 # Handle the cli after remote
720 ipsec_connection_remote() {
721 if [ ! $# -ge 2 ]; then
722 log ERROR "Not enough arguments
"
726 local connection=${1}
732 ipsec_connection_id "${connection}" "REMOTE
" $@
736 ipsec_connection_prefix "${connection}" "REMOTE
" $@
739 log ERROR "Unrecognized argument
: ${cmd}"
747 # Set the inactivity timeout
748 ipsec_connection_inactivity_timeout() {
749 if [ ! $# -ge 2 ]; then
750 log ERROR "Not enough arguments
"
754 local connection=${1}
758 if ! isinteger value; then
759 value=$(parse_time $@)
760 if [ ! $? -eq 0 ]; then
761 log ERROR "Parsing the passed
time was not sucessful please check the passed values.
"
766 if [ ${value} -le 0 ]; then
767 log ERROR "The passed
time value must be
in the
sum greater zero seconds.
"
771 if ! ipsec_connection_write_config_key "${connection}" "INACTIVITY_TIMEOUT
" ${value}; then
772 log ERROR "Could not
write configuration settings
"
779 # Set the default start action
780 ipsec_connection_start_action() {
781 if [ ! $# -eq 2 ]; then
782 log ERROR "Not enough arguments
"
785 local connection=${1}
788 if ! isoneof action "on-demand
" "always-on
"; then
789 log ERROR "Start action
'${action}' is invalid
"
793 if ! ipsec_connection_write_config_key "${connection}" "START_ACTION
" ${action}; then
794 log ERROR "Could not
write configuration settings
"
799 # Set the security policy to use
800 ipsec_connection_security_policy() {
801 if [ ! $# -eq 2 ]; then
802 log ERROR "Not enough arguments
"
805 local connection=${1}
806 local security_policy=${2}
808 if ! vpn_security_policy_exists ${security_policy}; then
809 log ERROR "No such vpn security policy
'${security_policy}'"
813 if ! ipsec_connection_write_config_key "${connection}" "SECURITY_POLICY
" ${security_policy}; then
814 log ERROR "Could not
write configuration settings
"
819 # Check if a id is valid
820 ipsec_connection_check_id() {
824 if [[ ${id} =~ ^@[[:alnum:]]+$ ]] || ip_is_valid ${id}; then
831 # Checks if a peer is valid
832 ipsec_connection_check_peer() {
836 # TODO Accept also FQDNs
837 if ip_is_valid ${peer}; then
844 # This function checks if a VPN IPsec connection name is valid
845 # Allowed are only A-Za-z0-9
846 ipsec_connection_check_name() {
849 local connection=${1}
851 [[ "${connection}" =~ [^[:alnum:]$] ]]
854 # Function that creates one VPN IPsec connection
855 ipsec_connection_new() {
856 if [ $# -gt 1 ]; then
857 error "Too many arguments
"
861 local connection="${1}"
862 if ! isset connection; then
863 error "Please provide a connection name
"
867 # Check for duplicates
868 if ipsec_connection_exists "${connection}"; then
869 error "The VPN IPsec connection
${connection} already exists
"
873 # Check if the name of the connection is valid
874 if ipsec_connection_check_name "${connection}"; then
875 error "'${connection}' contains illegal characters
"
879 log DEBUG "Creating VPN IPsec connection
${connection}"
881 if ! mkdir -p "${NETWORK_IPSEC_CONNS_DIR}/${connection}"; then
882 log ERROR "Could not create config directory
for ${connection}"
886 local ${IPSEC_CONNECTION_CONFIG_SETTINGS}
888 AUTH_MODE=${IPSEC_DEFAULT_AUTH_MODE}
889 DPD_ACTION=${IPSEC_DEFAULT_DPD_ACTION}
890 DPD_DELAY=${IPSEC_DEFAULT_DPD_DELAY}
891 DPD_TIMEOUT=${IPSEC_DEFAULT_DPD_TIMEOUT}
892 MODE=${IPSEC_DEFAULT_MODE}
893 START_ACTION=${IPSEC_DEFAULT_START_ACTION}
895 INACTIVITY_TIMEOUT=${IPSEC_DEFAULT_INACTIVITY_TIMEOUT}
896 SECURITY_POLICY=${IPSEC_DEFAULT_SECURITY_POLICY}
898 if ! ipsec_connection_write_config "${connection}"; then
899 log ERROR "Could not
write new config
file"
904 # Function that deletes based on the passed parameters one ore more vpn security policies
905 ipsec_connection_destroy() {
907 for connection in $@; do
908 if ! ipsec_connection_exists "${connection}"; then
909 log ERROR "The VPN IPsec connection
${connection} does not exist.
