#! /bin/sh # prefix command to run stuff from our programs directory # Copyright (C) 1998-2002 Henry Spencer. # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation; either version 2 of the License, or (at your # option) any later version. See . # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # # RCSID $Id: ipsec.in,v 1.13 2006/03/09 20:09:33 as Exp $ IPSEC_NAME=strongSwan # where the private directory and the config files are IPSEC_EXECDIR="${IPSEC_EXECDIR-@IPSEC_EXECDIR@}" IPSEC_LIBDIR="${IPSEC_LIBDIR-@IPSEC_LIBDIR@}" IPSEC_SBINDIR="${IPSEC_SBINDIR-@IPSEC_SBINDIR@}" IPSEC_CONFS="${IPSEC_CONFS-@IPSEC_CONFS@}" IPSEC_DIR="$IPSEC_LIBDIR" export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR IPSEC_STARTER_PID="/var/run/starter.pid" # standardize PATH, and export it for everything else's benefit PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin export PATH # things not to be listed in --help command list DONTMENTION='^(ipsec|_.*|.*\.old|.*~)$' # version numbering (details filled in by build) # Possibly should call a C program to invoke the version_code() function # instead, but for performance's sake, we inline it here (and only here). version="xxx" # export the version information IPSEC_VERSION="$version" export IPSEC_VERSION # function for the funky user/kernel version stuff fixversion() { if test -f /proc/net/ipsec_version then stack=" (KLIPS)" kv="`awk '{print $NF}' /proc/net/ipsec_version`" else if test -f /proc/net/pfkey then stack=" (native)" kv="`uname -r`" else kv="(no kernel code presently loaded)" fi fi if test " $kv" != " $version" then version="U$version/K$kv" fi version="$version$stack" } case "$1" in '') echo "Usage: ipsec command argument ..." echo "Use --help for list of commands, or see ipsec(8) manual page" echo "or the $IPSEC_NAME documentation for names of the common ones." echo "Most have their own manual pages, e.g. ipsec_auto(8)." echo "See for more general info." exit 0 ;; --help) echo "Usage: ipsec command argument ..." echo "where command is one of:" echo " start|restart arguments..." echo " update|reload|stop" echo " up|down|route|unroute " echo " status|statusall []" echo " ready" echo " listalgs|listpubkeys|listcerts [--utc]" echo " listcacerts|listaacerts|listocspcerts [--utc]" echo " listacerts|listgroups|listcainfos [--utc]" echo " listcrls|listocsp|listcards|listall [--utc]" echo " rereadsecrets|rereadgroups" echo " rereadcacerts|rereadaacerts|rereadocspcerts" echo " rereadacerts|rereadcrls|rereadall" echo " purgeocsp" echo " scencrypt|scdecrypt [--inbase ] [--outbase ] [--keyid ]" echo " barf" echo " openac" echo " pluto" echo " scepclient" echo " secrets" echo " starter" echo " version" echo " whack" echo echo "Some of these functions have their own manual pages, e.g. ipsec_scepclient(8)." exit 0 ;; --versioncode) fixversion echo "$version" exit 0 ;; --copyright) set _copyright # and fall through, invoking "ipsec _copyright" ;; --directory) echo "$IPSEC_DIR" exit 0 ;; --confdir) echo "$IPSEC_CONFS" exit 0 ;; down) shift $IPSEC_EXECDIR/whack --name "$1" --terminate exit 0 ;; listalgs|listpubkeys|listcerts|listcacerts|\ listaacerts|listocspcerts|listacerts|listgroups|\ listcainfos|listcrls|listocsp|listcards|\ listall|purgeocsp|rereadsecrets|rereadgroups|\ rereadcacerts|rereadaacerts|rereadocspcerts|\ rereadacerts|rereadcrls|rereadall) op="$1" shift $IPSEC_EXECDIR/whack "$@" "--$op" exit 0 ;; ready) shift $IPSEC_EXECDIR/whack --listen exit 0 ;; reload) if test -e $IPSEC_STARTER_PID then echo "Reloading strongSwan IPsec configuration..." >&2 kill -s USR1 `cat $IPSEC_STARTER_PID` else echo "ipsec starter is not running" >&2 fi exit 0 ;; restart) $IPSEC_SBINDIR/ipsec stop sleep 2 shift $IPSEC_SBINDIR/ipsec start "$@" exit 0 ;; route|unroute) op="$1" shift $IPSEC_EXECDIR/whack --name "$1" "--$op" exit 0 ;; scencrypt|scdecrypt) op="$1" shift $IPSEC_EXECDIR/whack "--$op" "$@" exit 0 ;; start) shift exec $IPSEC_EXECDIR/starter "$@" ;; status|statusall) op="$1" shift if test $# -eq 0 then $IPSEC_EXECDIR/whack "--$op" else $IPSEC_EXECDIR/whack --name "$1" "--$op" fi exit 0 ;; stop) if test -e $IPSEC_STARTER_PID then echo "Stopping strongSwan IPsec..." >&2 kill `cat $IPSEC_STARTER_PID` else echo "ipsec starter is not running" >&2 fi exit 0 ;; up) shift $IPSEC_EXECDIR/whack --name "$1" --initiate exit 0 ;; update) if test -e $IPSEC_STARTER_PID then echo "Updating strongSwan IPsec configuration..." >&2 kill -s HUP `cat $IPSEC_STARTER_PID` else echo "ipsec starter is not running" >&2 fi exit 0 ;; version|--version) fixversion echo "Linux $IPSEC_NAME $version" echo "See \`ipsec --copyright' for copyright information." if [ -f $IPSEC_LIBDIR/distro.txt ] then cat $IPSEC_LIBDIR/distro.txt fi exit 0 ;; --*) echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2 exit 1 ;; esac cmd="$1" shift path="$IPSEC_EXECDIR/$cmd" if test ! -x "$path" then path="$IPSEC_LIBDIR/$cmd" if test ! -x "$path" then echo "$0: unknown IPsec command \`$cmd' (\`ipsec --help' for list)" >&2 exit 1 fi fi exec $path "$@"