Avoid proxy for bypass_socket, enable_udp_decap
[strongswan.git] / src / ipsec / _ipsec.in
1 #! @IPSEC_SHELL@
2 # prefix command to run stuff from our programs directory
3 # Copyright (C) 1998-2002  Henry Spencer.
4 # Copyright (C) 2006 Andreas Steffen
5 # Copyright (C) 2006 Martin Willi
6 #
7 # This program is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by the
9 # Free Software Foundation; either version 2 of the License, or (at your
10 # option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
11 #
12 # This program is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 # or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
15 # for more details.
16
17 # define a minimum PATH environment in case it is not set
18 PATH="/sbin:/bin:/usr/sbin:/usr/bin:@IPSEC_SBINDIR@"
19 export PATH
20
21 # set daemon name
22 [ -z "$DAEMON_NAME" ] && DAEMON_NAME="charon"
23
24 # name and version of the ipsec implementation
25 OS_NAME=`uname -s`
26 IPSEC_NAME="@IPSEC_NAME@"
27 IPSEC_VERSION="U@IPSEC_VERSION@/K`uname -r`"
28
29 # where the private directory and the config files are
30 IPSEC_DIR="@IPSEC_DIR@"
31 IPSEC_SBINDIR="@IPSEC_SBINDIR@"
32 IPSEC_CONFDIR="@IPSEC_CONFDIR@"
33 IPSEC_PIDDIR="@IPSEC_PIDDIR@"
34 IPSEC_SCRIPT="@IPSEC_SCRIPT@"
35
36 IPSEC_STARTER_PID="${IPSEC_PIDDIR}/starter.${DAEMON_NAME}.pid"
37 IPSEC_CHARON_PID="${IPSEC_PIDDIR}/${DAEMON_NAME}.pid"
38
39 IPSEC_STROKE="${IPSEC_DIR}/stroke"
40 IPSEC_STARTER="${IPSEC_DIR}/starter"
41
42 export IPSEC_DIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_SCRIPT IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_CHARON_PID
43
44 IPSEC_DISTRO="Institute for Internet Technologies and Applications\nUniversity of Applied Sciences Rapperswil, Switzerland"
45
46 case "$1" in
47 '')
48         echo "Usage: $IPSEC_SCRIPT command argument ..."
49         echo "Use --help for list of commands, or see $IPSEC_SCRIPT(8) manual "
50         echo "page or the $IPSEC_NAME documentation for names of the common "
51         echo "ones."
52         echo "See <http://www.strongswan.org> for more general info."
53         exit 0
54         ;;
55 --help)
56         echo "Usage: $IPSEC_SCRIPT command argument ..."
57         echo "where command is one of:"
58         echo "  start|restart  arguments..."
59         echo "  update|reload|stop"
60         echo "  up|down|route|unroute <connectionname>"
61         echo "  status|statusall [<connectionname>]"
62         echo "  listalgs|listpubkeys|listcerts [--utc]"
63         echo "  listcacerts|listaacerts|listocspcerts [--utc]"
64         echo "  listacerts|listgroups|listcainfos [--utc]"
65         echo "  listcrls|listocsp|listcards|listplugins|listall [--utc]"
66         echo "  listcounters|resetcounters [name]"
67         echo "  leases [<poolname> [<address>]]"
68         echo "  rereadsecrets|rereadgroups"
69         echo "  rereadcacerts|rereadaacerts|rereadocspcerts"
70         echo "  rereadacerts|rereadcrls|rereadall"
71         echo "  purgeocsp|purgecrls|purgecerts|purgeike"
72         echo "  openac"
73         echo "  scepclient"
74         echo "  secrets"
75         echo "  starter"
76         echo "  version"
77         echo "  stroke"
78         echo
79         echo "Some of these functions have their own manual pages, e.g. ipsec_scepclient(8)."
