projects / feed / packages.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
strongswan: Add missing declarations in swanctl
[feed/packages.git] / net / strongswan / files / swanctl.init
1 #!/bin/sh /etc/rc.common
2
3 START=90
4 STOP=10
5
6 USE_PROCD=1
7 PROG=/usr/lib/ipsec/charon
8
9 . $IPKG_INSTROOT/lib/functions.sh
10 . $IPKG_INSTROOT/lib/functions/network.sh
11
12 STRONGSWAN_CONF_FILE=/etc/strongswan.conf
13 STRONGSWAN_VAR_CONF_FILE=/var/ipsec/strongswan.conf
14
15 SWANCTL_CONF_FILE=/etc/swanctl/swanctl.conf
16 SWANCTL_VAR_CONF_FILE=/var/swanctl/swanctl.conf
17
18 WAIT_FOR_INTF=0
19
20 CONFIG_FAIL=0
21
22 time2seconds() {
23 local timestring="$1"
24 local multiplier number suffix
25
26 suffix="${timestring//[0-9 ]}"
27 number="${timestring%%$suffix}"
28 [ "$number$suffix" != "$timestring" ] && return 1
29 case "$suffix" in
30 ""|s)
31 multiplier=1 ;;
32 m)
33 multiplier=60 ;;
34 h)
35 multiplier=3600 ;;
36 d)
37 multiplier=86400 ;;
38 *)
39 return 1 ;;
40 esac
41 echo $(( number * multiplier ))
42 }
43
44 seconds2time() {
45 local seconds="$1"
46
47 if [ $seconds -eq 0 ]; then
48 echo "0s"
49 elif [ $((seconds % 86400)) -eq 0 ]; then
50 echo "$((seconds / 86400))d"
51 elif [ $((seconds % 3600)) -eq 0 ]; then
52 echo "$((seconds / 3600))h"
53 elif [ $((seconds % 60)) -eq 0 ]; then
54 echo "$((seconds / 60))m"
55 else
56 echo "${seconds}s"
57 fi
58 }
59
60 file_reset() {
61 : > "$1"
62 }
63
64 xappend() {
65 local file="$1"
66 local indent="$2"
67 shift 2
68
69 for cmd in "$@"; do
70 echo "$indent$cmd" >> "$file"
71 done
72 }
73
74 swan_reset() {
75 file_reset "$STRONGSWAN_VAR_CONF_FILE"
76 }
77
78 swan_xappend() {
79 xappend "$STRONGSWAN_VAR_CONF_FILE" "$@"
80 }
81
82 swan_xappend0() {
83 swan_xappend "" "$@"
84 }
85
86 swan_xappend1() {
87 swan_xappend " " "$@"
88 }
89
90 swan_xappend2() {
91 swan_xappend " " "$@"
92 }
93
94 swan_xappend3() {
95 swan_xappend " " "$@"
96 }
97
98 swan_xappend4() {
99 swan_xappend " " "$@"
100 }
101
102 swanctl_reset() {
103 file_reset "$SWANCTL_VAR_CONF_FILE"
104 }
105
106 swanctl_xappend() {
107 xappend "$SWANCTL_VAR_CONF_FILE" "$@"
108 }
109
110 swanctl_xappend0() {
111 swanctl_xappend "" "$@"
112 }
113
114 swanctl_xappend1() {
115 swanctl_xappend " " "$@"
116 }
117
118 swanctl_xappend2() {
119 swanctl_xappend " " "$@"
120 }
121
122 swanctl_xappend3() {
123 swanctl_xappend " " "$@"
124 }
125
126 swanctl_xappend4() {
127 swanctl_xappend " " "$@"
128 }
129
130 warning() {
131 echo "WARNING: $@" >&2
132 }
133
134 fatal() {
135 echo "ERROR: $@" >&2
136 CONFIG_FAIL=1
137 }
138
139 append_var() {
140 local var="$2" value="$1" delim="${3:- }"
141 append "$var" "$value" "$delim"
142 }
143
144 is_aead() {
145 local cipher="$1"
146
147 case "$cipher" in
148 aes*gcm*|aes*ccm*|aes*gmac*)
149 return 0 ;;
150 chacha20poly1305)
151 return 0 ;;
152 esac
153
154 return 1
155 }
156
157 config_esp_proposal() {
158 local conf="$1"
159
160 local encryption_algorithm
161 local hash_algorithm
162 local dh_group
163
164 config_get encryption_algorithm "$conf" encryption_algorithm
165 config_get hash_algorithm "$conf" hash_algorithm
166 config_get dh_group "$conf" dh_group
167
168 # check for AEAD and clobber hash_algorithm if set
169 if is_aead "$encryption_algorithm" && [ -n "$hash_algorithm" ]; then
170 fatal "Can't have $hash_algorithm with $encryption_algorithm"
171 hash_algorithm=
172 fi
173
174 [ -n "$encryption_algorithm" ] && \
