2006-04-28 07:14:48 +00:00
|
|
|
#! /bin/sh
|
|
|
|
# prefix command to run stuff from our programs directory
|
|
|
|
# Copyright (C) 1998-2002 Henry Spencer.
|
|
|
|
#
|
|
|
|
# This program is free software; you can redistribute it and/or modify it
|
|
|
|
# under the terms of the GNU General Public License as published by the
|
|
|
|
# Free Software Foundation; either version 2 of the License, or (at your
|
|
|
|
# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
|
|
|
#
|
|
|
|
# This program is distributed in the hope that it will be useful, but
|
|
|
|
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
|
|
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
|
|
# for more details.
|
|
|
|
#
|
|
|
|
# RCSID $Id: ipsec.in,v 1.13 2006/03/09 20:09:33 as Exp $
|
|
|
|
|
|
|
|
IPSEC_NAME=strongSwan
|
|
|
|
|
|
|
|
# where the private directory and the config files are
|
|
|
|
IPSEC_EXECDIR="${IPSEC_EXECDIR-@IPSEC_EXECDIR@}"
|
|
|
|
IPSEC_LIBDIR="${IPSEC_LIBDIR-@IPSEC_LIBDIR@}"
|
|
|
|
IPSEC_SBINDIR="${IPSEC_SBINDIR-@IPSEC_SBINDIR@}"
|
|
|
|
IPSEC_CONFS="${IPSEC_CONFS-@IPSEC_CONFS@}"
|
|
|
|
|
|
|
|
IPSEC_DIR="$IPSEC_LIBDIR"
|
|
|
|
export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
|
|
|
|
|
|
|
|
IPSEC_STARTER_PID="/var/run/starter.pid"
|
2006-04-28 07:16:42 +00:00
|
|
|
IPSEC_CHARON_PID="/var/run/charon.pid"
|
2006-04-28 07:14:48 +00:00
|
|
|
|
|
|
|
# standardize PATH, and export it for everything else's benefit
|
|
|
|
PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
|
|
|
|
export PATH
|
|
|
|
|
|
|
|
# things not to be listed in --help command list
|
|
|
|
DONTMENTION='^(ipsec|_.*|.*\.old|.*~)$'
|
|
|
|
|
|
|
|
# version numbering (details filled in by build)
|
|
|
|
# Possibly should call a C program to invoke the version_code() function
|
|
|
|
# instead, but for performance's sake, we inline it here (and only here).
|
|
|
|
version="xxx"
|
|
|
|
|
|
|
|
# export the version information
|
|
|
|
IPSEC_VERSION="$version"
|
|
|
|
export IPSEC_VERSION
|
|
|
|
|
|
|
|
# function for the funky user/kernel version stuff
|
|
|
|
fixversion() {
|
|
|
|
if test -f /proc/net/ipsec_version
|
|
|
|
then
|
|
|
|
stack=" (KLIPS)"
|
|
|
|
kv="`awk '{print $NF}' /proc/net/ipsec_version`"
|
|
|
|
else
|
|
|
|
if test -f /proc/net/pfkey
|
|
|
|
then
|
|
|
|
stack=" (native)"
|
|
|
|
kv="`uname -r`"
|
|
|
|
else
|
|
|
|
kv="(no kernel code presently loaded)"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
if test " $kv" != " $version"
|
|
|
|
then
|
|
|
|
version="U$version/K$kv"
|
|
|
|
fi
|
|
|
|
version="$version$stack"
|
|
|
|
}
|
|
|
|
|
|
|
|
case "$1" in
|
|
|
|
'')
|
|
|
|
echo "Usage: ipsec command argument ..."
|
|
|
|
echo "Use --help for list of commands, or see ipsec(8) manual page"
|
|
|
|
echo "or the $IPSEC_NAME documentation for names of the common ones."
|
|
|
|
echo "Most have their own manual pages, e.g. ipsec_auto(8)."
|
|
|
|
echo "See <http://www.strongswan.org> for more general info."
|
|
|
|
exit 0
|
|
|
|
;;
|
|
|
|
--help)
|
|
|
|
echo "Usage: ipsec command argument ..."
|
|
|
|
echo "where command is one of:"
|
|
|
|
echo " start|restart arguments..."
