diff options
author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2007-04-12 20:41:31 +0000 |
---|---|---|
committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2007-04-12 20:41:31 +0000 |
commit | 774a362e87feab25f1be16fbca08269ddc7121a4 (patch) | |
tree | cf71f4e7466468ac3edc2127125f333224a9acfb /src/ipsec | |
parent | c54a140a445bfe7aa66721f68bb0781f26add91c (diff) | |
download | vyos-strongswan-774a362e87feab25f1be16fbca08269ddc7121a4.tar.gz vyos-strongswan-774a362e87feab25f1be16fbca08269ddc7121a4.zip |
Major new upstream release, just ran svn-upgrade for now (and wrote some
debian/changelong entries).
Diffstat (limited to 'src/ipsec')
-rw-r--r-- | src/ipsec/Makefile.am | 16 | ||||
-rw-r--r-- | src/ipsec/Makefile.in | 434 | ||||
-rw-r--r-- | src/ipsec/ipsec.8 | 342 | ||||
-rwxr-xr-x | src/ipsec/ipsec.in | 294 |
4 files changed, 1086 insertions, 0 deletions
diff --git a/src/ipsec/Makefile.am b/src/ipsec/Makefile.am new file mode 100644 index 000000000..44964e041 --- /dev/null +++ b/src/ipsec/Makefile.am @@ -0,0 +1,16 @@ +sbin_SCRIPTS = ipsec +CLEANFILES = ipsec +dist_man8_MANS = ipsec.8 +EXTRA_DIST = ipsec.in + +ipsec : ipsec.in + sed \ + -e "s:@IPSEC_VERSION@:$(PACKAGE_VERSION):" \ + -e "s:@IPSEC_NAME@:$(PACKAGE_NAME):" \ + -e "s:@IPSEC_DISTRO@::" \ + -e "s:@IPSEC_DIR@:$(ipsecdir):" \ + -e "s:@IPSEC_SBINDIR@:$(sbindir):" \ + -e "s:@IPSEC_CONFDIR@:$(confdir):" \ + -e "s:@IPSEC_PIDDIR@:$(piddir):" \ + $< > $@ + chmod +x $@ diff --git a/src/ipsec/Makefile.in b/src/ipsec/Makefile.in new file mode 100644 index 000000000..eaf0e9d79 --- /dev/null +++ b/src/ipsec/Makefile.in @@ -0,0 +1,434 @@ +# Makefile.in generated by automake 1.9.6 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +top_builddir = ../.. +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +INSTALL = @INSTALL@ +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/ipsec +DIST_COMMON = $(dist_man8_MANS) $(srcdir)/Makefile.am \ + $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)" +sbinSCRIPT_INSTALL = $(INSTALL_SCRIPT) +SCRIPTS = $(sbin_SCRIPTS) +SOURCES = +DIST_SOURCES = +man8dir = $(mandir)/man8 +NROFF = nroff +MANS = $(dist_man8_MANS) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMDEP_FALSE = @AMDEP_FALSE@ +AMDEP_TRUE = @AMDEP_TRUE@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BUILD_EAP_SIM_FALSE = @BUILD_EAP_SIM_FALSE@ +BUILD_EAP_SIM_TRUE = @BUILD_EAP_SIM_TRUE@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +ECHO = @ECHO@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +F77 = @F77@ +FFLAGS = @FFLAGS@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +RANLIB = @RANLIB@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +USE_CISCO_QUIRKS_FALSE = @USE_CISCO_QUIRKS_FALSE@ +USE_CISCO_QUIRKS_TRUE = @USE_CISCO_QUIRKS_TRUE@ +USE_LEAK_DETECTIVE_FALSE = @USE_LEAK_DETECTIVE_FALSE@ +USE_LEAK_DETECTIVE_TRUE = @USE_LEAK_DETECTIVE_TRUE@ +USE_LIBCURL_FALSE = @USE_LIBCURL_FALSE@ +USE_LIBCURL_TRUE = @USE_LIBCURL_TRUE@ +USE_LIBLDAP_FALSE = @USE_LIBLDAP_FALSE@ +USE_LIBLDAP_TRUE = @USE_LIBLDAP_TRUE@ +USE_NAT_TRANSPORT_FALSE = @USE_NAT_TRANSPORT_FALSE@ +USE_NAT_TRANSPORT_TRUE = @USE_NAT_TRANSPORT_TRUE@ +USE_SMARTCARD_FALSE = @USE_SMARTCARD_FALSE@ +USE_SMARTCARD_TRUE = @USE_SMARTCARD_TRUE@ +USE_VENDORID_FALSE = @USE_VENDORID_FALSE@ +USE_VENDORID_TRUE = @USE_VENDORID_TRUE@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_F77 = @ac_ct_F77@ +am__fastdepCC_FALSE = @am__fastdepCC_FALSE@ +am__fastdepCC_TRUE = @am__fastdepCC_TRUE@ +am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@ +am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +confdir = @confdir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +eapdir = @eapdir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +piddir = @piddir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +sbin_SCRIPTS = ipsec +CLEANFILES = ipsec +dist_man8_MANS = ipsec.8 +EXTRA_DIST = ipsec.in +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/ipsec/Makefile'; \ + cd $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/ipsec/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +install-sbinSCRIPTS: $(sbin_SCRIPTS) + @$(NORMAL_INSTALL) + test -z "$(sbindir)" || $(mkdir_p) "$(DESTDIR)$(sbindir)" + @list='$(sbin_SCRIPTS)'; for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + if test -f $$d$$p; then \ + f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \ + echo " $(sbinSCRIPT_INSTALL) '$$d$$p' '$(DESTDIR)$(sbindir)/$$f'"; \ + $(sbinSCRIPT_INSTALL) "$$d$$p" "$(DESTDIR)$(sbindir)/$$f"; \ + else :; fi; \ + done + +uninstall-sbinSCRIPTS: + @$(NORMAL_UNINSTALL) + @list='$(sbin_SCRIPTS)'; for p in $$list; do \ + f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \ + echo " rm -f '$(DESTDIR)$(sbindir)/$$f'"; \ + rm -f "$(DESTDIR)$(sbindir)/$$f"; \ + done + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +distclean-libtool: + -rm -f libtool +uninstall-info-am: +install-man8: $(man8_MANS) $(man_MANS) + @$(NORMAL_INSTALL) + test -z "$(man8dir)" || $(mkdir_p) "$(DESTDIR)$(man8dir)" + @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.8*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ + else file=$$i; fi; \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + case "$$ext" in \ + 8*) ;; \ + *) ext='8' ;; \ + esac; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \ + done +uninstall-man8: + @$(NORMAL_UNINSTALL) + @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.8*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + case "$$ext" in \ + 8*) ;; \ + *) ext='8' ;; \ + esac; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \ + rm -f "$(DESTDIR)$(man8dir)/$$inst"; \ + done +tags: TAGS +TAGS: + +ctags: CTAGS +CTAGS: + + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \ + list='$(DISTFILES)'; for file in $$list; do \ + case $$file in \ + $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \ + $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \ + esac; \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test "$$dir" != "$$file" && test "$$dir" != "."; then \ + dir="/$$dir"; \ + $(mkdir_p) "$(distdir)$$dir"; \ + else \ + dir=''; \ + fi; \ + if test -d $$d/$$file; then \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + fi; \ + cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + else \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(SCRIPTS) $(MANS) +installdirs: + for dir in "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)"; do \ + test -z "$$dir" || $(mkdir_p) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic distclean-libtool + +dvi: dvi-am + +dvi-am: + +html: html-am + +info: info-am + +info-am: + +install-data-am: install-man + +install-exec-am: install-sbinSCRIPTS + +install-info: install-info-am + +install-man: install-man8 + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-info-am uninstall-man uninstall-sbinSCRIPTS + +uninstall-man: uninstall-man8 + +.PHONY: all all-am check check-am clean clean-generic clean-libtool \ + distclean distclean-generic distclean-libtool distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-exec install-exec-am \ + install-info install-info-am install-man install-man8 \ + install-sbinSCRIPTS install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ + ps ps-am uninstall uninstall-am uninstall-info-am \ + uninstall-man uninstall-man8 uninstall-sbinSCRIPTS + + +ipsec : ipsec.in + sed \ + -e "s:@IPSEC_VERSION@:$(PACKAGE_VERSION):" \ + -e "s:@IPSEC_NAME@:$(PACKAGE_NAME):" \ + -e "s:@IPSEC_DISTRO@::" \ + -e "s:@IPSEC_DIR@:$(ipsecdir):" \ + -e "s:@IPSEC_SBINDIR@:$(sbindir):" \ + -e "s:@IPSEC_CONFDIR@:$(confdir):" \ + -e "s:@IPSEC_PIDDIR@:$(piddir):" \ + $< > $@ + chmod +x $@ +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/ipsec/ipsec.8 b/src/ipsec/ipsec.8 new file mode 100644 index 000000000..b37ac2c3a --- /dev/null +++ b/src/ipsec/ipsec.8 @@ -0,0 +1,342 @@ +.TH IPSEC 8 "9 February 2006" +.\" RCSID $Id: ipsec.8,v 1.3 2006/02/09 19:47:38 as Exp $ +.SH NAME +ipsec \- invoke IPsec utilities +.SH SYNOPSIS +.B ipsec +command [ argument ...] +.sp +.B ipsec start|update|reload|restart|stop +.sp +.B ipsec up|down|route|unroute +\fIconnectionname\fP +.sp +.B ipsec status|statusall +[ +\fIconnectionname\fP +] +.sp +.B ipsec listalgs|listpubkeys|listcerts +[ +.B \-\-utc +] +.br +.B ipsec listcacerts|listaacerts|listocspcerts +[ +.B \-\-utc +] +.br +.B ipsec listacerts|listgroups|listcainfos +[ +.B \-\-utc +] +.br +.B ipsec listcrls|listocsp|listcards|listall +[ +.B \-\-utc +] +.sp +.B ipsec rereadsecrets|rereadgroups +.br +.B ipsec rereadcacerts|rereadaacerts|rereadocspcerts +.br +.B ipsec rereadacerts|rereadcrls|rereadall +.sp +.B ipsec purgeocsp +.sp +.B ipsec +[ +.B \-\-help +] [ +.B \-\-version +] [ +.B \-\-versioncode +] [ +.B \-\-copyright +] +.br +.B ipsec +[ +.B \-\-directory +] [ +.B \-\-confdir +] +.SH DESCRIPTION +.I Ipsec +invokes any of several utilities involved in controlling the IPsec +encryption/authentication system, +running the specified +.I command +with the specified +.IR argument s +as if it had been invoked directly. +This largely eliminates possible name collisions with other software, +and also permits some centralized services. +.PP +The commands +.BR start , +.BR update , +.BR reload , +.BR restart , +and +.BR stop +are built-in and are used to control the +.BR "ipsec starter" +utility, an extremely fast replacement for the traditional +.BR ipsec +.BR setup +script. +.PP +The commands +.BR up, +.BR down, +.BR route, +.BR unroute, +.BR status, +.BR statusall, +.BR listalgs, +.BR listpubkeys, +.BR listcerts, +.BR listcacerts, +.BR listaacerts, +.BR listocspcerts, +.BR listacerts, +.BR listgroups, +.BR listcainfos, +.BR listcrls, +.BR listocsp, +.BR listcards, +.BR listall, +.BR rereadsecrets, +.BR rereadgroups, +.BR rereadcacerts, +.BR rereadaacerts, +.BR rereadocspcerts, +.BR rereadacerts, +.BR rereadcrls, +and +.BR rereadall +are also built-in and completely replace the corresponding +.BR "ipsec auto" +\-\-\fIoperation\fP" +commands. Communication