2 # prefix command to run stuff from our programs directory
3 # Copyright (C) 1998-2002 Henry Spencer.
4 # Copyright (C) 2006-2014 Andreas Steffen
5 # Copyright (C) 2006 Martin Willi
7 # This program is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by the
9 # Free Software Foundation; either version 2 of the License, or (at your
10 # option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 # This program is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 # define a minimum PATH environment in case it is not set
18 PATH=${PATH:-"/sbin:/bin:/usr/sbin:/usr/bin"}
22 [ -z "$DAEMON_NAME" ] && DAEMON_NAME="charon"
24 # name and version of the ipsec implementation
26 IPSEC_NAME="@IPSEC_NAME@"
27 IPSEC_VERSION="U@IPSEC_VERSION@/K`uname -r`"
29 # where the private directory and the config files are
30 IPSEC_DIR="@IPSEC_DIR@"
31 IPSEC_BINDIR="@IPSEC_BINDIR@"
32 IPSEC_SBINDIR="@IPSEC_SBINDIR@"
33 IPSEC_CONFDIR="@IPSEC_CONFDIR@"
34 IPSEC_PIDDIR="@IPSEC_PIDDIR@"
35 IPSEC_SCRIPT="@IPSEC_SCRIPT@"
37 IPSEC_STARTER_PID="${IPSEC_PIDDIR}/starter.${DAEMON_NAME}.pid"
38 IPSEC_CHARON_PID="${IPSEC_PIDDIR}/${DAEMON_NAME}.pid"
40 IPSEC_STROKE="${IPSEC_DIR}/stroke"
41 IPSEC_STARTER="${IPSEC_DIR}/starter"
43 export IPSEC_DIR IPSEC_BINDIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_SCRIPT IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_CHARON_PID
45 IPSEC_DISTRO="Institute for Internet Technologies and Applications\nUniversity of Applied Sciences Rapperswil, Switzerland"
49 echo "$IPSEC_SCRIPT command [arguments]"
51 echo "Use --help for a list of commands, or refer to the $IPSEC_SCRIPT(8) man page."
52 echo "See <http://www.strongswan.org> for more general information."
56 echo "$IPSEC_SCRIPT command [arguments]"
59 echo " start|restart [arguments]"
60 echo " update|reload|stop"
61 echo " up|down|route|unroute <connectionname>"
62 echo " down-srcip <start> [<end>]"
63 echo " status|statusall [<connectionname>]"
64 echo " listalgs|listpubkeys|listcerts [--utc]"
65 echo " listcacerts|listaacerts|listocspcerts [--utc]"
66 echo " listacerts|listgroups|listcainfos [--utc]"
67 echo " listcrls|listocsp|listplugins|listall [--utc]"
68 echo " listcounters|resetcounters [name]"
69 echo " leases [<poolname> [<address>]]"
70 echo " rereadsecrets|rereadcacerts|rereadaacerts"
71 echo " rereadocspcerts|rereadacerts|rereadcrls|rereadall"
72 echo " purgecerts|purgecrls|purgeike|purgeocsp"
73 echo " scepclient|pki"
74 echo " starter|stroke"
77 echo "Refer to the $IPSEC_SCRIPT(8) man page for details."
78 echo "Some commands have their own man pages, e.g. pki(1) or scepclient(8)."