175 crypto="${crypto:+${crypto},}${encryption_algorithm}${hash_algorithm:+-${hash_algorithm}}${dh_group:+-${dh_group}}"
176 }
177
178 iter_esp_proposal() {
179 local conf="$1"
180 local var="$2"
181
182 local crypto=""
183
184 config_list_foreach "$conf" crypto_proposal config_esp_proposal
185
186 export -n "$var=$crypto"
187 }
188
189 config_ike_proposal() {
190 local conf="$1"
191
192 local encryption_algorithm
193 local hash_algorithm
194 local dh_group
195 local prf_algorithm
196
197 config_get encryption_algorithm "$conf" encryption_algorithm
198 config_get hash_algorithm "$conf" hash_algorithm
199 config_get dh_group "$conf" dh_group
200 config_get prf_algorithm "$conf" prf_algorithm
201
202 # check for AEAD and clobber hash_algorithm if set
203 if is_aead "$encryption_algorithm" && [ -n "$hash_algorithm" ]; then
204 fatal "Can't have $hash_algorithm with $encryption_algorithm"
205 hash_algorithm=
206 fi
207
208 [ -n "$encryption_algorithm" ] && \
209 crypto="${crypto:+${crypto},}${encryption_algorithm}${hash_algorithm:+-${hash_algorithm}}${prf_algorithm:+-${prf_algorithm}}${dh_group:+-${dh_group}}"
210 }
211
212 iter_ike_proposal() {
213 local conf="$1"
214 local var="$2"
215
216 local crypto=""
217
218 config_list_foreach "$conf" crypto_proposal config_ike_proposal
219
220 export -n "$var=$crypto"
221 }
222
223 config_child() {
224 # Generic ipsec conn section shared by tunnel and transport
225 local conf="$1"
226 local mode="$2"
227
228 local hw_offload
229 local interface
230 local ipcomp
231 local priority
232 local local_subnet
233 local local_nat
234 local updown
235 local firewall
236 local remote_subnet
237 local lifetime
238 local dpdaction
239 local closeaction
240 local startaction
241 local if_id
242 local rekeytime
243 local rekeybytes
244 local lifebytes
245 local rekeypackets
246 local lifepackets
247 local replay_window
248
249 config_get startaction "$conf" startaction "route"
250 config_get local_nat "$conf" local_nat ""
251 config_get updown "$conf" updown ""
252 config_get firewall "$conf" firewall ""
253 config_get lifetime "$conf" lifetime ""
254 config_get dpdaction "$conf" dpdaction "none"
255 config_get closeaction "$conf" closeaction "none"
256 config_get if_id "$conf" if_id ""
257 config_get rekeytime "$conf" rekeytime ""
258 config_get_bool ipcomp "$conf" ipcomp 0
259 config_get interface "$conf" interface ""
260 config_get hw_offload "$conf" hw_offload ""
261 config_get priority "$conf" priority ""
262 config_get rekeybytes "$conf" rekeybytes ""
263 config_get lifebytes "$conf" lifebytes ""
264 config_get rekeypackets "$conf" rekeypackets ""
265 config_get lifepackets "$conf" lifepackets ""
266 config_get replay_window "$conf" replay_window ""
267
268 config_list_foreach "$conf" local_subnet append_var local_subnet ","
269 config_list_foreach "$conf" remote_subnet append_var remote_subnet ","
270
271 local esp_proposal
272 iter_esp_proposal "$conf" esp_proposal
273
274 # translate from ipsec to swanctl
275 case "$startaction" in
276 add)
277 startaction="none" ;;
278 route)
279 startaction="trap" ;;
280 start|none|trap)
281 # already using new syntax
282 ;;
283 *)
284 fatal "Startaction $startaction unknown"
285 startaction=
286 ;;
287 esac
288
289 case "$closeaction" in
290 none|clear)
291 closeaction="none" ;;
292 hold)
293 closeaction="trap" ;;
294 restart)
295 closeaction="start" ;;
