charon-nm: Set DPD/close action to restart and enable indefinite keying tries
[strongswan.git] / src / ipsec / _ipsec.in
1 #! @IPSEC_SHELL@
2 # prefix command to run stuff from our programs directory
3 # Copyright (C) 1998-2002  Henry Spencer.
4 # Copyright (C) 2006-2014 Andreas Steffen
5 # Copyright (C) 2006 Martin Willi
6 #
7 # This program is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by the
9 # Free Software Foundation; either version 2 of the License, or (at your
10 # option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
11 #
12 # This program is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 # or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
15 # for more details.
16
17 # define a minimum PATH environment in case it is not set
18 PATH=${PATH:-"/sbin:/bin:/usr/sbin:/usr/bin"}
19 export PATH
20
21 # set daemon name
22 [ -z "$DAEMON_NAME" ] && DAEMON_NAME="charon"
23
24 # name and version of the ipsec implementation
25 OS_NAME=`uname -s`
26 IPSEC_NAME="@IPSEC_NAME@"
27 IPSEC_VERSION="U@IPSEC_VERSION@/K`uname -r`"
28
29 # where the private directory and the config files are
30 IPSEC_DIR="@IPSEC_DIR@"
31 IPSEC_BINDIR="@IPSEC_BINDIR@"
32 IPSEC_SBINDIR="@IPSEC_SBINDIR@"
33 IPSEC_CONFDIR="@IPSEC_CONFDIR@"
34 IPSEC_PIDDIR="@IPSEC_PIDDIR@"
35 IPSEC_SCRIPT="@IPSEC_SCRIPT@"
36
37 IPSEC_STARTER_PID="${IPSEC_PIDDIR}/starter.${DAEMON_NAME}.pid"
38 IPSEC_CHARON_PID="${IPSEC_PIDDIR}/${DAEMON_NAME}.pid"
39
40 IPSEC_STROKE="${IPSEC_DIR}/stroke"
41 IPSEC_STARTER="${IPSEC_DIR}/starter"
42
43 export IPSEC_DIR IPSEC_BINDIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_SCRIPT IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_CHARON_PID
44
45 IPSEC_DISTRO="University of Applied Sciences Rapperswil, Switzerland"
46
47 command_dir="$IPSEC_DIR"
48
49 case "$1" in
50 '')
51         echo "$IPSEC_SCRIPT command [arguments]"
52         echo
53         echo "Use --help for a list of commands, or refer to the $IPSEC_SCRIPT(8) man page."
54         echo "See <http://www.strongswan.org> for more general information."
55         exit 0
56         ;;
57 --help)
58         echo "$IPSEC_SCRIPT command [arguments]"
59         echo
60         echo "Commands:"
61         echo "  start|restart [arguments]"
62         echo "  update|reload|stop"
63         echo "  up|down|route|unroute <connectionname>"
64         echo "  down-srcip <start> [<end>]"
65         echo "  status|statusall [<connectionname>]"
66         echo "  listalgs|listpubkeys|listcerts [--utc]"
67         echo "  listcacerts|listaacerts|listocspcerts [--utc]"
68         echo "  listacerts|listgroups|listcainfos [--utc]"
69         echo "  listcrls|listocsp|listplugins|listall [--utc]"
70         echo "  listcounters|resetcounters [name]"
71         echo "  leases [<poolname> [<address>]]"
72         echo "  rereadsecrets|rereadcacerts|rereadaacerts"
73         echo "  rereadocspcerts|rereadacerts|rereadcrls|rereadall"
74         echo "  purgecerts|purgecrls|purgeike|purgeocsp"
75         echo "  scepclient|pki"
76         echo "  stroke"
77         echo "  version"
78         echo
79         echo "Refer to the $IPSEC_SCRIPT(8) man page for details."
80         echo "Some commands have their own man pages, e.g. pki(1) or scepclient(8)."