97 copyright|--copyright)
99 # and fall through, invoking "ipsec _copyright"
105 echo "Usage: $IPSEC_SCRIPT down <connection name>"
109 if [ -e $IPSEC_CHARON_PID ]
111 $IPSEC_STROKE down "$1"
120 echo "Usage: $IPSEC_SCRIPT down-srcip <start> [<end>]"
124 if [ -e $IPSEC_CHARON_PID ]
126 $IPSEC_STROKE down-srcip $*
135 if [ -e $IPSEC_CHARON_PID ]
138 0) $IPSEC_STROKE "$op" ;;
139 1) $IPSEC_STROKE "$op" "$1" ;;
140 *) $IPSEC_STROKE "$op" "$1" "$2" ;;
146 listalgs|listpubkeys|listplugins|\
147 listcerts|listcacerts|listaacerts|\
148 listacerts|listgroups|listocspcerts|\
149 listcainfos|listcrls|listocsp|listall|\
150 rereadsecrets|rereadcacerts|rereadaacerts|\
151 rereadacerts|rereadocspcerts|rereadcrls|\
152 rereadall|purgeocsp|listcounters|resetcounters)
156 if [ -e $IPSEC_CHARON_PID ]
158 $IPSEC_STROKE "$op" "$@"
163 purgeike|purgecrls|purgecerts)
165 if [ -e $IPSEC_CHARON_PID ]
174 if [ -e $IPSEC_STARTER_PID ]
176 echo "Reloading strongSwan IPsec configuration..." >&2
177 kill -USR1 `cat $IPSEC_STARTER_PID` 2>/dev/null && rc=0
179 echo "Reloading strongSwan IPsec failed: starter is not running" >&2
184 $IPSEC_SBINDIR/$IPSEC_SCRIPT stop
187 exec $IPSEC_SBINDIR/$IPSEC_SCRIPT start "$@"
195 echo "Usage: $IPSEC_SCRIPT $op <connection name>"
198 if [ -e $IPSEC_CHARON_PID ]
200 $IPSEC_STROKE "$op" "$1"
207 if [ -e $IPSEC_CHARON_PID ]
209 $IPSEC_STROKE rereadsecrets
216 if [ -d /var/lock/subsys ]; then
217 touch /var/lock/subsys/ipsec
219 exec $IPSEC_STARTER --daemon $DAEMON_NAME "$@"
223 # Return value is slightly different for the status command:
224 # 0 - service up and running
225 # 1 - service dead, but /var/run/ pid file exists
226 # 2 - service dead, but /var/lock/ lock file exists
227 # 3 - service not running (unused)
228 # 4 - service status unknown :-(
229 # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
233 if [ -e $IPSEC_CHARON_PID ]
238 if [ -e $IPSEC_CHARON_PID ]
240 $IPSEC_STROKE "$op" "$1"
243 if [ -e $IPSEC_STARTER_PID ]
245 kill -0 `cat $IPSEC_STARTER_PID` 2>/dev/null
251 # stopping a not-running service is considered as success
252 if [ -e $IPSEC_STARTER_PID ]
254 echo "Stopping strongSwan IPsec..." >&2
255 spid=`cat $IPSEC_STARTER_PID`
258 kill $spid 2>/dev/null
260 while [ $loop -gt 0 ] ; do
261 kill -0 $spid 2>/dev/null || break
267 kill -KILL $spid 2>/dev/null
268 rm -f $IPSEC_STARTER_PID
272 echo "Stopping strongSwan IPsec failed: starter is not running" >&2
274 if [ -d /var/lock/subsys ]; then
275 rm -f /var/lock/subsys/ipsec
283 echo "Usage: $IPSEC_SCRIPT up <connection name>"
287 if [ -e $IPSEC_CHARON_PID ]
289 $IPSEC_STROKE up "$1"
295 if [ -e $IPSEC_STARTER_PID ]
297 echo "Updating strongSwan IPsec configuration..." >&2
298 kill -HUP `cat $IPSEC_STARTER_PID`
301 echo "Updating strongSwan IPsec failed: starter is not running" >&2
307 exec $IPSEC_BINDIR/pki "$@"
311 exec $IPSEC_BINDIR/aikgen "$@"
314 printf "$OS_NAME $IPSEC_NAME $IPSEC_VERSION\n"
315 printf "$IPSEC_DISTRO\n"
316 printf "See '$IPSEC_SCRIPT --copyright' for copyright information.\n"
320 echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
328 path="$IPSEC_DIR/$cmd"
332 echo "$0: unknown IPsec command \`$cmd' (\`$IPSEC_SCRIPT --help' for list)" >&2