296 trap|start)
297 # already using new syntax
298 ;;
299 *)
300 fatal "Closeaction $closeaction unknown"
301 closeaction=
302 ;;
303 esac
304
305 [ -n "$closeaction" -a "$closeaction" != "none" ] && warning "Closeaction $closeaction can cause instability"
306
307 case "$dpdaction" in
308 none)
309 dpddelay="0s"
310 dpdaction=
311 ;;
312 clear)
313 ;;
314 hold)
315 dpdaction="trap" ;;
316 restart)
317 dpdaction="start" ;;
318 trap|start)
319 # already using new syntax
320 ;;
321 *)
322 fatal "Dpdaction $dpdaction unknown"
323 dpdaction=
324 ;;
325 esac
326
327 case "$hw_offload" in
328 yes|no|auto|"")
329 ;;
330 *)
331 fatal "hw_offload value $hw_offload invalid"
332 hw_offload=""
333 ;;
334 esac
335
336 [ -n "$local_nat" ] && local_subnet="$local_nat"
337
338 swanctl_xappend3 "$conf {"
339
340 [ -n "$local_subnet" ] && swanctl_xappend4 "local_ts = $local_subnet"
341 [ -n "$remote_subnet" ] && swanctl_xappend4 "remote_ts = $remote_subnet"
342
343 [ -n "$hw_offload" ] && swanctl_xappend4 "hw_offload = $hw_offload"
344 [ $ipcomp -eq 1 ] && swanctl_xappend4 "ipcomp = 1"
345 [ -n "$interface" ] && swanctl_xappend4 "interface = $interface"
346 [ -n "$priority" ] && swanctl_xappend4 "priority = $priority"
347 [ -n "$if_id" ] && swanctl_xappend4 "if_id_in = $if_id" "if_id_out = $if_id"
348 [ -n "$startaction" -a "$startaction" != "none" ] && swanctl_xappend4 "start_action = $startaction"
349 [ -n "$closeaction" -a "$closeaction" != "none" ] && swanctl_xappend4 "close_action = $closeaction"
350 swanctl_xappend4 "esp_proposals = $esp_proposal"
351 swanctl_xappend4 "mode = $mode"
352
353 if [ -n "$lifetime" ]; then
354 swanctl_xappend4 "life_time = $lifetime"
355 elif [ -n "$rekeytime" ]; then
356 swanctl_xappend4 "life_time = $(seconds2time $(((110 * $(time2seconds $rekeytime)) / 100)))"
357 fi
358 [ -n "$rekeytime" ] && swanctl_xappend4 "rekey_time = $rekeytime"
359 if [ -n "$lifebytes" ]; then
360 swanctl_xappend4 "life_bytes = $lifebytes"
361 elif [ -n "$rekeybytes" ]; then
362 swanctl_xappend4 "life_bytes = $(((110 * rekeybytes) / 100))"
363 fi
364 [ -n "$rekeybytes" ] && swanctl_xappend4 "rekey_bytes = $rekeybytes"
365 if [ -n "$lifepackets" ]; then
366 swanctl_xappend4 "life_packets = $lifepackets"
367 elif [ -n "$rekeypackets" ]; then
368 swanctl_xappend4 "life_packets = $(((110 * rekeypackets) / 100))"
369 fi
370 [ -n "$rekeypackets" ] && swanctl_xappend4 "rekey_packets = $rekeypackets"
371 [ -n "$inactivity" ] && swanctl_xappend4 "inactivity = $inactivity"
372
373 [ -n "$updown" ] && swanctl_xappend4 "updown = $updown"
374 [ -n "$dpdaction" ] && swanctl_xappend4 "dpd_action = $dpdaction"
375 [ -n "$replay_window" ] && swanctl_xappend4 "replay_window = $replay_window"
376
377 swanctl_xappend3 "}"
378 }
379
380 config_tunnel() {
381 config_child "$1" "tunnel"
382 }
383
384 config_transport() {
385 config_child "$1" "transport"
386 }
387
388 config_pool() {
389 local conf="$1"
390
391 local addrs
392 local dns
393 local nbns
394 local dhcp
395 local netmask
396 local server
397 local subnet
398 local split_include
399 local split_exclude
400
401 config_get addrs "$conf" addrs
402 config_list_foreach "$conf" dns append_var dns ","
403 config_list_foreach "$conf" nbns append_var nbns ","
404 config_list_foreach "$conf" dhcp append_var dhcp ","
405 config_list_foreach "$conf" netmask append_var netmask ","
406 config_list_foreach "$conf" server append_var server ","
