1#!/bin/sh 2# 3# $NetBSD: ipsec,v 1.18 2020/09/08 12:52:18 martin Exp $ 4# 5 6# PROVIDE: ipsec 7# REQUIRE: root bootconf CRITLOCALMOUNTED tty 8# BEFORE: DAEMON 9 10$_rc_subr_loaded . /etc/rc.subr 11 12name="ipsec" 13rcvar=$name 14start_precmd="ipsec_prestart" 15start_cmd="ipsec_start" 16stop_precmd="test -f /etc/ipsec.conf" 17stop_cmd="ipsec_stop" 18reload_cmd="ipsec_reload" 19extra_commands="reload" 20 21ipsec_prestart() 22{ 23 if [ ! -f /etc/ipsec.conf ]; then 24 warn "/etc/ipsec.conf not readable; ipsec start aborted." 25 26 stop_boot 27 return 1 28 fi 29 return 0 30} 31 32ipsec_getip() { 33 ifconfig $1 | while IFS="${IFS}/" read what address rest; do 34 case "$what" in 35 inet) echo "local v4_addr=$address;";; 36 inet6) case "$address" in 37 fe80:*) ;; 38 *) echo "local v6_addr=$address;";; 39 esac;; 40 esac 41 done 42} 43 44ipsec_load() { 45 if [ -z "$1" ]; then 46 /sbin/setkey -f /etc/ipsec.conf 47 else 48 sed -e "s/@LOCAL_ADDR@/$1/" \ 49 -e "s/@LOCAL_ADDR_V4@/$1/" \ 50 -e "s/@LOCAL_ADDR_V6@/$2/" /etc/ipsec.conf | \ 51 /sbin/setkey -f - 52 fi 53} 54 55ipsec_configure() { 56 while true; do 57 eval $(ipsec_getip "$ipsec_flags") 58 case "$v4_addr" in 59 '') sleep 1;; 60 "0.0.0.0") sleep 1;; 61 *) ipsec_load "$v4_addr" "$v6_addr"; return;; 62 esac 63 done & 64} 65 66ipsec_start() 67{ 68 echo "Installing ipsec manual keys/policies." 69 if [ -n "$ipsec_flags" ]; then 70 ipsec_configure 71 else 72 ipsec_load 73 fi 74} 75 76ipsec_stop() 77{ 78 echo "Clearing ipsec manual keys/policies." 79 80 # still not 100% sure if we would like to do this. 81 # it is very questionable to do this during shutdown session, since 82 # it can hang any of remaining IPv4/v6 session. 83 # 84 /sbin/setkey -F 85 /sbin/setkey -FP 86} 87 88ipsec_reload() 89{ 90 echo "Reloading ipsec manual keys/policies." 91 ipsec_stop 92 ipsec_start 93} 94 95load_rc_config $name 96run_rc_command "$1" 97