"
913 log DEBUG "Deleting VPN IPsec connection
${connection}"
914 if ! rm -rf "${NETWORK_IPSEC_CONNS_DIR}/${connection}"; then
915 log ERROR "Deleting the VPN IPsec connection
${connection} was not sucessful
"
921 # List all ipsec connections
922 ipsec_list_connections() {
924 for connection in ${NETWORK_IPSEC_CONNS_DIR}/*; do
925 [ -d ${connection} ] || continue
926 basename ${connection}
930 ipsec_connection_to_strongswan() {
931 local connection="${1}"
933 # Read the config settings
934 local ${IPSEC_CONNECTION_CONFIG_SETTINGS}
935 if ! ipsec_connection_read_config "${connection}"; then
936 error "Could not
read the connection
${connection}"
940 local path="${NETWORK_IPSEC_SWANCTL_CONNECTIONS_DIR}/${connection}.conf
"
943 # Write the connection section
944 _ipsec_connection_to_strongswan_connection "${connection}"
946 # Write the secrets section
947 _ipsec_connection_to_strongswan_secrets "${connection}"
952 _ipsec_connection_to_strongswan_connection() {
953 local connection="${1}"
955 # Read the security policy
956 local ${VPN_SECURITY_POLICIES_CONFIG_SETTINGS}
957 if ! vpn_security_policies_read_config "${SECURITY_POLICY}"; then
961 print_indent 0 "connections
{"
962 print_indent 1 "${connection} {"
965 print_indent 2 "# IKE Version"
966 case "${KEY_EXCHANGE^^}" in
968 print_indent
2 "version = 1"
971 # Fall back to IKEv2 for any random values
973 print_indent
2 "version = 2"
979 print_indent
2 "# Local Address"
980 if isset LOCAL_ADDRESS
; then
981 print_indent
2 "local_addrs = ${LOCAL_ADDRESS}"
983 print_indent
2 "local_addrs = %any"
988 print_indent
2 "# Remote Address"
990 print_indent
2 "remote_addrs = ${PEER}"
992 print_indent
2 "remote_addrs = %any"
997 print_indent
2 "# IKE Proposals"
998 print_indent
2 "proposals = $(vpn_security_policies_make_ah_proposal ${SECURITY_POLICY})"
1002 if isset DPD_DELAY
&& isinteger DPD_DELAY
&& [ ${DPD_DELAY} -gt 0 ]; then
1003 print_indent
2 "# Dead Peer Detection"
1005 print_indent
2 "dpd_action = ${DPD_ACTION}"
1006 print_indent
2 "dpd_delay = ${DPD_DELAY}"
1008 if isset DPD_TIMEOUT
; then
1009 print_indent
2 "dpd_timeout = ${DPD_TIMEOUT}"
1016 print_indent
2 "# Fragmentation"
1017 print_indent
2 "fragmentation = yes"
1021 print_indent
2 "local {"
1024 if isset LOCAL_ID
; then
1025 print_indent
3 "id = ${LOCAL_ID}"
1029 case "${AUTH_MODE}" in
1031 print_indent
3 "auth = psk"
1039 print_indent
2 "remote {"
1042 if isset REMOTE_ID
; then
1043 print_indent
3 "id = ${REMOTE_ID}"
1047 case "${AUTH_MODE}" in
1049 print_indent
3 "auth = psk"
1058 print_indent
2 "children {"
1059 print_indent
3 "${connection} {"
1061 print_indent
4 "# ESP Proposals"
1062 print_indent
4 "esp_proposals = $(vpn_security_policies_make_esp_proposal ${SECURITY_POLICY})"
1068 if isset LOCAL_PREFIX
; then
1069 print_indent
4 "local_ts = $(list_join LOCAL_PREFIX ,)"
1071 print_indent
4 "local_ts = dynamic"
1075 if isset REMOTE_PREFIX
; then
1076 print_indent
4 "remote_ts = $(list_join REMOTE_PREFIX ,)"
1078 print_indent
4 "remote_ts = dynamic"
1083 if isset LIFETIME
; then
1084 print_indent
4 "# Rekey Time"
1085 print_indent
4 "rekey_time = ${LIFETIME}"
1090 print_indent
4 "updown = ${NETWORK_HELPERS_DIR}/ipsec-updown"
1094 print_indent
4 "# Mode"
1097 print_indent
4 "mode = transport"
1100 print_indent
4 "mode = tunnel"
1106 print_indent
4 "# Compression"
1107 if enabled COMPRESSION
; then
1108 print_indent
4 "ipcomp = yes"
1110 print_indent
4 "ipcomp = no"
1114 # Inactivity Timeout
1115 if isset INACTIVITY_TIMEOUT
; then
1116 print_indent
4 "# Inactivity Timeout"
1117 print_indent
4 "inactivity = ${INACTIVITY_TIMEOUT}"
1122 print_indent
4 "# Start Action"
1123 case "${START_ACTION}" in
1125 print_indent
4 "start_action = trap"
1126 print_indent
4 "close_action = trap"
1129 print_indent
4 "start_action = none"
1130 print_indent
4 "close_action = none"
1133 print_indent
4 "start_action = start"
1134 print_indent
4 "close_action = start"
1148 _ipsec_connection_to_strongswan_secrets
() {
1149 local connection
="${1}"
1151 print_indent
0 "secrets {"
1153 case "${AUTH_MODE}" in
1155 print_indent
1 "ike {"
1158 print_indent
2 "secret = ${PSK}"
1161 if isset REMOTE_ID
; then
1162 print_indent
2 "id = ${REMOTE_ID}"