407 config_list_foreach "$conf" subnet append_var subnet ","
408 config_list_foreach "$conf" split_include append_var split_include ","
409 config_list_foreach "$conf" split_exclude append_var split_exclude ","
410
411 swanctl_xappend1 "$conf {"
412 [ -n "$addrs" ] && swanctl_xappend2 "addrs = $addrs"
413 [ -n "$dns" ] && swanctl_xappend2 "dns = $dns"
414 [ -n "$nbns" ] && swanctl_xappend2 "nbns = $nbns"
415 [ -n "$dhcp" ] && swanctl_xappend2 "dhcp = $dhcp"
416 [ -n "$netmask" ] && swanctl_xappend2 "netmask = $netmask"
417 [ -n "$server" ] && swanctl_xappend2 "server = $server"
418 [ -n "$subnet" ] && swanctl_xappend2 "subnet = $subnet"
419 [ -n "$split_include" ] && swanctl_xappend2 "split_include = $split_include"
420 [ -n "$split_exclude" ] && swanctl_xappend2 "split_exclude = $split_exclude"
421 swanctl_xappend1 "}"
422 }
423
424 config_remote() {
425 local conf="$1"
426
427 local enabled
428 local gateway
429 local local_sourceip
430 local local_ip
431 local local_identifier
432 local remote_gateway
433 local remote_identifier
434 local pre_shared_key
435 local auth_method
436 local keyingtries
437 local dpddelay
438 local inactivity
439 local keyexchange
440 local fragmentation
441 local mobike
442 local local_cert
443 local local_key
444 local ca_cert
445 local rekeytime
446 local remote_ca_certs
447 local pools
448
449 config_get_bool enabled "$conf" enabled 0
450 [ $enabled -eq 0 ] && return
451
452 config_get gateway "$conf" gateway
453 config_get pre_shared_key "$conf" pre_shared_key
454 config_get auth_method "$conf" authentication_method
455 config_get local_identifier "$conf" local_identifier ""
456 config_get remote_identifier "$conf" remote_identifier ""
457 config_get local_ip "$conf" local_ip "%any"
458 config_get keyingtries "$conf" keyingtries "3"
459 config_get dpddelay "$conf" dpddelay "30s"
460 config_get inactivity "$conf" inactivity
461 config_get keyexchange "$conf" keyexchange "ikev2"
462 config_get fragmentation "$conf" fragmentation "yes"
463 config_get_bool mobike "$conf" mobike 1
464 config_get local_cert "$conf" local_cert ""
465 config_get local_key "$conf" local_key ""
466 config_get ca_cert "$conf" ca_cert ""
467 config_get rekeytime "$conf" rekeytime
468 config_get overtime "$conf" overtime
469
470 config_list_foreach "$conf" local_sourceip append_var local_sourceip ","
471 config_list_foreach "$conf" remote_ca_certs append_var remote_ca_certs ","
472 config_list_foreach "$conf" pools append_var pools ","
473
474 case "$fragmentation" in
475 0)
476 fragmentation="no" ;;
477 1)
478 fragmentation="yes" ;;
479 yes|accept|force|no)
480 # already using new syntax
481 ;;
482 *)
483 fatal "Fragmentation $fragmentation not supported"
484 fragmentation=
485 ;;
486 esac
487
488 [ "$gateway" = "any" ] && remote_gateway="%any" || remote_gateway="$gateway"
489
490 if [ -n "$local_key" ]; then
491 [ "$(dirname "$local_key")" != "." ] && \
492 fatal "local_key $local_key can't be pathname"
493 [ -f "/etc/swanctl/private/$local_key" ] || \
494 fatal "local_key $local_key not found"
495 fi
496
497 local ike_proposal
498 iter_ike_proposal "$conf" ike_proposal
499
500 [ -n "$firewall" ] && fatal "Firewall not supported"
501
502 if [ "$auth_method" = pubkey ]; then
503 if [ -n "$ca_cert" ]; then
504 [ "$(dirname "$ca_cert")" != "." ] && \
505 fatal "ca_cert $ca_cert can't be pathname"
