2 # prefix command to run stuff from our programs directory
3 # Copyright (C) 1998-2002 Henry Spencer.
4 # Copyright (C) 2006 Andreas Steffen
5 # Copyright (C) 2006 Martin Willi
7 # This program is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by the
9 # Free Software Foundation; either version 2 of the License, or (at your
10 # option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 # This program is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 # define a minimum PATH environment in case it is not set
18 PATH
="/sbin:/bin:/usr/sbin:/usr/bin:@IPSEC_SBINDIR@"
21 # name and version of the ipsec implementation
22 IPSEC_NAME
="@IPSEC_NAME@"
23 IPSEC_VERSION
="U@IPSEC_VERSION@/K`uname -r`"
25 # where the private directory and the config files are
26 IPSEC_DIR
="@IPSEC_DIR@"
27 IPSEC_SBINDIR
="@IPSEC_SBINDIR@"
28 IPSEC_CONFDIR
="@IPSEC_CONFDIR@"
29 IPSEC_PIDDIR
="@IPSEC_PIDDIR@"
31 IPSEC_STARTER_PID
="${IPSEC_PIDDIR}/starter.pid"
32 IPSEC_PLUTO_PID
="${IPSEC_PIDDIR}/pluto.pid"
33 IPSEC_CHARON_PID
="${IPSEC_PIDDIR}/charon.pid"
35 IPSEC_WHACK
="${IPSEC_DIR}/whack"
36 IPSEC_STROKE
="${IPSEC_DIR}/stroke"
37 IPSEC_STARTER
="${IPSEC_DIR}/starter"
39 export IPSEC_DIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_PLUTO_PID IPSEC_CHARON_PID
41 IPSEC_DISTRO
="Institute for Internet Technologies and Applications\nUniversity of Applied Sciences Rapperswil, Switzerland"
45 echo "Usage: ipsec command argument ..."
46 echo "Use --help for list of commands, or see ipsec(8) manual page"
47 echo "or the $IPSEC_NAME documentation for names of the common ones."
48 echo "Most have their own manual pages, e.g. ipsec_auto(8)."
49 echo "See <http://www.strongswan.org> for more general info."
53 echo "Usage: ipsec command argument ..."
54 echo "where command is one of:"
55 echo " start|restart arguments..."
56 echo " update|reload|stop"
57 echo " up|down|route|unroute <connectionname>"
58 echo " status|statusall [<connectionname>]"
60 echo " listalgs|listpubkeys|listcerts [--utc]"
61 echo " listcacerts|listaacerts|listocspcerts [--utc]"
62 echo " listacerts|listgroups|listcainfos [--utc]"
63 echo " listcrls|listocsp|listcards|listall [--utc]"
64 echo " leases [<poolname> [<address>]]"
65 echo " rereadsecrets|rereadgroups"
66 echo " rereadcacerts|rereadaacerts|rereadocspcerts"
67 echo " rereadacerts|rereadcrls|rereadall"
68 echo " purgeocsp|purgecrl|purgex509|purgeike"
69 echo " scencrypt|scdecrypt <value> [--inbase <base>] [--outbase <base>] [--keyid <id>]"
79 echo "Some of these functions have their own manual pages, e.g. ipsec_scepclient(8)."
