2 # IPsec startup and shutdown script
3 # Copyright (C) 1998, 1999, 2001 Henry Spencer.
5 # This program is free software; you can redistribute it and/or modify it
6 # under the terms of the GNU General Public License as published by the
7 # Free Software Foundation; either version 2 of the License, or (at your
8 # option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 # This program is distributed in the hope that it will be useful, but
11 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 # RCSID $Id: setup,v 1.110 2001/06/20 15:55:13 henry Exp $
17 # ipsec init.d script for starting and stopping
18 # the IPsec security subsystem (KLIPS and Pluto).
20 # This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec)
21 # and is also accessible as "ipsec setup" (the preferred route for human
24 # The startup and shutdown times are a difficult compromise (in particular,
25 # it is almost impossible to reconcile them with the insanely early/late
26 # times of NFS filesystem startup/shutdown). Startup is after startup of
27 # syslog and pcmcia support; shutdown is just before shutdown of syslog.
29 # chkconfig: 2345 47 68
30 # description: IPsec provides encrypted and authenticated communications; \
31 # KLIPS is the kernel half of it, Pluto is the user-level management daemon.
33 me='ipsec setup' # for messages
37 if test " $IPSEC_DIR" = " " # if we were not called by the ipsec command
39 # we must establish a suitable PATH ourselves
40 PATH=/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
44 # Check that the ipsec command is available.
46 for dir in `echo $PATH | tr ':' ' '`
48 if test -f $dir/ipsec -a -x $dir/ipsec
51 break # NOTE BREAK OUT
56 echo "cannot find ipsec command -- \`$1' aborted" |
57 logger -s -p daemon.error -t ipsec_setup
61 # Pick up IPsec configuration (until we have done this, successfully, we
62 # do not know where errors should go, hence the explicit "daemon.error"s.)
63 # Note the "--export", which exports the variables created.
64 eval `ipsec _confread --varprefix IPSEC --export --type config setup`
65 if test " $IPSEC_confreadstatus" != " "
67 echo "$IPSEC_confreadstatus -- \`$1' aborted" |
68 logger -s -p daemon.error -t ipsec_setup
71 IPSECsyslog=${IPSECsyslog-daemon.error}
81 start|--start|stop|--stop|_autostop|_autostart)
82 if test " `id -u`" != " 0"
84 echo "permission denied (must be superuser)" |
85 logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
88 tmp=/var/run/ipsec_setup.st
92 ) 2>&1 | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
103 _autorestart) # for internal use only
114 echo "$me $IPSEC_VERSION"
119 echo "Usage: $me {--start|--stop|--restart|--status}"
124 echo "Usage: $me {--start|--stop|--restart|--status}" >&2