renamed some IKEv2 OpenSSL scenarios
[strongswan.git] / src / ipsec / ipsec.in
1 #! /bin/sh
2 # prefix command to run stuff from our programs directory
3 # Copyright (C) 1998-2002  Henry Spencer.
4 # Copyright (C) 2006 Andreas Steffen
5 # Copyright (C) 2006 Martin Willi 
6
7 # This program is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by the
9 # Free Software Foundation; either version 2 of the License, or (at your
10 # option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
11
12 # This program is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 # or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
15 # for more details.
16
17 # define a minimum PATH environment in case it is not set
18 PATH="/sbin:/bin:/usr/sbin:/usr/bin:@IPSEC_SBINDIR@"
19 export PATH
20
21 # name and version of the ipsec implementation
22 IPSEC_NAME="@IPSEC_NAME@"
23 IPSEC_VERSION="U@IPSEC_VERSION@/K`uname -r`"
24
25 # where the private directory and the config files are
26 IPSEC_DIR="@IPSEC_DIR@"
27 IPSEC_SBINDIR="@IPSEC_SBINDIR@"
28 IPSEC_CONFDIR="@IPSEC_CONFDIR@"
29 IPSEC_PIDDIR="@IPSEC_PIDDIR@"
30
31 IPSEC_STARTER_PID="${IPSEC_PIDDIR}/starter.pid"
32 IPSEC_PLUTO_PID="${IPSEC_PIDDIR}/pluto.pid"
33 IPSEC_CHARON_PID="${IPSEC_PIDDIR}/charon.pid"
34
35 IPSEC_WHACK="${IPSEC_DIR}/whack"
36 IPSEC_STROKE="${IPSEC_DIR}/stroke"
37 IPSEC_STARTER="${IPSEC_DIR}/starter"
38
39 export IPSEC_DIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_PLUTO_PID IPSEC_CHARON_PID
40
41 IPSEC_DISTRO="Institute for Internet Technologies and Applications\nUniversity of Applied Sciences Rapperswil, Switzerland"
42
43 case "$1" in
44 '')
45         echo "Usage: ipsec command argument ..."
46         echo "Use --help for list of commands, or see ipsec(8) manual page"
47         echo "or the $IPSEC_NAME documentation for names of the common ones."
48         echo "Most have their own manual pages, e.g. ipsec_auto(8)."
49         echo "See <http://www.strongswan.org> for more general info."
50         exit 0
51         ;;
52 --help)
53         echo "Usage: ipsec command argument ..."
54         echo "where command is one of:"
55         echo "  start|restart  arguments..."
56         echo "  update|reload|stop"
57         echo "  up|down|route|unroute <connectionname>"
58         echo "  status|statusall [<connectionname>]"
59         echo "  ready"
60         echo "  listalgs|listpubkeys|listcerts [--utc]"
61         echo "  listcacerts|listaacerts|listocspcerts [--utc]"
62         echo "  listacerts|listgroups|listcainfos [--utc]"
63         echo "  listcrls|listocsp|listcards|listall [--utc]"
64         echo "  leases [<poolname> [<address>]]"
65         echo "  rereadsecrets|rereadgroups"
66         echo "  rereadcacerts|rereadaacerts|rereadocspcerts"
67         echo "  rereadacerts|rereadcrls|rereadall"
68         echo "  purgeocsp|purgeike"
69         echo "  scencrypt|scdecrypt <value> [--inbase <base>] [--outbase <base>] [--keyid <id>]"
70         echo "  openac"
71         echo "  pluto"
72         echo "  scepclient"
73         echo "  secrets"
74         echo "  starter"
75         echo "  version"
76         echo "  whack"
77         echo "  stroke"
78         echo
79         echo "Some of these functions have their own manual pages, e.g. ipsec_scepclient(8)."
80         exit 0
81         ;;
82 --versioncode)
83         echo "$IPSEC_VERSION"
84         exit 0
85         ;;
86 --directory)
87         echo "$IPSEC_DIR"
88         exit 0
89         ;;
90 --confdir)
91         echo "$IPSEC_CONFDIR"
92         exit 0
93         ;;
94 copyright|--copyright)
95         set _copyright
96         # and fall through, invoking "ipsec _copyright"
97         ;;
98 down)
99         shift
100         if [ "$#" -ne 1 ]
101         then
102             echo "Usage: ipsec down <connection name>"
103             exit 2
104         fi
105         rc=7
106         if [ -e $IPSEC_PLUTO_PID ]
107         then
108                 $IPSEC_WHACK --name "$1" --terminate
109                 rc="$?"