with the pluto daemon happens via the +.BR "ipsec whack" +socket interface. +.PP +In particular, +.I ipsec +supplies the invoked +.I command +with a suitable PATH environment variable, +and also provides IPSEC_DIR, +IPSEC_CONFS, and IPSEC_VERSION environment variables, +containing respectively +the full pathname of the directory where the IPsec utilities are stored, +the full pathname of the directory where the configuration files live, +and the IPsec version number. +.PP +.B "ipsec start" +calls +.BR "ipsec starter" +which in turn starts \fIpluto\fR. +.PP +.B "ipsec update" +sends a \fIHUP\fR signal to +.BR "ipsec starter" +which in turn determines any changes in \fIipsec.conf\fR +and updates the configuration on the running \fIpluto\fR daemon, correspondingly. +.PP +.B "ipsec reload" +sends a \fIUSR1\fR signal to +.BR "ipsec starter" +which in turn reloads the whole configuration on the running \fIpluto\fR daemon +based on the actual \fIipsec.conf\fR. +.PP +.B "ipsec restart" +executes +.B "ipsec stop" +followed by +.BR "ipsec start". +.PP +.B "ipsec stop" +stops \fIipsec\fR by sending a \fITERM\fR signal to +.BR "ipsec starter". +.PP +.B "ipsec up" +\fIname\fP tells the \fIpluto\fP daemon to start up connection \fIname\fP. +.PP +.B "ipsec down" +\fIname\fP tells the \fIpluto\fP daemon to take down connection \fIname\fP. +.PP +.B "ipsec route" +\fIname\fP tells the \fIpluto\fP daemon to install a route for connection +\fIname\fP. +.PP +.B "ipsec unroute" +\fIname\fP tells the \fIpluto\fP daemon to take down the route for connection +\fIname\fP. +.PP +.B "ipsec status" +[ \fIname\fP ] gives concise status information either on connection +\fIname\fP or if the \fIname\fP argument is lacking, on all connections. +.PP +.B "ipsec statusall" +[ \fIname\fP ] gives detailed status information either on connection +\fIname\fP or if the \fIname\fP argument is lacking, on all connections. +.PP +.B "ipsec listalgs" +returns a list all supported IKE encryption and hash algorithms, the available +Diffie-Hellman groups, as well as all supported ESP encryption and authentication +algorithms. +.PP +.B "ipsec listpubkeys" +returns a list of RSA public keys that were either loaded in raw key format +or extracted from X.509 and|or OpenPGP certificates. +.PP +.B "ipsec listcerts" +returns a list of X.509 and|or OpenPGP certificates that were loaded locally +by the \fIpluto\fP daemon. +.PP +.B "ipsec listcacerts" +returns a list of X.509 Certification Authority (CA) certificates that were +loaded locally by the \fIpluto\fP daemon from the \fI/etc/ipsec.d/cacerts/\fP +directory or received in PKCS#7-wrapped certificate payloads via the IKE +protocol. +.PP +.B "ipsec listaacerts" +returns a list of X.509 Authorization Authority (AA) certificates that were +loaded locally by the \fIpluto\fP daemon from the \fI/etc/ipsec.d/aacerts/\fP +directory. +.PP +.B "ipsec listocspcerts" +returns a list of X.509 OCSP Signer certificates that were either loaded +locally by the \fIpluto\fP daemon from the \fI/etc/ipsec.d/ocspcerts/\fP +directory or were sent by an OCSP server. +.PP +.B "ipsec listacerts" +returns a list of X.509 Attribute certificates that were loaded locally by +the \fIpluto\fP daemon from the \fI/etc/ipsec.d/acerts/\fP directory. +.PP +.B "ipsec listgroups" +returns a