diff options
Diffstat (limited to 'programs/setup')
| -rw-r--r-- | programs/setup/.cvsignore | 1 | ||||
| -rw-r--r-- | programs/setup/Makefile | 22 | ||||
| -rw-r--r-- | programs/setup/setup.8 | 142 | ||||
| -rwxr-xr-x | programs/setup/setup.in | 162 |
4 files changed, 0 insertions, 327 deletions
diff --git a/programs/setup/.cvsignore b/programs/setup/.cvsignore deleted file mode 100644 index 146f275e0..000000000 --- a/programs/setup/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -setup diff --git a/programs/setup/Makefile b/programs/setup/Makefile deleted file mode 100644 index f12d452b2..000000000 --- a/programs/setup/Makefile +++ /dev/null @@ -1,22 +0,0 @@ -# Makefile for miscelaneous programs -# Copyright (C) 2002 Michael Richardson <mcr@freeswan.org> -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Makefile,v 1.3 2006/02/10 11:28:15 as Exp $ - -FREESWANSRCDIR=../.. -include ${FREESWANSRCDIR}/Makefile.inc - -PROGRAM=setup -EXTRA8MAN=setup.8 - -include ../Makefile.program diff --git a/programs/setup/setup.8 b/programs/setup/setup.8 deleted file mode 100644 index e2980ee74..000000000 --- a/programs/setup/setup.8 +++ /dev/null @@ -1,142 +0,0 @@ -.TH IPSEC_SETUP 8 "23 July 2001" -.\" RCSID $Id: setup.8,v 1.1 2004/03/15 20:35:31 as Exp $ -.SH NAME -ipsec setup \- control IPsec subsystem -.SH SYNOPSIS -.B ipsec -.B setup -[ -.B \-\-show -| -.B \-\-showonly -] -command -.SH DESCRIPTION -.I Setup -controls the FreeS/WAN IPsec subsystem, -including both the Klips kernel code and the Pluto key-negotiation daemon. -(It is a synonym for the ``rc'' script for the subsystem; -the system runs the equivalent of -.B "ipsec setup start" -at boot time, -and -.B "ipsec setup stop" -at shutdown time, more or less.) -.PP -The action taken depends on the specific -.IR command , -and on the contents of the -.B config -.B setup -section of the -IPsec configuration file (\c -.IR /etc/ipsec.conf , -see -.IR ipsec.conf (5)). -Current -.IR command s -are: -.TP 10 -.B start -start Klips and Pluto, -including setting up Klips to do crypto operations on the -interface(s) specified in the configuration file, -and (if the configuration file so specifies) -setting up manually-keyed connections and/or -asking Pluto to negotiate automatically-keyed connections -to other security gateways -.TP -.B stop -shut down Klips and Pluto, -including tearing down all existing crypto connections -.TP -.B restart -equivalent to -.B stop -followed by -.B start -.TP -.B status -report the status of the subsystem; -normally just reports -.B "IPsec running" -and -.BR "pluto pid \fInnn\fP" , -or -.BR "IPsec stopped" , -and exits with status 0, -but will go into more detail (and exit with status 1) -if something strange is found. -(An ``illicit'' Pluto is one that does not match the process ID in -Pluto's lock file; -an ``orphaned'' Pluto is one with no lock file.) -.PP -The -.B stop -operation tries to clean up properly even if assorted accidents -have occurred, -e.g. Pluto having died without removing its lock file. -If -.B stop -discovers that the subsystem is (supposedly) not running, -it will complain, -but will do its cleanup anyway before exiting with status 1. -.PP -Although a number of configuration-file parameters influence -.IR setup 's -operations, the key one is the -.B interfaces -parameter, which must be right or chaos will ensue. -.PP -The -.B \-\-show -and -.B \-\-showonly -options cause -.I setup -to display the shell commands that it would execute. -.B \-\-showonly -suppresses their execution. -Only -.BR start , -.BR stop , -and -.B restart -commands recognize these flags. -.SH FILES -.ta \w'/proc/sys/net/ipv4/ip_forward'u+2n -/etc/rc.d/init.d/ipsec the script itself -.br -/etc/init.d/ipsec alternate location for the script -.br -/etc/ipsec.conf IPsec configuration file -.br -/proc/sys/net/ipv4/ip_forward forwarding control -.br -/var/run/ipsec.info saved information -.br -/var/run/pluto.pid Pluto lock file -.br -/var/run/ipsec_setup.pid IPsec lock file -.SH SEE ALSO -ipsec.conf(5), ipsec(8), ipsec_manual(8), ipsec_auto(8), route(8) -.SH DIAGNOSTICS -All output from the commands -.B start -and -.B stop -goes both to standard -output and to -.IR syslogd (8), -via -.IR logger (1). -Selected additional information is logged only to -.IR syslogd (8). -.SH HISTORY -Written for the FreeS/WAN project -<http://www.freeswan.org> -by Henry Spencer. -.SH BUGS -Old versions of -.IR logger (1) -inject spurious extra newlines onto standard output. diff --git a/programs/setup/setup.in b/programs/setup/setup.in deleted file mode 100755 index 1e43d0d67..000000000 --- a/programs/setup/setup.in +++ /dev/null @@ -1,162 +0,0 @@ -#!