|
|
|
|
echo " update|reload|stop"
|
|
|
|
echo " up|down|route|unroute <connectionname>"
|
|
|
|
echo " status|statusall [<connectionname>]"
|
|
|
|
echo " ready"
|
|
|
|
echo " listalgs|listpubkeys|listcerts [--utc]"
|
|
|
|
echo " listcacerts|listaacerts|listocspcerts [--utc]"
|
|
|
|
echo " listacerts|listgroups|listcainfos [--utc]"
|
|
|
|
echo " listcrls|listocsp|listcards|listall [--utc]"
|
|
|
|
echo " rereadsecrets|rereadgroups"
|
|
|
|
echo " rereadcacerts|rereadaacerts|rereadocspcerts"
|
|
|
|
echo " rereadacerts|rereadcrls|rereadall"
|
|
|
|
echo " purgeocsp"
|
|
|
|
echo " scencrypt|scdecrypt <value> [--inbase <base>] [--outbase <base>] [--keyid <id>]"
|
|
|
|
echo " barf"
|
|
|
|
echo " openac"
|
|
|
|
echo " pluto"
|
|
|
|
echo " scepclient"
|
|
|
|
echo " secrets"
|
|
|
|
echo " starter"
|
|
|
|
echo " version"
|
|
|
|
echo " whack"
|
|
|
|
echo
|
|
|
|
echo "Some of these functions have their own manual pages, e.g. ipsec_scepclient(8)."
|
|
|
|
exit 0
|
|
|
|
;;
|
|
|
|
--versioncode)
|
|
|
|
fixversion
|
|
|
|
echo "$version"
|
|
|
|
exit 0
|
|
|
|
;;
|
|
|
|
--copyright)
|
|
|
|
set _copyright
|
|
|
|
# and fall through, invoking "ipsec _copyright"
|
|
|
|
;;
|
|
|
|
--directory)
|
|
|
|
echo "$IPSEC_DIR"
|
|
|
|
exit 0
|
|
|
|
;;
|
|
|
|
--confdir)
|
|
|
|
echo "$IPSEC_CONFS"
|
|
|
|
exit 0
|
|
|
|
;;
|
|
|
|
down)
|
|
|
|
shift
|
|
|
|
$IPSEC_EXECDIR/whack --name "$1" --terminate
|
2006-04-28 07:16:42 +00:00
|
|
|
if test -e $IPSEC_CHARON_PID
|
|
|
|
then
|
|
|
|
$IPSEC_EXECDIR/stroke down "$1"
|
|
|
|
fi
|
2006-04-28 07:14:48 +00:00
|
|
|
exit 0
|
|
|
|
;;
|
|
|
|
listalgs|listpubkeys|listcerts|listcacerts|\
|
|
|
|
listaacerts|listocspcerts|listacerts|listgroups|\
|
|
|
|
listcainfos|listcrls|listocsp|listcards|\
|
|
|
|
listall|purgeocsp|rereadsecrets|rereadgroups|\
|
|
|
|
rereadcacerts|rereadaacerts|rereadocspcerts|\
|
|
|
|
rereadacerts|rereadcrls|rereadall)
|
|
|
|
op="$1"
|
|
|
|
shift
|
|
|
|
$IPSEC_EXECDIR/whack "$@" "--$op"
|
2006-04-28 07:16:42 +00:00
|
|
|
if test -e $IPSEC_CHARON_PID
|
|
|
|
then
|
|
|
|
$IPSEC_EXECDIR/stroke "$op"
|
|
|
|
fi
|
2006-04-28 07:14:48 +00:00
|
|
|
exit 0
|
|
|
|
;;
|
|
|
|
ready)
|
|
|
|
shift
|
|
|
|
$IPSEC_EXECDIR/whack --listen
|
|
|
|
exit 0
|
|
|
|
;;
|
|
|
|
reload)
|
|
|
|
if test -e $IPSEC_STARTER_PID
|
|
|
|
then
|
|
|
|
echo "Reloading strongSwan IPsec configuration..." >&2
|
|
|
|
kill -s USR1 `cat $IPSEC_STARTER_PID`
|
|
|
|
else
|
|
|
|
echo "ipsec starter is not running" >&2
|
|
|
|
fi
|
|
|
|
exit 0
|
|
|
|
;;
|
|
|
|
restart)
|
|
|
|
$IPSEC_SBINDIR/ipsec stop
|
|
|
|
sleep 2
|
|
|
|
shift
|
|
|
|