81         exit 0
82         ;;
83 --versioncode)
84         echo "$IPSEC_VERSION"
85         exit 0
86         ;;
87 --directory)
88         echo "$IPSEC_DIR"
89         exit 0
90         ;;
91 --confdir)
92         echo "$IPSEC_CONFDIR"
93         exit 0
94         ;;
95 --piddir)
96         echo "$IPSEC_PIDDIR"
97         exit 0
98         ;;
99 down)
100         shift
101         if [ "$#" -ne 1 ]
102         then
103                 echo "Usage: $IPSEC_SCRIPT down <connection name>"
104                 exit 2
105         fi
106         rc=7
107         if [ -e $IPSEC_CHARON_PID ]
108         then
109                 $IPSEC_STROKE down "$1"
110                 rc="$?"
111         fi
112         exit "$rc"
113         ;;
114 down-srcip)
115         shift
116         if [ "$#" -lt 1 ]
117         then
118                 echo "Usage: $IPSEC_SCRIPT down-srcip <start> [<end>]"
119                 exit 2
120         fi
121         rc=7
122         if [ -e $IPSEC_CHARON_PID ]
123         then
124                 $IPSEC_STROKE down-srcip $*
125                 rc="$?"
126         fi
127         exit "$rc"
128         ;;
129 leases)
130         op="$1"
131         rc=7
132         shift
133         if [ -e $IPSEC_CHARON_PID ]
134         then
135                 case "$#" in
136                 0) $IPSEC_STROKE "$op" ;;
137                 1) $IPSEC_STROKE "$op" "$1" ;;
138                 *) $IPSEC_STROKE "$op" "$1" "$2" ;;
139                 esac
140                 rc="$?"
141         fi
142         exit "$rc"
143         ;;
144 listalgs|listpubkeys|listplugins|\
145 listcerts|listcacerts|listaacerts|\
146 listacerts|listgroups|listocspcerts|\
147 listcainfos|listcrls|listocsp|listall|\
148 rereadsecrets|rereadcacerts|rereadaacerts|\
149 rereadacerts|rereadocspcerts|rereadcrls|\
150 rereadall|purgeocsp|listcounters|resetcounters)
151         op="$1"
152         rc=7
153         shift
154         if [ -e $IPSEC_CHARON_PID ]
155         then
156                 $IPSEC_STROKE "$op" "$@"
157                 rc="$?"
158         fi
159         exit "$rc"
160         ;;
161 purgeike|purgecrls|purgecerts)
162         rc=7
163         if [ -e $IPSEC_CHARON_PID ]
164         then
165                 $IPSEC_STROKE "$1"
166                 rc="$?"
167         fi
168         exit "$rc"
169         ;;
170 reload)
171         rc=7
172         if [ -e $IPSEC_STARTER_PID ]
173         then
174                 echo "Reloading strongSwan IPsec configuration..." >&2
175                 kill -USR1 `cat $IPSEC_STARTER_PID` 2>/dev/null && rc=0
176         else
177                 echo "Reloading strongSwan IPsec failed: starter is not running" >&2
178         fi
179         exit "$rc"
180         ;;
181 restart)
182         $IPSEC_SBINDIR/$IPSEC_SCRIPT stop
183         sleep 2
184         shift
185         exec $IPSEC_SBINDIR/$IPSEC_SCRIPT start "$@"
186         ;;
187 route|unroute)
188         op="$1"
189         rc=7
190         shift
191         if [ "$#" -ne 1 ]
192         then
193                 echo "Usage: $IPSEC_SCRIPT $op <connection name>"
194                 exit 2
195         fi
196         if [ -e $IPSEC_CHARON_PID ]
197         then
198                 $IPSEC_STROKE "$op" "$1"
199                 rc="$?"
200         fi
201         exit "$rc"
202         ;;
203 secrets)
204         rc=7
205         if [ -e $IPSEC_CHARON_PID ]
206         then
207                 $IPSEC_STROKE rereadsecrets
208                 rc="$?"
