]> git.ipfire.org Git - ipfire-2.x.git/blob - src/scripts/vpn-watch
projects / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Eine neue Version des vpn-watch von Sven nachgeschoben.
[ipfire-2.x.git] / src / scripts / vpn-watch
1 #!/bin/sh
2 # IPsec startup and shutdown script
3 # Copyright (C) 1998, 1999, 2001 Henry Spencer.
4 # Copyright (C) 2002 Michael Richardson <mcr@freeswan.org>
5 #
6 # This program is free software; you can redistribute it and/or modify it
7 # under the terms of the GNU General Public License as published by the
8 # Free Software Foundation; either version 2 of the License, or (at your
9 # option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 #
11 # This program is distributed in the hope that it will be useful, but
12 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 # for more details.
15 #
16 # RCSID $Id: setup.in,v 1.122.6.3 2006/10/26 23:54:32 paul Exp $
17 #
18 # ipsec init.d script for starting and stopping
19 # the IPsec security subsystem (KLIPS and Pluto).
20 #
21 # This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec)
22 # and is also accessible as "ipsec setup" (the preferred route for human
23 # invocation).
24 #
25 # The startup and shutdown times are a difficult compromise (in particular,
26 # it is almost impossible to reconcile them with the insanely early/late
27 # times of NFS filesystem startup/shutdown). Startup is after startup of
28 # syslog and pcmcia support; shutdown is just before shutdown of syslog.
29 #
30 # chkconfig: 2345 47 76
31 # description: IPsec provides encrypted and authenticated communications; \
32 # KLIPS is the kernel half of it, Pluto is the user-level management daemon.
33
34 me='ipsec setup' # for messages
35
36 # where the private directory and the config files are
37 IPSEC_EXECDIR="${IPSEC_EXECDIR-/usr/libexec/ipsec}"
38 IPSEC_LIBDIR="${IPSEC_LIBDIR-/usr/lib/ipsec}"
39 IPSEC_SBINDIR="${IPSEC_SBINDIR-/usr/sbin}"
40 IPSEC_CONFS="${IPSEC_CONFS-/etc}"
41
42 if test " $IPSEC_DIR" = " " # if we were not called by the ipsec command
43 then
44 # we must establish a suitable PATH ourselves
45 PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
46 export PATH
47
48 IPSEC_DIR="$IPSEC_LIBDIR"
49 export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
50 fi
51
52 # Check that the ipsec command is available.
53 found=
54 for dir in `echo $PATH | tr ':' ' '`
55 do
56 if test -f $dir/ipsec -a -x $dir/ipsec
57 then
58 found=yes
59 break # NOTE BREAK OUT
60 fi
61 done
62 if ! test "$found"
63 then
64 echo "cannot find ipsec command -- \`$1' aborted" |
65 logger -s -p daemon.error -t ipsec_setup
66 exit 1
67 fi
68
69 # accept a few flags
70
71 export IPSEC_setupflags
72 IPSEC_setupflags=""
73
74 config=""
75
76 for dummy
77 do
78 case "$1" in
79 --showonly|--show) IPSEC_setupflags="$1" ;;
80 --config) config="--config $2" ; shift ;;
81 *) break ;;
82 esac
83 shift
84 done
85
86
87 # Pick up IPsec configuration (until we have done this, successfully, we
88 # do not know where errors should go, hence the explicit "daemon.error"s.)
89 # Note the "--export", which exports the variables created.
90 eval `ipsec _confread $config --optional --varprefix IPSEC --export --type config setup`
91
92 if test " $IPSEC_confreadstatus" != " "
93 then
94 case $1 in
95 stop|--stop|_autostop)
96 echo "$IPSEC_confreadstatus -- \`$1' may not work" |
97 logger -s -p daemon.error -t ipsec_setup;;
98
99 *) echo "$IPSEC_confreadstatus -- \`$1' aborted" |
100 logger -s -p daemon.error -t ipsec_setup;
101 exit 1;;
102 esac
103 fi
104
105 IPSEC_confreadsection=${IPSEC_confreadsection:-setup}
106 export IPSEC_confreadsection
107
108 IPSECsyslog=${IPSECsyslog-daemon.error}
109 export IPSECsyslog
110
111 # misc setup
112 umask 022
113
114 mkdir -p /var/run/pluto
115
116
117 # do it
118 case "$1" in
119 start|--start|stop|--stop|_autostop|_autostart)
120 wanttodo=$1
121 if test " `id -u`" != " 0"
122 then
123 echo "permission denied (must be superuser)" |
124 logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
125 exit 1
126 fi
127 tmp=/var/run/pluto/ipsec_setup.st
128 outtmp=/var/run/pluto/ipsec_setup.out
129 (
130 ipsec _realsetup $1
131 echo "$?" >$tmp
132 ) > ${outtmp} 2>&1
133 st=$?
134 if test -f $tmp
135 then
136 st=`cat $tmp`
137 rm -f $tmp
138 fi
139 if [ -f ${outtmp} ]; then
140 cat ${outtmp} | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
141 rm -f ${outtmp}
142 fi
143 if [ "$wanttodo" = "start" -o "$wanttodo" = "--start" -o "$wanttodo" = "_autostart" ]; then
144 sleep 20 && chown root:nobody /var/run/pluto -R && chmod 770 /var/run/pluto -R && ln -f /var/run/pluto/pluto.pid /var/run/pluto.pid 2>&1 &
145 fi
146 exit $st
147 ;;
148
149 restart|--restart|force-reload)
150 $0 $IPSEC_setupflags stop
151 $0 $IPSEC_setupflags start
152 ;;
153
154 _autorestart) # for internal use only
155 $0 $IPSEC_setupflags _autostop
156 $0 $IPSEC_setupflags _autostart
157 ;;
158
159 status|--status)
160 ipsec _realsetup $1
161 exit
162 ;;
163
164 --version)
165 echo "$me $IPSEC_VERSION"
166 exit 0
167 ;;
168
169 --help)
170 echo "Usage: $me [ --showonly ] {--start|--stop|--restart}"
171 echo " $me --status"
172 exit 0
173 ;;
174
175 *)
176 echo "Usage: $me [ --showonly ] {--start|--stop|--restart}"
177 echo " $me --status"
178 exit 2
179 esac
180
181 exit 0
IPFire 2.x development tree