2 # IPsec startup and shutdown script
3 # Copyright (C) 1998, 1999, 2001 Henry Spencer.
4 # Copyright (C) 2002 Michael Richardson <mcr@freeswan.org>
6 # This program is free software; you can redistribute it and/or modify it
7 # under the terms of the GNU General Public License as published by the
8 # Free Software Foundation; either version 2 of the License, or (at your
9 # option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 # This program is distributed in the hope that it will be useful, but
12 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 # RCSID $Id: setup.in,v 1.122.6.3 2006/10/26 23:54:32 paul Exp $
18 # ipsec init.d script for starting and stopping
19 # the IPsec security subsystem (KLIPS and Pluto).
21 # This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec)
22 # and is also accessible as "ipsec setup" (the preferred route for human
25 # The startup and shutdown times are a difficult compromise (in particular,
26 # it is almost impossible to reconcile them with the insanely early/late
27 # times of NFS filesystem startup/shutdown). Startup is after startup of
28 # syslog and pcmcia support; shutdown is just before shutdown of syslog.
30 # chkconfig: 2345 47 76
31 # description: IPsec provides encrypted and authenticated communications; \
32 # KLIPS is the kernel half of it, Pluto is the user-level management daemon.
34 me
='ipsec setup' # for messages
36 # where the private directory and the config files are
37 IPSEC_EXECDIR
="${IPSEC_EXECDIR-/usr/libexec/ipsec}"
38 IPSEC_LIBDIR
="${IPSEC_LIBDIR-/usr/lib/ipsec}"
39 IPSEC_SBINDIR
="${IPSEC_SBINDIR-/usr/sbin}"
40 IPSEC_CONFS
="${IPSEC_CONFS-/etc}"
42 if test " $IPSEC_DIR" = " " # if we were not called by the ipsec command
44 # we must establish a suitable PATH ourselves
45 PATH
="${IPSEC_SBINDIR}":/sbin
:/usr
/sbin
:/usr
/local
/bin
:/bin
:/usr
/bin
48 IPSEC_DIR
="$IPSEC_LIBDIR"
49 export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
52 # Check that the ipsec command is available.
54 for dir
in `echo $PATH | tr ':' ' '`
56 if test -f $dir/ipsec
-a -x $dir/ipsec
59 break # NOTE BREAK OUT
64 echo "cannot find ipsec command -- \`$1' aborted" |
65 logger
-s -p daemon.error
-t ipsec_setup
71 export IPSEC_setupflags
79 --showonly|
--show) IPSEC_setupflags
="$1" ;;
80 --config) config
="--config $2" ; shift ;;
87 # Pick up IPsec configuration (until we have done this, successfully, we
88 # do not know where errors should go, hence the explicit "daemon.error"s.)
89 # Note the "--export", which exports the variables created.
90 eval `ipsec _confread $config --optional --varprefix IPSEC --export --type config setup`
92 if test " $IPSEC_confreadstatus" != " "
95 stop|
--stop|_autostop
)
96 echo "$IPSEC_confreadstatus -- \`$1' may not work" |
97 logger
-s -p daemon.error
-t ipsec_setup
;;
99 *) echo "$IPSEC_confreadstatus -- \`$1' aborted" |
100 logger
-s -p daemon.error
-t ipsec_setup
;
105 IPSEC_confreadsection
=${IPSEC_confreadsection:-setup}
106 export IPSEC_confreadsection
108 IPSECsyslog
=${IPSECsyslog-daemon.error}
114 mkdir
-p /var
/run
/pluto
119 start|
--start|stop|
--stop|_autostop|_autostart
)
120 if test " `id -u`" != " 0"
122 echo "permission denied (must be superuser)" |
123 logger
-s -p $IPSECsyslog -t ipsec_setup
2>&1
126 tmp
=/var
/run
/pluto
/ipsec_setup.st
127 outtmp
=/var
/run
/pluto
/ipsec_setup.out
138 if [ -f ${outtmp} ]; then
139 cat ${outtmp} | logger
-s -p $IPSECsyslog -t ipsec_setup
2>&1
145 restart|
--restart|force-reload
)
146 $0 $IPSEC_setupflags stop
147 $0 $IPSEC_setupflags start
150 _autorestart
) # for internal use only
151 $0 $IPSEC_setupflags _autostop
152 $0 $IPSEC_setupflags _autostart
161 echo "$me $IPSEC_VERSION"
166 echo "Usage: $me [ --showonly ] {--start|--stop|--restart}"
172 echo "Usage: $me [ --showonly ] {--start|--stop|--restart}"