3 # Copyright (C) 1998, 1999, 2001 Henry Spencer.
5 # This program is free software; you can redistribute it and/or modify it
6 # under the terms of the GNU General Public License as published by the
7 # Free Software Foundation; either version 2 of the License, or (at your
8 # option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 # This program is distributed in the hope that it will be useful, but
11 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 # RCSID $Id: _plutorun,v 1.8.10.3 2002/04/12 16:06:47 mcr Exp $
17 me='ipsec _plutorun' # for messages
20 pidfile=/var/run/pluto.pid
25 --re) verb="Restarting" ;;
26 --debug) plutodebug="$2" ; shift ;;
27 --uniqueids) uniqueids="$2" ; shift ;;
28 --nat_traversal) nat_traversal="$2" ; shift ;;
29 --keep_alive) keep_alive="$2" ; shift ;;
30 --force_keepalive) force_keepalive="$2" ; shift ;;
31 --disable_port_floating) disable_port_floating="$2" ; shift ;;
32 --virtual_private) virtual_private="$2" ; shift ;;
33 --nocrsend) nocrsend="$2" ; shift ;;
34 --dump) dumpdir="$2" ; shift ;;
35 --load) plutoload="$2" ; shift ;;
36 --start) plutostart="$2" ; shift ;;
37 --wait) plutowait="$2" ; shift ;;
38 --pre) prepluto="$2" ; shift ;;
39 --post) postpluto="$2" ; shift ;;
40 --log) wherelog="$2" ; shift ;;
41 --pid) pidfile="$2" ; shift ;;
43 -*) echo "$me: unknown option \`$1'" >&2 ; exit 2 ;;
49 # initially we are in the foreground, with parent looking after logging
54 echo "pluto appears to be running already (\`$pidfile' exists), will not start another"
57 if test ! -e /dev/urandom
59 echo "cannot start Pluto, system lacks \`/dev/urandom'!?!"
67 popts="$popts --debug-$d"
70 yes) popts="$popts --uniqueids" ;;
72 *) echo "unknown uniqueids value (not yes/no) \`$IPSECuniqueids'" ;;
75 yes) popts="$popts --nocrsend" ;;
77 *) echo "unknown nocrsend value (not yes/no) \`$IPSECnocrsend'" ;;
79 case "$nat_traversal" in
80 yes) popts="$popts --nat_traversal" ;;
82 *) echo "unknown nat_traversal value (not yes/no) \`$IPSECnat_traversal'" ;;
84 [ -n "$keep_alive" ] && popts="$popts --keep_alive $keep_alive"
85 case "$force_keepalive" in
86 yes) popts="$popts --force_keepalive" ;;
88 *) echo "unknown force_keepalive value (not yes/no) \`$IPSECforce_keepalive'" ;;
90 case "$disable_port_floating" in
91 yes) popts="$popts --disable_port_floating" ;;
93 *) echo "unknown disable_port_floating (not yes/no) \`$disable_port_floating'" ;;
95 [ -n "$virtual_private" ] && popts="$popts --virtual_private $virtual_private"
96 # set up dump directory
97 if test " $dumpdir" = " "
99 ulimit -c 0 # preclude core dumps
100 elif test ! -d "$dumpdir"
102 echo "dumpdir \`$dumpdir' does not exist, ignored"
103 ulimit -c 0 # preclude core dumps
104 elif cd $dumpdir # put them where desired
106 ulimit -c unlimited # permit them
108 echo "cannot cd to dumpdir \`$dumpdir', ignored"
109 ulimit -c 0 # preclude them
112 # execute any preliminaries
113 if test " $prepluto" != " "
119 echo "...prepluto command exited with status $st"
123 IPSEC_SECRETS=${IPSEC_CONFS}/ipsec.secrets
124 if test ! -f "${IPSEC_SECRETS}"
126 ( logger -p authpriv.info -t ipsec__plutorun No file ${IPSEC_SECRETS}, generating key.
127 ipsec newhostkey --quiet
129 # tell pluto to go re-read the file
130 ipsec auto --rereadsecrets
131 # XXX publish the key somehow?
136 # make sure that the isakmp port is open!
138 if test -f /etc/sysconfig/ipchains
140 if egrep -q 500:500 /etc/sysconfig/ipchains
144 ipchains -I input 1 -p udp -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 500:500 -j ACCEPT
146 #sh /etc/rc.d/init.d/ipchains save
150 # spin off into the background, with our own logging
151 echo "$verb Pluto subsystem..." | logger -p authpriv.error -t ipsec__plutorun
152 dir=${IPSEC_DIR-/usr/local/lib/ipsec}
154 $dir/pluto --nofork $popts 2>&1
158 ) 2>/dev/null | $dir/_plutoload --load "$plutoload" \
159 --start "$plutostart" \
160 --wait "$plutowait" --post "$postpluto"
164 13) echo "internal failure in pluto scripts, impossible to carry on"
167 10) echo "pluto apparently already running (?!?), giving up"
170 137) echo "pluto killed by SIGKILL, terminating without restart or unlock"
173 143) echo "pluto killed by SIGTERM, terminating without restart"
174 # pluto now does its own unlock for this
180 st="$st (signal `expr $st - 128`)"
182 echo "!pluto failure!: exited with error status $st"
183 echo "restarting IPsec after pause..."
186 ipsec setup _autorestart
187 ) </dev/null >/dev/null 2>&1 &
191 #### and go around the loop again
194 done </dev/null 2>&1 |
195 logger -p $wherelog -t ipsec__plutorun >/dev/null 2>/dev/null &