summaryrefslogtreecommitdiff
path: root/debian/strongswan-starter.ipsec.init
blob: 3446692d13389465a775c7aa8e86887bbcaad9e9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
#! /bin/sh
### BEGIN INIT INFO
# Provides:          vpn
# Required-Start:    $network $local_fs
# Required-Stop:     $network $local_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Strongswan IPsec services
### END INIT INFO

# Author: Rene Mayrhofer <rene@mayrhofer.eu.org>

# PATH should only include /usr/* if it runs after the mountnfs.sh script
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="strongswan IPsec services"
NAME=ipsec
STARTER=/usr/sbin/$NAME
PIDFILE1=/var/run/pluto.pid
PIDFILE2=/var/run/charon.pid
PLUTO=/usr/lib/ipsec/pluto
CHARON=/usr/lib/ipsec/charon
SCRIPTNAME=/etc/init.d/$NAME

# Exit if the package is not installed
[ -x "$STARTER" ] || exit 0

# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME

# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh

# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions

#
# Function that starts the daemon/service
#
do_start()
{
	# Return
	#   0 if daemon has been started
	#   1 if daemon was already running
	#   2 if daemon could not be started

	# test if either charon or pluto are currently running (PIDFILE1 or PIDFILE2)
	if [ -e $PLUTO ]; then
	  start-stop-daemon --start --quiet --pidfile $PIDFILE1 --exec $STARTER --test > /dev/null \
		|| return 1
	fi
	if [ -e $CHARON ]; then
	  start-stop-daemon --start --quiet --pidfile $PIDFILE2 --exec $STARTER --test > /dev/null \
		|| return 1
	fi

	$STARTER start || return 2
}

#
# Function that stops the daemon/service
#
do_stop()
{
	# Return
	#   0 if daemon has been stopped
	#   1 if daemon was already stopped
	#   2 if daemon could not be stopped
	#   other if a failure occurred
	# give the proper signal to stop
	$STARTER stop || return 2

	# but kill if that didn't work
	if [ -e $PIDFILE1 ]; then
		start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE1 --name $NAME
		RETVAL="$?"
		[ "$RETVAL" = 2 ] && return 2
	fi
	if [ -e $PIDFILE2 ]; then
		start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE2 --name $NAME
		RETVAL="$?"
		[ "$RETVAL" = 2 ] && return 2
	fi

	# Wait for children to finish too if this is a daemon that forks
	# and if the daemon is only ever run from this initscript.
	# If the above conditions are not satisfied then add some other code
	# that waits for the process to drop all resources that could be
	# needed by services started subsequently.  A last resort is to
	# sleep for some time.
	if [ -e $PLUTO ]; then
	  start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $PLUTO
	  [ "$?" = 2 ] && return 2
	fi
	if [ -e $CHARON ]; then
	  start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $CHARON
	  [ "$?" = 2 ] && return 2
	fi

	# strongswan is known to leave PID files behind when something goes wrong, cleanup here
	rm -f $PIDFILE1 $PIDFILE2
	# and just to make sure they are really really dead at this point...
	killall -9 $PLUTO 2>/dev/null
	killall -9 $CHARON 2>/dev/null

	return "$RETVAL"
}

do_reload() {
	$STARTER reload
	return 0
}

case "$1" in
  start)
	[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
	do_start
	case "$?" in
		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
	esac
	;;
  stop)
	[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
	do_stop
	case "$?" in
		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
	esac
	;;
  status)
	$STARTER status || exit $?
	;;
  reload|force-reload)
	log_daemon_msg "Reloading $DESC" "$NAME"
	do_reload
	log_end_msg $?
	;;
  restart)
	log_daemon_msg "Restarting $DESC" "$NAME"
	do_stop
	case "$?" in
	  0|1)
		do_start
		case "$?" in
			0) log_end_msg 0 ;;
			1) log_end_msg 1 ;; # Old process is still running
			*) log_end_msg 1 ;; # Failed to start
		esac
		;;
	  *)
	  	# Failed to stop
		log_end_msg 1
		;;
	esac
	;;
  *)
	echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
	exit 3
	;;
esac