/*
This module is responsible for start stop of the vpn system.
-
+
1) it allows AH & ESP to get in from interface where a vpn is mounted
The NAT traversal is used on the udp 4500 port.
2) it starts the ipsec daemon
The RED interface is a problem because it can be up or down a startup.
- Then, the state change and it must not affect other VPN mounted on
+ Then, the state change and it must not affect other VPN mounted on
other interface.
Unfortunatly, openswan 1 cannot do that correctly. It cannot use an
interface without restarting everything.
/*
return values from the vpn config file or false if not 'on'
*/
-int decode_line (char *s,
+int decode_line (char *s,
char **key,
char **name,
char **type
// check other syntax
if (! *name)
return 0;
-
+
if (strspn(*name, LETTERS_NUMBERS) != strlen(*name)) {
fprintf(stderr, "Bad connection name: %s\n", *name);
return 0;
char command[STRING_SIZE];
// Bring down the connection (if established).
- snprintf(command, STRING_SIZE - 1,
+ snprintf(command, STRING_SIZE - 1,
"/usr/sbin/ipsec down %s >/dev/null", name);
safe_system(command);
// Reload the IPsec firewall policy
safe_system("/usr/lib/firewall/ipsec-policy >/dev/null");
+ // Create or destroy interfaces
+ safe_system("/usr/local/bin/ipsec-interfaces >/dev/null");
+
// Reload the configuration into the daemon (#10339).
ipsec_reload();
*/
char command[STRING_SIZE];
+ // Reload, so the connection is dropped.
+ ipsec_reload();
+
// Bring down the connection.
- snprintf(command, STRING_SIZE - 1,
+ snprintf(command, STRING_SIZE - 1,
"/usr/sbin/ipsec down %s >/dev/null", name);
safe_system(command);
- // Reload, so the connection is dropped.
- ipsec_reload();
-
// Reload the IPsec firewall policy
safe_system("/usr/lib/firewall/ipsec-policy >/dev/null");
+
+ // Create or destroy interfaces
+ safe_system("/usr/local/bin/ipsec-interfaces >/dev/null");
}
int main(int argc, char *argv[]) {
struct keyvalue *kv = NULL;
-
+
if (argc < 2) {
usage();
exit(1);
if (strcmp(argv[1], "D") == 0) {
safe_system("/usr/sbin/ipsec stop >/dev/null 2>&1");
safe_system("/usr/lib/firewall/ipsec-policy >/dev/null");
+ safe_system("/usr/local/bin/ipsec-interfaces >/dev/null");
exit(0);
}
}
// start the system
if ((argc == 2) && strcmp(argv[1], "S") == 0) {
safe_system("/usr/lib/firewall/ipsec-policy >/dev/null");
+ safe_system("/usr/local/bin/ipsec-interfaces >/dev/null");
safe_system("/usr/sbin/ipsec restart >/dev/null");
exit(0);
}