ipsec revision 168531
178344Sobrien#!/bin/sh 278344Sobrien# 398184Sgordon# $NetBSD: ipsec,v 1.7 2002/03/22 04:33:58 thorpej Exp $ 498184Sgordon# $FreeBSD: head/etc/rc.d/ipsec 168531 2007-04-09 08:53:40Z des $ 578344Sobrien# 678344Sobrien 778344Sobrien# PROVIDE: ipsec 8168531Sdes# REQUIRE: FILESYSTEMS 9151272Spjd# BEFORE: DAEMON mountcritremote 10136224Smtm# KEYWORD: nojail 1178344Sobrien 1278344Sobrien. /etc/rc.subr 1378344Sobrien 1478344Sobrienname="ipsec" 1598184Sgordonrcvar=`set_rcvar` 1678344Sobrienstart_precmd="ipsec_prestart" 1778344Sobrienstart_cmd="ipsec_start" 18154770Spjdstop_precmd="test -f $ipsec_file" 1978344Sobrienstop_cmd="ipsec_stop" 2078344Sobrienreload_cmd="ipsec_reload" 2178344Sobrienextra_commands="reload" 22151270Spjdipsec_program="/sbin/setkey" 23124618Smtm# ipsec_file is set by rc.conf 2478344Sobrien 2578344Sobrienipsec_prestart() 2678344Sobrien{ 2798184Sgordon if [ ! -f "$ipsec_file" ]; then 2898184Sgordon warn "$ipsec_file not readable; ipsec start aborted." 2978344Sobrien # 3078344Sobrien # If booting directly to multiuser, send SIGTERM to 3178344Sobrien # the parent (/etc/rc) to abort the boot 3278344Sobrien # 3378344Sobrien if [ "$autoboot" = yes ]; then 3478344Sobrien echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!" 3578344Sobrien kill -TERM $$ 3678344Sobrien exit 1 3778344Sobrien fi 3878344Sobrien return 1 3978344Sobrien fi 4078344Sobrien return 0 4178344Sobrien} 4278344Sobrien 4378344Sobrienipsec_start() 4478344Sobrien{ 4578344Sobrien echo "Installing ipsec manual keys/policies." 46101085Sume ${ipsec_program} -f $ipsec_file 4778344Sobrien} 4878344Sobrien 4978344Sobrienipsec_stop() 5078344Sobrien{ 5178344Sobrien echo "Clearing ipsec manual keys/policies." 5278344Sobrien 5378344Sobrien # still not 100% sure if we would like to do this. 5478344Sobrien # it is very questionable to do this during shutdown session, since 5578344Sobrien # it can hang any of remaining IPv4/v6 session. 5678344Sobrien # 57101085Sume ${ipsec_program} -F 58101085Sume ${ipsec_program} -FP 5978344Sobrien} 6078344Sobrien 6178344Sobrienipsec_reload() 6278344Sobrien{ 6378344Sobrien echo "Reloading ipsec manual keys/policies." 64101085Sume ${ipsec_program} -f "$ipsec_file" 6578344Sobrien} 6678344Sobrien 6778344Sobrienload_rc_config $name 6878344Sobrienrun_rc_command "$1" 69