506 [ -f "/etc/swanctl/x509ca/$ca_cert" ] || \
507 fatal "ca_cert $ca_cert not found"
508 fi
509
510 if [ -n "$local_cert" ]; then
511 [ "$(dirname "$local_cert")" != "." ] && \
512 fatal "local_cert $local_cert can't be pathname"
513 [ -f "/etc/swanctl/x509/$local_cert" ] || \
514 fatal "local_cert $local_cert not found"
515 fi
516 fi
517
518 swanctl_xappend0 "# config for $conf"
519 swanctl_xappend0 "connections {"
520 swanctl_xappend1 "$conf {"
521 swanctl_xappend2 "local_addrs = $local_ip"
522 swanctl_xappend2 "remote_addrs = $remote_gateway"
523
524 [ -n "$local_sourceip" ] && swanctl_xappend2 "vips = $local_sourceip"
525 [ -n "$fragmentation" ] && swanctl_xappend2 "fragmentation = $fragmentation"
526 [ -n "$pools" ] && swanctl_xappend2 "pools = $pools"
527
528 swanctl_xappend2 "local {"
529 swanctl_xappend3 "auth = $auth_method"
530
531 [ -n "$local_identifier" ] && swanctl_xappend3 "id = \"$local_identifier\""
532 [ "$auth_method" = pubkey ] && [ -n "$local_cert" ] && \
533 swanctl_xappend3 "certs = $local_cert"
534 swanctl_xappend2 "}"
535
536 swanctl_xappend2 "remote {"
537 swanctl_xappend3 "auth = $auth_method"
538 [ -n "$remote_identifier" ] && swanctl_xappend3 "id = \"$remote_identifier\""
539 [ -n "$remote_ca_certs" ] && swanctl_xappend3 "cacerts = \"$remote_ca_certs\""
540 swanctl_xappend2 "}"
541
542 swanctl_xappend2 "children {"
543
544 config_list_foreach "$conf" tunnel config_tunnel
545
546 config_list_foreach "$conf" transport config_transport
547
548 swanctl_xappend2 "}"
549
550 case "$keyexchange" in
551 ike)
552 ;;
553 ikev1)
554 swanctl_xappend2 "version = 1" ;;
555 ikev2)
556 swanctl_xappend2 "version = 2" ;;
557 *)
558 fatal "Keyexchange $keyexchange not supported"
559 keyexchange=
560 ;;
561 esac
562
563 [ $mobike -eq 1 ] && swanctl_xappend2 "mobike = yes" || swanctl_xappend2 "mobike = no"
564
565 if [ -n "$rekeytime" ]; then
566 swanctl_xappend2 "rekey_time = $rekeytime"
567
568 if [ -z "$overtime" ]; then
569 overtime=$(seconds2time $(($(time2seconds $rekeytime) / 10)))
570 fi
571 fi
572 [ -n "$overtime" ] && swanctl_xappend2 "over_time = $overtime"
573
574 swanctl_xappend2 "proposals = $ike_proposal"
575 [ -n "$dpddelay" ] && swanctl_xappend2 "dpd_delay = $dpddelay"
576 [ "$keyingtries" = "%forever" ] && swanctl_xappend2 "keyingtries = 0" || swanctl_xappend2 "keyingtries = $keyingtries"
577
578 swanctl_xappend1 "}"
579 swanctl_xappend0 "}"
580
581 if [ "$auth_method" = pubkey ]; then
582 swanctl_xappend0 ""
583
584 if [ -n "$ca_cert" ]; then
585 swanctl_xappend0 "authorities {"
586 swanctl_xappend1 "$conf {"
587 swanctl_xappend2 "cacert = $ca_cert"
588 swanctl_xappend1 "}"
589 swanctl_xappend0 "}"
590 fi
591
592 elif [ "$auth_method" = psk ]; then
593 swanctl_xappend0 ""
594
595 swanctl_xappend0 "secrets {"
596 swanctl_xappend1 "ike-$conf {"
597 swanctl_xappend2 "secret = $pre_shared_key"
598 if [ -n "$local_identifier" ]; then
599 swanctl_xappend2 "id1 = $local_identifier"
600 if [ -n "$remote_identifier" ]; then
601 swanctl_xappend2 "id2 = $remote_identifier"
602 fi
603 fi
604 swanctl_xappend1 "}"
605 swanctl_xappend0 "}"
606 else
607 fatal "AuthenticationMode $auth_mode not supported"
608 fi
609
610 swanctl_xappend0 "pools {"
611 config_list_foreach "$conf" pools config_pool
612 swanctl_xappend0 "}"
613
614 swanctl_xappend0 ""
615 }
616
617 do_preamble() {
618 swanctl_xappend0 "# generated by /etc/init.d/swanctl"
619 }
620