94 copyright|
--copyright)
96 # and fall through, invoking "ipsec _copyright"
102 echo "Usage: ipsec down <connection name>"
106 if [ -e $IPSEC_PLUTO_PID ]
108 $IPSEC_WHACK --name "$1" --terminate
111 if [ -e $IPSEC_CHARON_PID ]
113 $IPSEC_STROKE down
"$1"
122 echo "Usage: ipsec down-srcip <start> [<end>]"
126 if [ -e $IPSEC_CHARON_PID ]
128 $IPSEC_STROKE down-srcip $
*
133 listcards|rereadgroups
)
136 if [ -e $IPSEC_PLUTO_PID ]
138 $IPSEC_WHACK "$@" "--$op"
141 if [ -e $IPSEC_CHARON_PID ]
152 if [ -e $IPSEC_PLUTO_PID ]
155 0) $IPSEC_WHACK "--$op" ;;
156 1) $IPSEC_WHACK "--$op" --name "$1" ;;
157 *) $IPSEC_WHACK "--$op" --name "$1" --lease-addr "$2" ;;
161 if [ -e $IPSEC_CHARON_PID ]
164 0) $IPSEC_STROKE "$op" ;;
165 1) $IPSEC_STROKE "$op" "$1" ;;
166 *) $IPSEC_STROKE "$op" "$1" "$2" ;;
172 listalgs|\listpubkeys|\
173 listcerts|listcacerts|listaacerts|\
174 listacerts|listgroups|listocspcerts|\
175 listcainfos|listcrls|listocsp|listall|\
176 rereadsecrets|rereadcacerts|rereadaacerts|\
177 rereadacerts|rereadocspcerts|rereadcrls|\
182 if [ -e $IPSEC_PLUTO_PID ]
184 $IPSEC_WHACK "$@" "--$op"
187 if [ -e $IPSEC_CHARON_PID ]
189 $IPSEC_STROKE "$op" "$@"
194 purgeike|purgecrl|purgex509
)
196 if [ -e $IPSEC_CHARON_PID ]
198 $IPSEC_STROKE purgeike
205 if [ -e $IPSEC_PLUTO_PID ]
207 $IPSEC_WHACK --listen
215 if [ -e $IPSEC_STARTER_PID ]
217 echo "Reloading strongSwan IPsec configuration..." >&2
218 kill -USR1 `cat $IPSEC_STARTER_PID` 2>/dev
/null
&& rc
=0
220 echo "Reloading strongSwan IPsec failed: starter is not running" >&2
225 $IPSEC_SBINDIR/ipsec stop
228 exec $IPSEC_SBINDIR/ipsec start
"$@"
236 echo "Usage: ipsec $op <connection name>"
239 if [ -e $IPSEC_PLUTO_PID ]
241 $IPSEC_WHACK --name "$1" "--$op"
244 if [ -e $IPSEC_CHARON_PID ]
246 $IPSEC_STROKE "$op" "$1"
254 if [ -e $IPSEC_PLUTO_PID ]
256 $IPSEC_WHACK "--$op" "$@"
264 if [ -e $IPSEC_PLUTO_PID ]
266 $IPSEC_WHACK --rereadsecrets
269 if [ -e $IPSEC_CHARON_PID ]
271 $IPSEC_STROKE rereadsecrets
278 if [ -d /var
/lock
/subsys
]; then
279 touch /var
/lock
/subsys
/ipsec
281 exec $IPSEC_STARTER "$@"
285 # Return value is slightly different for the status command:
286 # 0 - service up and running
287 # 1 - service dead, but /var/run/ pid file exists
288 # 2 - service dead, but /var/lock/ lock file exists
289 # 3 - service not running (unused)
290 # 4 - service status unknown :-(
291 # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
295 if [ -e $IPSEC_PLUTO_PID ]
299 if [ -e $IPSEC_CHARON_PID ]
304 if [ -e $IPSEC_PLUTO_PID ]
306 $IPSEC_WHACK --name "$1" "--$op"
308 if [ -e $IPSEC_CHARON_PID ]
310 $IPSEC_STROKE "$op" "$1"
313 if [ -e $IPSEC_STARTER_PID ]
315 kill -0 `cat $IPSEC_STARTER_PID` 2>/dev
/null
321 # stopping a not-running service is considered as success
322 if [ -e $IPSEC_STARTER_PID ]
324 echo "Stopping strongSwan IPsec..." >&2
325 spid
=`cat $IPSEC_STARTER_PID`
328 kill $spid 2>/dev
/null
330 while [ $loop -gt 0 ] ; do
331 kill -0 $spid 2>/dev
/null ||
break
337 kill -KILL $spid 2>/dev
/null
338 rm -f $IPSEC_STARTER_PID
342 echo "Stopping strongSwan IPsec failed: starter is not running" >&2
344 if [ -d /var
/lock
/subsys
]; then
345 rm -f /var
/lock
/subsys
/ipsec
353 echo "Usage: ipsec up <connection name>"
357 if [ -e $IPSEC_PLUTO_PID ]
359 $IPSEC_WHACK --name "$1" --initiate
362 if [ -e $IPSEC_CHARON_PID ]
364 $IPSEC_STROKE up
"$1"
370 if [ -e $IPSEC_STARTER_PID ]
372 echo "Updating strongSwan IPsec configuration..." >&2
373 kill -HUP `cat $IPSEC_STARTER_PID`
376 echo "Updating strongSwan IPsec failed: starter is not running" >&2
381 printf "Linux $IPSEC_NAME $IPSEC_VERSION\n"
382 printf "$IPSEC_DISTRO\n"
383 printf "See 'ipsec --copyright' for copyright information.\n"
387 echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
395 path
="$IPSEC_DIR/$cmd"
399 path
="$IPSEC_DIR/$cmd"
402 echo "$0: unknown IPsec command \`$cmd' (\`ipsec --help' for list)" >&2