// sprintf(str, "/sbin/iptables -A " phystable " -p 51 -i %s -j ACCEPT", interface);
// safe_system(str);
// IKE
+
+ sprintf(str, "/sbin/iptables -D IPSECINPUT -p udp -i %s --sport 500 --dport 500 -j ACCEPT >/dev/null 2>&1", interface);
+ safe_system(str);
sprintf(str, "/sbin/iptables -A IPSECINPUT -p udp -i %s --sport 500 --dport 500 -j ACCEPT", interface);
safe_system(str);
if (! nat_traversal_port)
return;
+ sprintf(str, "/sbin/iptables -D IPSECINPUT -p udp -i %s --dport %i -j ACCEPT >/dev/null 2>&1", interface, nat_traversal_port);
+ safe_system(str);
sprintf(str, "/sbin/iptables -A IPSECINPUT -p udp -i %s --dport %i -j ACCEPT", interface, nat_traversal_port);
safe_system(str);
}
issue ipsec commmands to turn on connection 'name'
*/
void turn_connection_on (char *name, char *type) {
- char command[STRING_SIZE];
-
- safe_system("/usr/sbin/ipsec whack --rereadall >/dev/null");
- memset(command, 0, STRING_SIZE);
- snprintf(command, STRING_SIZE - 1,
- "/usr/sbin/ipsec down %s >/dev/null", name);
- safe_system(command);
- memset(command, 0, STRING_SIZE);
- snprintf(command, STRING_SIZE - 1,
- "/usr/sbin/ipsec up %s >/dev/null", name);
- safe_system(command);
+/*
+ if you find a way to start a single connection without changing all add it
+ here. Change also vpn-watch.
+*/
+ safe_system("/etc/rc.d/init.d/ipsec restart >/dev/null");
}
/*
issue ipsec commmands to turn off connection 'name'
char command[STRING_SIZE];
memset(command, 0, STRING_SIZE);
snprintf(command, STRING_SIZE - 1,
- "/usr/sbin/ipsec down %s >/dev/null", name);
+ "/usr/sbin/ipsec whack --delete --name %s >/dev/null", name);
safe_system(command);
+ safe_system("/usr/sbin/ipsec whack --rereadall >/dev/null");
}
FILE *file = NULL;
+
+ if (strcmp(argv[1], "I") == 0) {
+ safe_system("/usr/sbin/ipsec whack --status");
+ safe_system("/usr/sbin/ipsec stroke status");
+ exit(0);
+ }
+
+ if (strcmp(argv[1], "R") == 0) {
+ safe_system("/usr/sbin/ipsec whack --rereadall >/dev/null");
+ safe_system("/usr/sbin/ipsec stroke rereadall >/dev/null");
+ exit(0);
+ }
+
/* Get vpnwatch pid */
- if ( (argc == 2) && (file = fopen("/var/run/vpn-watch.pid", "r"))) {
- safe_system("kill -9 $(cat /var/run/vpn-watch.pid)");
- safe_system("unlink /var/run/vpn-watch.pid");
- close(file);
- }
+
+ if ((argc == 2) && (file = fopen("/var/run/vpn-watch.pid", "r"))) {
+ safe_system("kill -9 $(cat /var/run/vpn-watch.pid)");
+ safe_system("unlink /var/run/vpn-watch.pid");
+ close(file);
+ }
/* FIXME: workaround for pclose() issue - still no real idea why
* this is happening */
/* handle operations that doesn't need start the ipsec system */
if (argc == 2) {
if (strcmp(argv[1], "D") == 0) {
- ipsec_norules();
/* Only shutdown pluto if it really is running */
/* Get pluto pid */
if (file = fopen("/var/run/pluto.pid", "r")) {
safe_system("/etc/rc.d/init.d/ipsec stop 2> /dev/null >/dev/null");
close(file);
}
- exit(0);
- }
-
- if (strcmp(argv[1], "R") == 0) {
- safe_system("/usr/sbin/ipsec whack --rereadall");
- exit(0);
- }
-
- if (strcmp(argv[1], "I") == 0) {
- safe_system("/usr/sbin/ipsec whack --status");
+ ipsec_norules();
exit(0);
}
}
- /* clear iptables vpn rules */
- ipsec_norules();
-
/* read vpn config */
kv=initkeyvalues();
if (!readkeyvalues(kv, CONFIG_ROOT "/vpn/settings"))
// start the system
if ((argc == 2) && strcmp(argv[1], "S") == 0) {
- safe_system("/etc/rc.d/init.d/ipsec restart >/dev/null");
- safe_system("/usr/local/bin/vpn-watch &");
+ safe_system("/etc/rc.d/init.d/ipsec restart >/dev/null");
+ safe_system("/usr/local/bin/vpn-watch &");
exit(0);
}
// it is a selective start or stop
// second param is only a number 'key'
if ((argc == 2) || strspn(argv[2], NUMBERS) != strlen(argv[2])) {
- ipsec_norules();
fprintf(stderr, "Bad arg\n");
usage();
exit(1);
// search the vpn pointed by 'key'
if (!(file = fopen(CONFIG_ROOT "/vpn/config", "r"))) {
- ipsec_norules();
fprintf(stderr, "Couldn't open vpn settings file");
exit(1);
}
if (strcmp(argv[1], "D") == 0)
turn_connection_off (name);
else {
- ipsec_norules();
fprintf(stderr, "Bad command\n");
exit(1);
}
projects / people / pmueller / ipfire-2.x.git / blobdiff