/bin/sh -# IPsec startup and shutdown script -# Copyright (C) 1998, 1999, 2001 Henry Spencer. -# Copyright (C) 2002 Michael Richardson <mcr@freeswan.org> -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: setup.in,v 1.1 2004/03/15 20:35:31 as Exp $ -# -# ipsec init.d script for starting and stopping -# the IPsec security subsystem (KLIPS and Pluto). -# -# This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec) -# and is also accessible as "ipsec setup" (the preferred route for human -# invocation). -# -# The startup and shutdown times are a difficult compromise (in particular, -# it is almost impossible to reconcile them with the insanely early/late -# times of NFS filesystem startup/shutdown). Startup is after startup of -# syslog and pcmcia support; shutdown is just before shutdown of syslog. -# -# chkconfig: 2345 47 68 -# description: IPsec provides encrypted and authenticated communications; \ -# KLIPS is the kernel half of it, Pluto is the user-level management daemon. - -me='ipsec setup' # for messages - - -# where the private directory and the config files are -IPSEC_EXECDIR="${IPSEC_EXECDIR-@IPSEC_EXECDIR@}" -IPSEC_LIBDIR="${IPSEC_LIBDIR-@IPSEC_LIBDIR@}" -IPSEC_SBINDIR="${IPSEC_SBINDIR-@IPSEC_SBINDIR@}" -IPSEC_CONFS="${IPSEC_CONFS-@IPSEC_CONFS@}" - -if test " $IPSEC_DIR" = " " # if we were not called by the ipsec command -then - # we must establish a suitable PATH ourselves - PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin - export PATH - - IPSEC_DIR="$IPSEC_LIBDIR" - export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR -fi - -# Check that the ipsec command is available. -found= -for dir in `echo $PATH | tr ':' ' '` -do - if test -f $dir/ipsec -a -x $dir/ipsec - then - found=yes - break # NOTE BREAK OUT - fi -done -if ! test "$found" -then - echo "cannot find ipsec command -- \`$1' aborted" | - logger -s -p daemon.error -t ipsec_setup - exit 1 -fi - -# accept a few flags - -export IPSEC_setupflags -IPSEC_setupflags="" - -config="" - -for dummy -do - case "$1" in - --showonly|--show) IPSEC_setupflags="$1" ;; - --config) config="--config $2" ; shift ;; - *) break ;; - esac - shift -done - - -# Pick up IPsec configuration (until we have done this, successfully, we -# do not know where errors should go, hence the explicit "daemon.error"s.) -# Note the "--export", which exports the variables created. -eval `ipsec _confread $config --optional --varprefix IPSEC --export --type config setup` -if test " $IPSEC_confreadstatus" != " " -then - echo "$IPSEC_confreadstatus -- \`$1' aborted" | - logger -s -p daemon.error -t ipsec_setup - exit 1 -fi - -IPSEC_confreadsection=${IPSEC_confreadsection:-setup} -export IPSEC_confreadsection - -IPSECsyslog=${IPSECsyslog-daemon.error} -export IPSECsyslog - -# misc setup -umask 022 - - -# do it -case "$1" in - start|--start|stop|--stop|_autostop|_autostart) - if test " `id -u`" != " 0" - then - echo "permission denied (must be superuser)" | - logger -s -p $IPSECsyslog -t ipsec_setup 2>&1 - exit 1 - fi - tmp=/var/run/ipsec_setup.st - ( - ipsec _realsetup $1 - echo "$?" >$tmp - ) 2>&1 | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1 - st=$? - if test -f $tmp - then - st=`cat $tmp` - rm -f $tmp - fi - exit $st - ;; - - restart|--restart|force-reload) - $0 $IPSEC_setupflags stop - $0 $IPSEC_setupflags start - ;; - - _autorestart) # for internal use only - $0 $IPSEC_setupflags _autostop - $0 $IPSEC_setupflags _autostart - ;; - - status|--status) - ipsec _realsetup $1 - exit - ;; - - --version) - echo "$me $IPSEC_VERSION" - exit 0 - ;; - - --help) - echo "Usage: $me {--start|--stop|--restart|--status}" - exit 0 - ;; - - *) - echo "Usage: $me {--start|--stop|--restart|--status}" >&2 - exit 2 -esac - -exit 0 |