list of groups that are used to define user authorization profiles. +.PP +.B "ipsec listcainfos" +returns certification authority information (CRL distribution points, OCSP URIs, +LDAP servers) that were defined by +.BR ca +sections in \fIipsec.conf\fP. +.PP +.B "ipsec listcrls" +returns a list of Certificate Revocation Lists (CRLs). +.PP +.B "ipsec listocsp" +returns revocation information fetched from OCSP servers. +.PP +.B "ipsec listcards" +returns a list of certificates residing on smartcards. +.PP +.B "ipsec listall" +returns all information generated by the list commands above. Each list command +can be called with the +\-\-url +option which displays all dates in UTC instead of local time. +.PP +.B "ipsec rereadsecrets" +flushes and rereads all secrets defined in \fIipsec.conf\fP. +.PP +.B "ipsec rereadcacerts" +reads all certificate files contained in the \fI/etc/ipsec.d/cacerts\fP +directory and adds them to \fIpluto\fP's list of Certification Authority (CA) certificates. +.PP +.B "ipsec rereadaacerts" +reads all certificate files contained in the \fI/etc/ipsec.d/aacerts\fP +directory and adds them to \fIpluto\fP's list of Authorization Authority (AA) certificates. +.PP +.B "ipsec rereadocspcerts" +reads all certificate files contained in the \fI/etc/ipsec.d/ocspcerts/\fP +directory and adds them to \fIpluto\fP's list of OCSP signer certificates. +.PP +.B "ipsec rereadacerts" +operation reads all certificate files contained in the \fI/etc/ipsec.d/acerts/\fP +directory and adds them to \fIpluto\fP's list of attribute certificates. +.PP +.B "ipsec rereadcrls" +reads all Certificate Revocation Lists (CRLs) contained in the +\fI/etc/ipsec.d/crls/\fP directory and adds them to \fIpluto\fP's list of CRLs. +.PP +.B "ipsec rereadall" +is equivalent to the execution of \fBrereadsecrets\fP, +\fBrereadcacerts\fP, \fBrereadaacerts\fP, \fBrereadocspcerts\fP, +\fBrereadacerts\fP, and \fBrereadcrls\fP. +.PP +.B "ipsec \-\-help" +lists the available commands. +Most have their own manual pages, e.g. +.IR ipsec_auto (8) +for +.IR auto . +.PP +.B "ipsec \-\-version" +outputs version information about Linux strongSwan. +A version code of the form ``U\fIxxx\fR/K\fIyyy\fR'' +indicates that the user-level utilities are version \fIxxx\fR +but the kernel portion appears to be version \fIyyy\fR +(this form is used only if the two disagree). +.PP +.B "ipsec \-\-versioncode" +outputs \fIjust\fR the version code, +with none of +.BR \-\-version 's +supporting information, +for use by scripts. +.PP +.B "ipsec \-\-copyright" +supplies boring copyright details. +.PP +.B "ipsec \-\-directory" +reports where +.I ipsec +thinks the IPsec utilities are stored. +.PP +.B "ipsec \-\-confdir" +reports where +.I ipsec +thinks the IPsec configuration files are stored. +.SH FILES +/usr/local/lib/ipsec usual utilities directory +.SH ENVIRONMENT +.PP +The following environment variables control where strongSwan finds its +components. +The +.B ipsec +command sets them if they are not already set. +.nf +.na + +IPSEC_DIR directory containing ipsec programs and utilities +IPSEC_SBINDIR directory containing \fBipsec\fP command +IPSEC_CONFDIR directory containing configuration files +IPSEC_PIDDIR directory containing PID files +IPSEC_NAME name of ipsec distribution +IPSEC_VERSION version numer of ipsec userland