80         exit 0
81         ;;
82 --versioncode)
83         echo "$IPSEC_VERSION"
84         exit 0
85         ;;
86 --directory)
87         echo "$IPSEC_DIR"
88         exit 0
89         ;;
90 --confdir)
91         echo "$IPSEC_CONFDIR"
92         exit 0
93         ;;
94 copyright|--copyright)
95         set _copyright
96         # and fall through, invoking "ipsec _copyright"
97         ;;
98 down)
99         shift
100         if [ "$#" -ne 1 ]
101         then
102             echo "Usage: $IPSEC_SCRIPT down <connection name>"
103             exit 2
104         fi
105         rc=7
106         if [ -e $IPSEC_CHARON_PID ]
107         then
108                 $IPSEC_STROKE down "$1"
109                 rc="$?"
110         fi
111         exit "$rc"
112         ;;
113 down-srcip)
114         shift
115         if [ "$#" -lt 1 ]
116         then
117             echo "Usage: $IPSEC_SCRIPT down-srcip <start> [<end>]"
118             exit 2
119         fi
120         rc=7
121         if [ -e $IPSEC_CHARON_PID ]
122         then
123                 $IPSEC_STROKE down-srcip $*
124                 rc="$?"
125         fi
126         exit "$rc"
127         ;;
128 listcards|rereadgroups)
129         op="$1"
130         shift
131         if [ -e $IPSEC_CHARON_PID ]
132         then
133                 exit 3
134         else
135                 exit 7
136         fi
137         ;;
138 leases)
139         op="$1"
140         rc=7
141         shift
142         if [ -e $IPSEC_CHARON_PID ]
143         then
144                 case "$#" in
145                 0) $IPSEC_STROKE "$op" ;;
146                 1) $IPSEC_STROKE "$op" "$1" ;;
147                 *) $IPSEC_STROKE "$op" "$1" "$2" ;;
148                 esac
149                 rc="$?"
150         fi
151         exit "$rc"
152         ;;
153 listalgs|listpubkeys|listplugins|\
154 listcerts|listcacerts|listaacerts|\
155 listacerts|listgroups|listocspcerts|\
156 listcainfos|listcrls|listocsp|listall|\
157 rereadsecrets|rereadcacerts|rereadaacerts|\
158 rereadacerts|rereadocspcerts|rereadcrls|\
159 rereadall|purgeocsp|listcounters|resetcounters)
160         op="$1"
161         rc=7
162         shift
163         if [ -e $IPSEC_CHARON_PID ]
164         then
165                 $IPSEC_STROKE "$op" "$@"
166                 rc="$?"
167         fi
168         exit "$rc"
169         ;;
170 purgeike|purgecrls|purgecerts)
171         rc=7
172         if [ -e $IPSEC_CHARON_PID ]
173         then
174                 $IPSEC_STROKE "$1"
175                 rc="$?"
176         fi
177         exit "$rc"
178         ;;
179 reload)
180         rc=7
181         if [ -e $IPSEC_STARTER_PID ]
182         then
183                 echo "Reloading strongSwan IPsec configuration..." >&2
184                 kill -USR1 `cat $IPSEC_STARTER_PID` 2>/dev/null && rc=0
185         else
186                 echo "Reloading strongSwan IPsec failed: starter is not running" >&2
187         fi
188         exit "$rc"
189         ;;
190 restart)
191         $IPSEC_SBINDIR/$IPSEC_SCRIPT stop
192         sleep 2
193         shift
194         exec $IPSEC_SBINDIR/$IPSEC_SCRIPT start "$@"
195         ;;
196 route|unroute)
197         op="$1"
198         rc=7
199         shift
200         if [ "$#" -ne 1 ]
201         then
202                 echo "Usage: $IPSEC_SCRIPT $op <connection name>"
203                 exit 2
204         fi
205         if [ -e $IPSEC_CHARON_PID ]
206         then
207                 $IPSEC_STROKE "$op" "$1"
208                 rc="$?"
209         fi
210         exit "$rc"
211         ;;
212 secrets)
213         rc=7
214         if [ -e $IPSEC_CHARON_PID ]
215         then
216                 $IPSEC_STROKE rereadsecrets
217                 rc="$?"
