#include <sys/types.h>
#include <sys/stat.h>
#include <signal.h>
+
#include "setuid.h"
+#include "netutil.h"
/*
This module is responsible for start stop of the vpn system.
fprintf (stderr, "\t\tI : Print Statusinfo\n");
}
+static void ipsec_reload() {
+ /* Re-read all configuration files and secrets and
+ * reload the daemon (#10339).
+ */
+ safe_system("/usr/sbin/ipsec rereadall >/dev/null 2>&1");
+ safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
+}
+
/*
ACCEPT the ipsec protocol ah, esp & udp (for nat traversal) on the specified interface
*/
void open_physical (char *interface, int nat_traversal_port) {
char str[STRING_SIZE];
- // GRE ???
-// sprintf(str, "/sbin/iptables -A " phystable " -p 47 -i %s -j ACCEPT", interface);
-// safe_system(str);
- // ESP
-// sprintf(str, "/sbin/iptables -A " phystable " -p 50 -i %s -j ACCEPT", interface);
-// safe_system(str);
- // AH
-// sprintf(str, "/sbin/iptables -A " phystable " -p 51 -i %s -j ACCEPT", interface);
-// safe_system(str);
// IKE
-
sprintf(str, "/sbin/iptables -D IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT >/dev/null 2>&1", interface);
safe_system(str);
sprintf(str, "/sbin/iptables -A IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT", interface);
"/usr/sbin/ipsec down %s >/dev/null", name);
safe_system(command);
- // Reload the configuration into the daemon.
- safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
+ // Reload the configuration into the daemon (#10339).
+ ipsec_reload();
// Bring the connection up again.
snprintf(command, STRING_SIZE - 1,
safe_system(command);
// Reload, so the connection is dropped.
- safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
+ ipsec_reload();
}
int main(int argc, char *argv[]) {
}
if (strcmp(argv[1], "R") == 0) {
- safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
+ ipsec_reload();
exit(0);
}
projects / ipfire-2.x.git / blobdiff