2 # prefix command to run stuff from our programs directory
3 # Copyright (C) 1998-2002 Henry Spencer.
5 # This program is free software; you can redistribute it and/or modify it
6 # under the terms of the GNU General Public License as published by the
7 # Free Software Foundation; either version 2 of the License, or (at your
8 # option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 # This program is distributed in the hope that it will be useful, but
11 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 # RCSID $Id: ipsec.in,v 1.13 2006/03/09 20:09:33 as Exp $
19 # where the private directory and the config files are
20 IPSEC_EXECDIR="${IPSEC_EXECDIR-@IPSEC_EXECDIR@}"
21 IPSEC_LIBDIR="${IPSEC_LIBDIR-@IPSEC_LIBDIR@}"
22 IPSEC_SBINDIR="${IPSEC_SBINDIR-@IPSEC_SBINDIR@}"
23 IPSEC_CONFS="${IPSEC_CONFS-@IPSEC_CONFS@}"
25 IPSEC_DIR="$IPSEC_LIBDIR"
26 export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
28 IPSEC_STARTER_PID="/var/run/starter.pid"
29 IPSEC_CHARON_PID="/var/run/charon.pid"
31 # standardize PATH, and export it for everything else's benefit
32 PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
35 # things not to be listed in --help command list
36 DONTMENTION='^(ipsec|_.*|.*\.old|.*~)$'
38 # version numbering (details filled in by build)
39 # Possibly should call a C program to invoke the version_code() function
40 # instead, but for performance's sake, we inline it here (and only here).
43 # export the version information
44 IPSEC_VERSION="$version"
47 # function for the funky user/kernel version stuff
49 if test -f /proc/net/ipsec_version
52 kv="`awk '{print $NF}' /proc/net/ipsec_version`"
54 if test -f /proc/net/pfkey
59 kv="(no kernel code presently loaded)"
62 if test " $kv" != " $version"
64 version="U$version/K$kv"
66 version="$version$stack"
71 echo "Usage: ipsec command argument ..."
72 echo "Use --help for list of commands, or see ipsec(8) manual page"
73 echo "or the $IPSEC_NAME documentation for names of the common ones."
74 echo "Most have their own manual pages, e.g. ipsec_auto(8)."
75 echo "See <http://www.strongswan.org> for more general info."
79 echo "Usage: ipsec command argument ..."
80 echo "where command is one of:"
81 echo " start|restart arguments..."
82 echo " update|reload|stop"
83 echo " up|down|route|unroute <connectionname>"
84 echo " status|statusall [<connectionname>]"
86 echo " listalgs|listpubkeys|listcerts [--utc]"
87 echo " listcacerts|listaacerts|listocspcerts [--utc]"
88 echo " listacerts|listgroups|listcainfos [--utc]"
89 echo " listcrls|listocsp|listcards|listall [--utc]"
90 echo " rereadsecrets|rereadgroups"
91 echo " rereadcacerts|rereadaacerts|rereadocspcerts"
92 echo " rereadacerts|rereadcrls|rereadall"
94 echo " scencrypt|scdecrypt <value> [--inbase <base>] [--outbase <base>] [--keyid <id>]"
104 echo "Some of these functions have their own manual pages, e.g. ipsec_scepclient(8)."
114 # and fall through, invoking "ipsec _copyright"
126 $IPSEC_EXECDIR/whack --name "$1" --terminate
127 if test -e $IPSEC_CHARON_PID
129 $IPSEC_EXECDIR/stroke down "$1"
133 listalgs|listpubkeys|listcerts|listcacerts|\
134 listaacerts|listocspcerts|listacerts|listgroups|\
135 listcainfos|listcrls|listocsp|listcards|\
136 listall|purgeocsp|rereadsecrets|rereadgroups|\
137 rereadcacerts|rereadaacerts|rereadocspcerts|\
138 rereadacerts|rereadcrls|rereadall)
141 $IPSEC_EXECDIR/whack "$@" "--$op"
142 if test -e $IPSEC_CHARON_PID
144 $IPSEC_EXECDIR/stroke "$op"
150 $IPSEC_EXECDIR/whack --listen
154 if test -e $IPSEC_STARTER_PID
156 echo "Reloading strongSwan IPsec configuration..." >&2
157 kill -s USR1 `cat $IPSEC_STARTER_PID`
159 echo "ipsec starter is not running" >&2
164 $IPSEC_SBINDIR/ipsec stop
167 $IPSEC_SBINDIR/ipsec start "$@"
173 $IPSEC_EXECDIR/whack --name "$1" "--$op"
179 $IPSEC_EXECDIR/whack "--$op" "$@"
183 $IPSEC_EXECDIR/whack --rereadsecrets
188 exec $IPSEC_EXECDIR/starter "$@"
195 $IPSEC_EXECDIR/whack "--$op"
196 if test -e $IPSEC_CHARON_PID
198 $IPSEC_EXECDIR/stroke "$op"
201 $IPSEC_EXECDIR/whack --name "$1" "--$op"
202 if test -e $IPSEC_CHARON_PID
204 $IPSEC_EXECDIR/stroke "$op" "$1"
210 if test -e $IPSEC_STARTER_PID
212 echo "Stopping strongSwan IPsec..." >&2
213 kill `cat $IPSEC_STARTER_PID`
215 echo "ipsec starter is not running" >&2
221 $IPSEC_EXECDIR/whack --name "$1" --initiate
222 if test -e $IPSEC_CHARON_PID
224 $IPSEC_EXECDIR/stroke up "$1"
229 if test -e $IPSEC_STARTER_PID
231 echo "Updating strongSwan IPsec configuration..." >&2
232 kill -s HUP `cat $IPSEC_STARTER_PID`
234 echo "ipsec starter is not running" >&2
240 echo "Linux $IPSEC_NAME $version"
241 echo "See \`ipsec --copyright' for copyright information."
242 if [ -f $IPSEC_LIBDIR/distro.txt ]
244 cat $IPSEC_LIBDIR/distro.txt
249 echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
257 path="$IPSEC_EXECDIR/$cmd"
261 path="$IPSEC_LIBDIR/$cmd"
264 echo "$0: unknown IPsec command \`$cmd' (\`ipsec --help' for list)" >&2