$IPSEC_SBINDIR/ipsec start "$@"
|
|
|
|
exit 0
|
|
|
|
;;
|
|
|
|
route|unroute)
|
|
|
|
op="$1"
|
|
|
|
shift
|
|
|
|
$IPSEC_EXECDIR/whack --name "$1" "--$op"
|
|
|
|
exit 0
|
|
|
|
;;
|
|
|
|
scencrypt|scdecrypt)
|
|
|
|
op="$1"
|
|
|
|
shift
|
|
|
|
$IPSEC_EXECDIR/whack "--$op" "$@"
|
|
|
|
exit 0
|
|
|
|
;;
|
2006-04-28 08:18:47 +00:00
|
|
|
secrets)
|
|
|
|
$IPSEC_EXECDIR/whack --rereadsecrets
|
|
|
|
exit 0
|
|
|
|
;;
|
2006-04-28 07:14:48 +00:00
|
|
|
start)
|
|
|
|
shift
|
|
|
|
exec $IPSEC_EXECDIR/starter "$@"
|
|
|
|
;;
|
|
|
|
status|statusall)
|
|
|
|
op="$1"
|
|
|
|
shift
|
|
|
|
if test $# -eq 0
|
|
|
|
then
|
|
|
|
$IPSEC_EXECDIR/whack "--$op"
|
2006-04-28 07:16:42 +00:00
|
|
|
if test -e $IPSEC_CHARON_PID
|
|
|
|
then
|
|
|
|
$IPSEC_EXECDIR/stroke "$op"
|
|
|
|
fi
|
2006-04-28 07:14:48 +00:00
|
|
|
else
|
|
|
|
$IPSEC_EXECDIR/whack --name "$1" "--$op"
|
2006-04-28 07:16:42 +00:00
|
|
|
if test -e $IPSEC_CHARON_PID
|
|
|
|
then
|
|
|
|
$IPSEC_EXECDIR/stroke "$op" "$1"
|
|
|
|
fi
|
2006-04-28 07:14:48 +00:00
|
|
|
fi
|
|
|
|
exit 0
|
|
|
|
;;
|
|
|
|
stop)
|
|
|
|
if test -e $IPSEC_STARTER_PID
|
|
|
|
then
|
|
|
|
echo "Stopping strongSwan IPsec..." >&2
|
|
|
|
kill `cat $IPSEC_STARTER_PID`
|
|
|
|
else
|
|
|
|
echo "ipsec starter is not running" >&2
|
|
|
|
fi
|
|
|
|
exit 0
|
|
|
|
;;
|
|
|
|
up)
|
|
|
|
shift
|
|
|
|
$IPSEC_EXECDIR/whack --name "$1" --initiate
|
2006-04-28 07:16:42 +00:00
|
|
|
if test -e $IPSEC_CHARON_PID
|
|
|
|
then
|
|
|
|
$IPSEC_EXECDIR/stroke up "$1"
|
|
|
|
fi
|
2006-04-28 07:14:48 +00:00
|
|
|
exit 0
|
|
|
|
;;
|
|
|
|
update)
|
|
|
|
if test -e $IPSEC_STARTER_PID
|
|
|
|
then
|
|
|
|
echo "Updating strongSwan IPsec configuration..." >&2
|
|
|
|
kill -s HUP `cat $IPSEC_STARTER_PID`
|
|
|
|
else
|
|
|
|
echo "ipsec starter is not running" >&2
|
|
|
|
fi
|
|
|
|
exit 0
|
|
|
|
;;
|
|
|
|
version|--version)
|
|
|
|
fixversion
|
|
|
|
echo "Linux $IPSEC_NAME $version"
|
|
|
|
echo "See \`ipsec --copyright' for copyright information."
|
|
|
|
if [ -f $IPSEC_LIBDIR/distro.txt ]
|
|
|
|
then
|
|
|
|
cat $IPSEC_LIBDIR/distro.txt
|
|
|
|
fi
|
|
|
|
exit 0
|
|
|
|
;;
|
|
|
|
--*)
|
|
|
|
echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
|
|
|
|
exit 1
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
|
|
|
|
cmd="$1"
|
|
|
|
shift
|
|
|
|
|
|
|
|
path="$IPSEC_EXECDIR/$cmd"
|
|
|
|
|
|
|
|
if test ! -x "$path"
|
|
|
|
then
|
|
|
|
path="$IPSEC_LIBDIR/$cmd"
|
|
|
|
if test ! -x "$path"
|
|
|
|
then
|
|
|
|
echo "$0: unknown IPsec command \`$cmd' (\`ipsec --help' for list)" >&2
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
exec $path "$@"
|