621 config_ipsec() {
622 local conf="$1"
623
624 local rtinstall_enabled
625 local routing_table
626 local routing_table_id
627 local interface
628 local interface_list
629
630 config_get debug "$conf" debug 0
631 config_get_bool rtinstall_enabled "$conf" rtinstall_enabled 1
632 [ $rtinstall_enabled -eq 1 ] && install_routes=yes || install_routes=no
633
634 # prepare extra charon config option ignore_routing_tables
635 for routing_table in $(config_get "$conf" "ignore_routing_tables"); do
636 if [ "$routing_table" -ge 0 ] 2>/dev/null; then
637 routing_table_id=$routing_table
638 else
639 routing_table_id=$(sed -n '/[ \t]*[0-9]\+[ \t]\+'$routing_table'[ \t]*$/s/[ \t]*\([0-9]\+\).*/\1/p' /etc/iproute2/rt_tables)
640 fi
641
642 [ -n "$routing_table_id" ] && append routing_tables_ignored "$routing_table_id"
643 done
644
645 config_list_foreach "$conf" interface append_var interface_list
646
647 if [ -z "$interface_list" ]; then
648 WAIT_FOR_INTF=0
649 else
650 for interface in $interface_list; do
651 network_get_device device $interface
652 [ -n "$device" ] && append device_list "$device" ","
653 done
654 [ -n "$device_list" ] && WAIT_FOR_INTF=0 || WAIT_FOR_INTF=1
655 fi
656 }
657
658 do_postamble() {
659 swan_xappend0 "# generated by /etc/init.d/swanctl"
660 swan_xappend0 "charon {"
661 swan_xappend1 "install_routes = $install_routes"
662 [ -n "$routing_tables_ignored" ] && swan_xappend1 "ignore_routing_tables = $routing_tables_ignored"
663 [ -n "$device_list" ] && swan_xappend1 "interfaces_use = $device_list"
664 swan_xappend1 "start-scripts {"
665 swan_xappend2 "load-all = /usr/sbin/swanctl --load-all --noprompt"
666 swan_xappend1 "}"
667 swan_xappend1 "syslog {"
668 swan_xappend2 "identifier = ipsec"
669 swan_xappend2 "daemon {"
670 swan_xappend3 "default = $debug"
671 swan_xappend2 "}"
672 swan_xappend1 "}"
673 swan_xappend0 "}"
674 }
675
676 prepare_env() {
677 mkdir -p /var/ipsec /var/swanctl
678
679 swan_reset
680 swanctl_reset
681 do_preamble
682
683 # needed by do_postamble
684 local debug install_routes routing_tables_ignored device_list
685
686 config_load ipsec
687 config_foreach config_ipsec ipsec
688 config_foreach config_remote remote
689
690 do_postamble
691 }
692
693 service_running() {
694 swanctl --stats > /dev/null 2>&1
695 }
696
697 reload_service() {
698 running && {
699 prepare_env
700 [ $WAIT_FOR_INTF -eq 0 ] && {
701 swanctl --load-all --noprompt
702 return
703 }
704 }
705
706 start
707 }
708
709 stop_service() {
710 swan_reset
711 swanctl_reset
712 }
713
714 service_triggers() {
715 procd_add_reload_trigger "ipsec"
716 config load "ipsec"
717
718 config_foreach service_trigger_ipsec ipsec
719 }
720
721 service_trigger_ipsec() {
722 local interface interface_list
723 config_list_foreach "$1" interface append_var interface_list
724 for interface in $interface_list; do
725 procd_add_reload_interface_trigger $interface
726 done
727 }
728
729 start_service() {
730 prepare_env
731
732 [ $WAIT_FOR_INTF -eq 1 ] && return
733
734 if [ $CONFIG_FAIL -ne 0 ]; then
735 procd_set_param error "Invalid configuration"
736 return
737 fi
738
739 procd_open_instance
740
741 procd_set_param command $PROG
742
743 procd_set_param file $SWANCTL_CONF_FILE
744 procd_append_param file /etc/swanctl/conf.d/*.conf
745 procd_append_param file $STRONGSWAN_CONF_FILE
746
747 procd_set_param respawn
748
749 procd_close_instance
750 }
Mirror of packages feed