110         fi
111         if [ -e $IPSEC_CHARON_PID ]
112         then
113                 $IPSEC_STROKE down "$1"
114                 rc="$?"
115         fi
116         exit "$rc"
117         ;;
118 down-srcip)
119         shift
120         if [ "$#" -lt 1 ]
121         then
122             echo "Usage: ipsec down-srcip <start> [<end>]"
123             exit 2
124         fi
125         rc=7
126         if [ -e $IPSEC_CHARON_PID ]
127         then
128                 $IPSEC_STROKE down-srcip $*
129                 rc="$?"
130         fi
131         exit "$rc"
132         ;;
133 listcards|rereadgroups)
134         op="$1"
135         shift
136         if [ -e $IPSEC_PLUTO_PID ]
137         then
138                 $IPSEC_WHACK "$@" "--$op"
139                 rc="$?"
140         fi
141         if [ -e $IPSEC_CHARON_PID ] 
142         then 
143                 exit 3 
144         else 
145                 exit 7 
146         fi 
147         ;;
148 leases)
149         op="$1"
150         rc=7
151         shift
152         if [ -e $IPSEC_CHARON_PID ]
153         then
154                 case "$#" in
155                 0) $IPSEC_STROKE "$op" ;;
156                 1) $IPSEC_STROKE "$op" "$1" ;;
157                 *) $IPSEC_STROKE "$op" "$1" "$2" ;;
158                 esac
159                 rc="$?"
160         fi
161         exit "$rc"
162         ;;
163 listalgs|\listpubkeys|\
164 listcerts|listcacerts|listaacerts|\
165 listacerts|listgroups|listocspcerts|\
166 listcainfos|listcrls|listocsp|listall|\
167 rereadsecrets|rereadcacerts|rereadaacerts|\
168 rereadacerts|rereadocspcerts|rereadcrls|\
169 rereadall|purgeocsp)
170         op="$1"
171         rc=7
172         shift
173         if [ -e $IPSEC_PLUTO_PID ]
174         then
175                 $IPSEC_WHACK "$@" "--$op"
176                 rc="$?"
177         fi
178         if [ -e $IPSEC_CHARON_PID ]
179         then
180                 $IPSEC_STROKE "$op" "$@"
181                 rc="$?"
182         fi
183         exit "$rc"
184         ;;
185 purgeike)
186         rc=7
187         if [ -e $IPSEC_CHARON_PID ]
188         then
189                 $IPSEC_STROKE purgeike
190                 rc="$?"
191         fi
192         exit "$rc"
193         ;;
194 ready)
195         shift
196         if [ -e $IPSEC_PLUTO_PID ]
197         then
198                 $IPSEC_WHACK --listen
199                 exit 0
200         else
201                 exit 7
202         fi
203         ;;
204 reload)
205         rc=7
206         if [ -e $IPSEC_STARTER_PID ]
207         then
208                 echo "Reloading strongSwan IPsec configuration..." >&2
209                 kill -USR1 `cat $IPSEC_STARTER_PID` 2>/dev/null && rc=0
210         else
211                 echo "Reloading strongSwan IPsec failed: starter is not running" >&2
212         fi
213         exit "$rc"
214         ;;
215 restart)
216         $IPSEC_SBINDIR/ipsec stop
217         sleep 2
218         shift
219         exec $IPSEC_SBINDIR/ipsec start "$@"
220         ;;
221 route|unroute)
222         op="$1"
223         rc=7
224         shift
225         if [ "$#" -ne 1 ]
226         then
227                 echo "Usage: ipsec $op <connection name>"
228                 exit 2
229         fi
230         if [ -e $IPSEC_PLUTO_PID ]
231         then
232                 $IPSEC_WHACK --name "$1" "--$op"
233                 rc="$?"
234         fi
235         if [ -e $IPSEC_CHARON_PID ]
236         then
237                 $IPSEC_STROKE "$op" "$1"
238                 rc="$?"
239         fi
240         exit "$rc"
241         ;;
242 scencrypt|scdecrypt)
243         op="$1"
244         shift
245         if [ -e $IPSEC_PLUTO_PID ]
246         then
247                 $IPSEC_WHACK "--$op" "$@"
248                 exit "$?"
249         else
250                 exit 7
251         fi
252         ;;
253 secrets)
254         rc=7
255         if [ -e $IPSEC_PLUTO_PID ]
256         then
257                 $IPSEC_WHACK --rereadsecrets
258                 rc="$?"