218         fi
219         exit "$rc"
220         ;;
221 start)
222         shift
223         if [ -d /var/lock/subsys ]; then
224                 touch /var/lock/subsys/ipsec
225         fi
226         exec $IPSEC_STARTER --daemon $DAEMON_NAME "$@"
227         ;;
228 status|statusall)
229         op="$1"
230         # Return value is slightly different for the status command:
231         # 0 - service up and running
232         # 1 - service dead, but /var/run/  pid  file exists
233         # 2 - service dead, but /var/lock/ lock file exists
234         # 3 - service not running (unused)
235         # 4 - service status unknown :-(
236         # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
237         shift
238         if [ $# -eq 0 ]
239         then
240                 if [ -e $IPSEC_CHARON_PID ]
241                 then
242                         $IPSEC_STROKE "$op"
243                 fi
244         else
245                 if [ -e $IPSEC_CHARON_PID ]
246                 then
247                         $IPSEC_STROKE "$op" "$1"
248                 fi
249         fi
250         if [ -e $IPSEC_STARTER_PID ]
251         then
252                 kill -0 `cat $IPSEC_STARTER_PID` 2>/dev/null
253                 exit $?
254         fi
255         exit 3
256         ;;
257 stop)
258         # stopping a not-running service is considered as success
259         if [ -e $IPSEC_STARTER_PID ]
260         then
261                 echo "Stopping strongSwan IPsec..." >&2
262                 spid=`cat $IPSEC_STARTER_PID`
263                 if [ -n "$spid" ]
264                 then
265                         kill $spid 2>/dev/null
266                         loop=11
267                         while [ $loop -gt 0 ] ; do
268                                 kill -0 $spid 2>/dev/null || break
269                                 sleep 1
270                                 loop=$(($loop - 1))
271                         done
272                         if [ $loop -eq 0 ]
273                         then
274                                 kill -KILL $spid 2>/dev/null
275                                 rm -f $IPSEC_STARTER_PID
276                         fi
277                 fi
278         else
279                 echo "Stopping strongSwan IPsec failed: starter is not running" >&2
280         fi
281         if [ -d /var/lock/subsys ]; then
282                 rm -f /var/lock/subsys/ipsec
283         fi
284         exit 0
285         ;;
286 up)
287         shift
288         if [ "$#" -ne 1 ]
289         then
290             echo "Usage: $IPSEC_SCRIPT up <connection name>"
291             exit 2
292         fi
293         rc=7
294         if [ -e $IPSEC_CHARON_PID ]
295         then
296                 $IPSEC_STROKE up "$1"
297                 rc="$?"
298         fi
299         exit "$rc"
300         ;;
301 update)
302         if [ -e $IPSEC_STARTER_PID ]
303         then
304                 echo "Updating strongSwan IPsec configuration..." >&2
305                 kill -HUP `cat $IPSEC_STARTER_PID`
306                 exit 0
307         else
308                 echo "Updating strongSwan IPsec failed: starter is not running" >&2
309                 exit 7
310         fi
311         ;;
312 version|--version)
313         printf "$OS_NAME $IPSEC_NAME $IPSEC_VERSION\n"
314         printf "$IPSEC_DISTRO\n"
315         printf "See '$IPSEC_SCRIPT --copyright' for copyright information.\n"
316         exit 0
317         ;;
318 --*)
319         echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
320         exit 2
321         ;;
322 esac
323
324 cmd="$1"
325 shift
326
327 path="$IPSEC_DIR/$cmd"
328
329 if [ ! -x "$path" ]
330 then
331     path="$IPSEC_DIR/$cmd"
332     if [ ! -x "$path" ]
333     then
334         echo "$0: unknown IPsec command \`$cmd' (\`$IPSEC_SCRIPT --help' for list)" >&2
335         exit 2
336     fi
337 fi
338
339 exec $path "$@"