209         fi
210         exit "$rc"
211         ;;
212 start)
213         shift
214         if [ -d /var/lock/subsys ]; then
215                 touch /var/lock/subsys/ipsec
216         fi
217         exec $IPSEC_STARTER --daemon $DAEMON_NAME "$@"
218         ;;
219 status|statusall)
220         op="$1"
221         # Return value is slightly different for the status command:
222         # 0 - service up and running
223         # 1 - service dead, but /var/run/  pid  file exists
224         # 2 - service dead, but /var/lock/ lock file exists
225         # 3 - service not running (unused)
226         # 4 - service status unknown :-(
227         # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
228         shift
229         if [ $# -eq 0 ]
230         then
231                 if [ -e $IPSEC_CHARON_PID ]
232                 then
233                         $IPSEC_STROKE "$op"
234                 fi
235         else
236                 if [ -e $IPSEC_CHARON_PID ]
237                 then
238                         $IPSEC_STROKE "$op" "$1"
239                 fi
240         fi
241         if [ -e $IPSEC_STARTER_PID ]
242         then
243                 kill -0 `cat $IPSEC_STARTER_PID` 2>/dev/null
244                 exit $?
245         fi
246         exit 3
247         ;;
248 stop)
249         # stopping a not-running service is considered as success
250         if [ -e $IPSEC_STARTER_PID ]
251         then
252                 echo "Stopping strongSwan IPsec..." >&2
253                 spid=`cat $IPSEC_STARTER_PID`
254                 if [ -n "$spid" ]
255                 then
256                         kill $spid 2>/dev/null
257                         loop=110
258                         while [ $loop -gt 0 ] ; do
259                                 kill -0 $spid 2>/dev/null || break
260                                 sleep 0.1 2>/dev/null
261                                 if [ $? -ne 0 ]
262                                 then
263                                         sleep 1
264                                         loop=$(($loop - 9))
265                                 fi
266                                 loop=$(($loop - 1))
267                         done
268                         if [ $loop -le 0 ]
269                         then
270                                 kill -KILL $spid 2>/dev/null
271                                 rm -f $IPSEC_STARTER_PID
272                         fi
273                 fi
274         else
275                 echo "Stopping strongSwan IPsec failed: starter is not running" >&2
276         fi
277         if [ -d /var/lock/subsys ]; then
278                 rm -f /var/lock/subsys/ipsec
279         fi
280         exit 0
281         ;;
282 up)
283         shift
284         if [ "$#" -ne 1 ]
285         then
286                 echo "Usage: $IPSEC_SCRIPT up <connection name>"
287                 exit 2
288         fi
289         rc=7
290         if [ -e $IPSEC_CHARON_PID ]
291         then
292                 $IPSEC_STROKE up "$1"
293                 rc="$?"
294         fi
295         exit "$rc"
296         ;;
297 update)
298         if [ -e $IPSEC_STARTER_PID ]
299         then
300                 echo "Updating strongSwan IPsec configuration..." >&2
301                 kill -HUP `cat $IPSEC_STARTER_PID`
302                 exit 0
303         else
304                 echo "Updating strongSwan IPsec failed: starter is not running" >&2
305                 exit 7
306         fi
307         ;;
308 aikgen|pki)
309         # programs in BINDIR may be called directly, these two are listed for legacy reasons
310         command_dir="$IPSEC_BINDIR"
311         # fall through
312         ;;
313 attest|conftest|dumm|irdumm|pool|pt-tls-client|scepclient|stroke|\
314 duplicheck|error-notify|imv_policy_manager|load-tester|lookip|whitelist|\
315 _updown|_imv_policy)
316         # fall through
317         ;;
318 copyright|--copyright)
319         set _copyright
320         # fall through
321         ;;
322 version|--version)
323         printf "$OS_NAME $IPSEC_NAME $IPSEC_VERSION\n"
324         printf "$IPSEC_DISTRO\n"
325         printf "See '$IPSEC_SCRIPT --copyright' for copyright information.\n"
326         exit 0
327         ;;
328 --*)
329         echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
330         exit 2
331         ;;
332 *)
333         echo "$0: unknown command \`$1' (\`$IPSEC_SCRIPT --help' for list)" >&2
334         exit 2
335         ;;
336 esac
337
338 cmd="$1"
339 shift
340
341 path="$command_dir/$cmd"
342
343 if [ ! -x "$path" ]
344 then
345         echo "$0: unknown command \`$cmd' (\`$IPSEC_SCRIPT --help' for list)" >&2
346         exit 2
347 fi
348
349 exec $path "$@"