259         fi
260         if [ -e $IPSEC_CHARON_PID ]
261         then
262                 $IPSEC_STROKE rereadsecrets
263                 rc="$?"
264         fi
265         exit "$rc"
266         ;;
267 start)
268         shift
269         if [ -d /var/lock/subsys ]; then
270                 touch /var/lock/subsys/ipsec
271         fi
272         exec $IPSEC_STARTER "$@"
273         ;;
274 status|statusall)
275         op="$1"
276         # Return value is slightly different for the status command:
277         # 0 - service up and running
278         # 1 - service dead, but /var/run/  pid  file exists
279         # 2 - service dead, but /var/lock/ lock file exists
280         # 3 - service not running (unused)
281         # 4 - service status unknown :-(
282         # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
283         shift
284         if [ $# -eq 0 ]
285         then
286                 if [ -e $IPSEC_PLUTO_PID ]
287                 then
288                         $IPSEC_WHACK "--$op"
289                 fi
290                 if [ -e $IPSEC_CHARON_PID ]
291                 then
292                         $IPSEC_STROKE "$op"
293                 fi
294         else
295                 if [ -e $IPSEC_PLUTO_PID ]
296                 then
297                         $IPSEC_WHACK --name "$1" "--$op"
298                 fi
299                 if [ -e $IPSEC_CHARON_PID ]
300                 then
301                         $IPSEC_STROKE "$op" "$1"
302                 fi
303         fi
304         if [ -e $IPSEC_STARTER_PID ]
305         then
306                 kill -0 `cat $IPSEC_STARTER_PID` 2>/dev/null
307                 exit $?
308         fi
309         exit 3
310         ;;
311 stop)
312         # stopping a not-running service is considered as success
313         if [ -e $IPSEC_STARTER_PID ]
314         then
315                 echo "Stopping strongSwan IPsec..." >&2
316                 spid=`cat $IPSEC_STARTER_PID`
317                 if [ -n "$spid" ]
318                 then
319                         kill $spid 2>/dev/null
320                         loop=5
321                         while [ $loop -gt 0 ] ; do
322                                 kill -0 $spid 2>/dev/null || break
323                                 sleep 1
324                                 loop=$(($loop - 1))
325                         done
326                         if [ $loop -eq 0 ]
327                         then
328                                 kill -KILL $spid 2>/dev/null
329                                 rm -f $IPSEC_STARTER_PID
330                         fi
331                 fi
332         else
333                 echo "Stopping strongSwan IPsec failed: starter is not running" >&2
334         fi
335         if [ -d /var/lock/subsys ]; then
336                 rm -f /var/lock/subsys/ipsec
337         fi
338         exit 0
339         ;;
340 up)
341         shift
342         if [ "$#" -ne 1 ]
343         then
344             echo "Usage: ipsec up <connection name>"
345             exit 2
346         fi
347         rc=7
348         if [ -e $IPSEC_PLUTO_PID ]
349         then
350                 $IPSEC_WHACK --name "$1" --initiate
351                 rc="$?"
352         fi
353         if [ -e $IPSEC_CHARON_PID ]
354         then
355                 $IPSEC_STROKE up "$1"
356                 rc="$?"
357         fi
358         exit "$rc"
359         ;;
360 update)
361         if [ -e $IPSEC_STARTER_PID ]
362         then
363                 echo "Updating strongSwan IPsec configuration..." >&2
364                 kill -HUP `cat $IPSEC_STARTER_PID`
365                 exit 0
366         else
367                 echo "Updating strongSwan IPsec failed: starter is not running" >&2
368                 exit 7
369         fi
370         ;;
371 version|--version)
372         printf "Linux $IPSEC_NAME $IPSEC_VERSION\n"
373         printf "$IPSEC_DISTRO\n"
374         printf "See 'ipsec --copyright' for copyright information.\n"
375         exit 0
376         ;;
377 --*)
378         echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
379         exit 2
380         ;;
381 esac
382
383 cmd="$1"
384 shift
385
386 path="$IPSEC_DIR/$cmd"
387
388 if [ ! -x "$path" ]
389 then
390     path="$IPSEC_DIR/$cmd"
391     if [ ! -x "$path" ]
392     then
393         echo "$0: unknown IPsec command \`$cmd' (\`ipsec --help' for list)" >&2
394         exit 2
395     fi
396 fi
397
398 exec $path "$@"