and kernel +IPSEC_STARTER_PID PID file for ipsec starter +IPSEC_PLUTO_PID PID file for IKEv1 keying daemon +IPSEC_CHARON_PID PID file for IKEv2 keying daemon +.ad +.fi +.SH SEE ALSO +.hy 0 +.na +ipsec.conf(5), ipsec.secrets(5), +ipsec_barf(8), +.ad +.hy +.PP +.SH HISTORY +Written for Linux FreeS/WAN +<http://www.freeswan.org> +by Henry Spencer. +Updated and extended for Linux strongSwan +<http://www.strongswan.org> +by Andreas Steffen. diff --git a/src/ipsec/ipsec.in b/src/ipsec/ipsec.in new file mode 100755 index 000000000..bd74b6f16 --- /dev/null +++ b/src/ipsec/ipsec.in @@ -0,0 +1,294 @@ +#! /bin/sh +# prefix command to run stuff from our programs directory +# Copyright (C) 1998-2002 Henry Spencer. +# Copyright (C) 2006 Andreas Steffen +# Copyright (C) 2006 Martin Willi +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2 of the License, or (at your +# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# for more details. +# +# RCSID $Id: ipsec.in,v 1.13 2006/03/09 20:09:33 as Exp $ + +# name and version of the ipsec implementation +IPSEC_NAME="@IPSEC_NAME@" +IPSEC_VERSION="U@IPSEC_VERSION@/K`uname -r`" + +# where the private directory and the config files are +IPSEC_DIR="@IPSEC_DIR@" +IPSEC_SBINDIR="@IPSEC_SBINDIR@" +IPSEC_CONFDIR="@IPSEC_CONFDIR@" +IPSEC_PIDDIR="@IPSEC_PIDDIR@" + +IPSEC_STARTER_PID="${IPSEC_PIDDIR}/starter.pid" +IPSEC_PLUTO_PID="${IPSEC_PIDDIR}/pluto.pid" +IPSEC_CHARON_PID="${IPSEC_PIDDIR}/charon.pid" + +IPSEC_WHACK="${IPSEC_DIR}/whack" +IPSEC_STROKE="${IPSEC_DIR}/stroke" +IPSEC_STARTER="${IPSEC_DIR}/starter" + +export IPSEC_DIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_PLUTO_PID IPSEC_CHARON_PID + +IPSEC_DISTRO="Institute for Internet Technologies and Applications\n + University of Applied Sciences Rapperswil, Switzerland" + +case "$1" in +'') + echo "Usage: ipsec command argument ..." + echo "Use --help for list of commands, or see ipsec(8) manual page" + echo "or the $IPSEC_NAME documentation for names of the common ones." + echo "Most have their own manual pages, e.g. ipsec_auto(8)." + echo "See <http://www.strongswan.org> for more general info." + exit 0 + ;; +--help) + echo "Usage: ipsec command argument ..." + echo "where command is one of:" + echo " start|restart arguments..." + echo " update|reload|stop" + echo " up|down|route|unroute <connectionname>" + echo " status|statusall [<connectionname>]" + echo " ready" + echo " listalgs|listpubkeys|listcerts [--utc]" + echo " listcacerts|listaacerts|listocspcerts [--utc]" + echo " listacerts|listgroups|listcainfos [--utc]" + echo " listcrls|listocsp|listcards|listall [--utc]" + echo " rereadsecrets|rereadgroups" + echo " rereadcacerts|rereadaacerts|rereadocspcerts" + echo " rereadacerts|rereadcrls|rereadall" + echo " purgeocsp" + echo " scencrypt|scdecrypt <value> [--inbase <base>] [--outbase <base>] [--keyid <id>]" + echo " barf" + echo " openac" + echo " pluto" + echo " scepclient" + echo " secrets" + echo " starter" + echo " version" + echo " whack" + echo " stoke" + echo + echo "Some of these functions have their own manual pages, e.g. ipsec_scepclient(8)." + exit 0 + ;; +--versioncode) + echo "$IPSEC_VERSION" + exit 0 + ;; +--copyright) + set _copyright + # and fall through, invoking "ipsec _copyright" + ;; +--directory) + echo "$IPSEC_DIR" + exit 0 + ;; +--confdir) + echo "$IPSEC_CONFDIR" + exit 0 + ;; +down) + shift + if [ "$#" -ne 1 ] + then + echo "Usage: ipsec down <connection name>" + exit 1 + fi + if test -e $IPSEC_PLUTO_PID + then + $IPSEC_WHACK --name "$1" --terminate + fi + if test -e $IPSEC_CHARON_PID + then + $IPSEC_STROKE down "$1" + fi + exit 0 + ;; +listalgs|listpubkeys|listaacerts|\ +listacerts|listgroups|\listcards|\ +rereadsecrets|rereadgroups|\ +rereadaacerts|rereadacerts) + op="$1" + shift + if test -e $IPSEC_PLUTO_PID + then + $IPSEC_WHACK "$@" "--$op" + fi + exit 0 + ;; +listcerts|listcacerts|listocspcerts|\ +listcainfos|listcrls|listocsp|listall|\ +rereadcacerts|rereadocspcerts|rereadcrls|\ +rereadall|purgeocsp) + op="$1" + shift + if test -e $IPSEC_PLUTO_PID + then + $IPSEC_WHACK "$@" "--$op" + fi + if test -e $IPSEC_CHARON_PID + then + $IPSEC_STROKE "$op" "$@" + fi + exit 0 + ;; +ready) + shift + if test -e $IPSEC_PLUTO_PID + then + $IPSEC_WHACK --listen + fi + exit 0 + ;; +reload) + if test -e $IPSEC_STARTER_PID + then + echo "Reloading strongSwan IPsec configuration..." >&2 + kill -s USR1 `cat $IPSEC_STARTER_PID` + else + echo "ipsec starter is not running" >&2 + fi + exit 0 + ;; +restart) + $IPSEC_SBINDIR/ipsec stop + sleep 2 + shift + $IPSEC_SBINDIR/ipsec start "$@" + exit 0 + ;; +route|unroute) + op="$1" + shift + if [ "$#" -ne 1 ] + then + echo "Usage: ipsec $op <connection name>" + exit 1 + fi + if test -e $IPSEC_PLUTO_PID + then + $IPSEC_WHACK --name "$1" "--$op" + fi + if test -e $IPSEC_CHARON_PID + then + $IPSEC_STROKE "$op" "$1" + fi + exit 0 + ;; +scencrypt|scdecrypt) + op="$1" + shift + if test -e $IPSEC_PLUTO_PID + then + $IPSEC_WHACK "--$op" "$@" + fi + exit 0 + ;; +secrets) + if test -e $IPSEC_PLUTO_PID + then + $IPSEC_WHACK --rereadsecrets + fi + exit 0 + ;; +start) + shift + exec $IPSEC_STARTER "$@" + ;; +status|statusall) + op="$1" + shift + if test $# -eq 0 + then + if test -e $IPSEC_PLUTO_PID + then + $IPSEC_WHACK "--$op" + fi + if test -e $IPSEC_CHARON_PID + then + $IPSEC_STROKE "$op" + fi + else + if test -e $IPSEC_PLUTO_PID + then + $IPSEC_WHACK --name "$1" "--$op" + fi + if test -e $IPSEC_CHARON_PID + then + $IPSEC_STROKE "$op" "$1" + fi + fi + exit 0 + ;; +stop) + if test -e $IPSEC_STARTER_PID + then + echo "Stopping strongSwan IPsec..." >&2 + kill `cat $IPSEC_STARTER_PID` + else + echo "ipsec starter is not running" >&2 + fi + exit 0 + ;; +up) + shift + if [ "$#" -ne 1 ] + then + echo "Usage: ipsec up <connection name>" + exit 1 + fi + if test -e $IPSEC_PLUTO_PID + then + $IPSEC_WHACK --name "$1" --initiate + fi + if test -e $IPSEC_CHARON_PID + then + $IPSEC_STROKE up "$1" + fi + exit 0 + ;; +update) + if test -e $IPSEC_STARTER_PID + then + echo "Updating strongSwan IPsec configuration..." >&2 + kill -s HUP `cat $IPSEC_STARTER_PID` + else + echo "ipsec starter is not running" >&2 + fi + exit 0 + ;; +version|--version) + echo "Linux $IPSEC_NAME $IPSEC_VERSION" + echo "See \`ipsec --copyright' for copyright information." + echo $IPSEC_DISTRO + exit 0 + ;; +--*) + echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2 + exit 1 + ;; +esac + +cmd="$1" +shift + +path="$IPSEC_DIR/$cmd" + +if test ! -x "$path" +then + path="$IPSEC_DIR/$cmd" + if test ! -x "$path" + then + echo "$0: unknown IPsec command \`$cmd' (\`ipsec --help' for list)" >&2 + exit 1 + fi +fi + +exec $path "$@" |