/etc/init.d/ipsec is in openswan 1:2.6.38-1.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 | #!/bin/sh
# IPsec startup and shutdown script
#
### BEGIN INIT INFO
# Provides: ipsec
# Required-Start: $network $remote_fs $syslog $named
# Required-Stop: $syslog $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start Openswan IPsec at boot time
# Description: Enable automatic key management for IPsec (KLIPS and NETKEY)
### END INIT INFO
#
### see https://bugzilla.redhat.com/show_bug.cgi?id=636572
### Debian and Fedora interpret the LSB differently
### Default-Start: 2 3 4 5
#
# Copyright (C) 1998, 1999, 2001 Henry Spencer.
# Copyright (C) 2002 Michael Richardson <mcr@freeswan.org>
# Copyright (C) 2006 Michael Richardson <mcr@xelerance.com>
# Copyright (C) 2008 Michael Richardson <mcr@sandelman.ca>
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
#
# ipsec init.d script for starting and stopping
# the IPsec security subsystem (KLIPS and Pluto).
#
# This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec)
# and is also accessible as "ipsec setup" (the preferred route for human
# invocation).
#
# The startup and shutdown times are a difficult compromise (in particular,
# it is almost impossible to reconcile them with the insanely early/late
# times of NFS filesystem startup/shutdown). Startup is after startup of
# syslog and pcmcia support; shutdown is just before shutdown of syslog.
#
# chkconfig: - 47 76
# description: IPsec provides encrypted and authenticated communications; \
# KLIPS is the kernel half of it, Pluto is the user-level management daemon.
test $IPSEC_INIT_SCRIPT_DEBUG && set -v -x
prog='ipsec setup' # for messages
# where the private directory and the config files are
IPSEC_EXECDIR="${IPSEC_EXECDIR-/usr/lib/ipsec}"
IPSEC_LIBDIR="${IPSEC_LIBDIR-/usr/lib/ipsec}"
IPSEC_SBINDIR="${IPSEC_SBINDIR-/usr/sbin}"
IPSEC_CONFS="${IPSEC_CONFS-/etc}"
if [ `id -u` -ne 0 ]
then
echo "permission denied (must be superuser)" |
logger -s -p daemon.error -t ipsec_setup 2>&1
exit 4
fi
if test " $IPSEC_DIR" = " " # if we were not called by the ipsec command
then
# we must establish a suitable PATH ourselves
PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
export PATH
IPSEC_DIR="$IPSEC_LIBDIR"
export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
fi
# Does not make any sense at all to continue without the main binary
# But before we can quit we should check if we are on a Debian based
# system as their policy demands a graceful exit code
test -f /etc/debian_version && BINARY_ERROR=0 || BINARY_ERROR=5
test -x $IPSEC_SBINDIR/ipsec || exit $BINARY_ERROR
# misc setup
umask 022
mkdir -p /var/run/pluto
chmod 700 /var/run/pluto
RETVAL=0
verify_config() {
test -f $IPSEC_CONFS/ipsec.conf || exit 6
config_error=`ipsec addconn --checkconfig 2>&1`
RETVAL=$?
if [ $RETVAL != 0 ]
then
echo "failed to start openswan IKE daemon - the following error occured:"
echo $config_error
exit $RETVAL
fi
}
start() {
verify_config
# Pick up IPsec configuration (until we have done this, successfully, we
# do not know where errors should go, hence the explicit "daemon.error"s.)
# Note the "--export", which exports the variables created.
variables=`ipsec addconn $IPSEC_CONFS/ipsec.conf --varprefix IPSEC --configsetup`
eval $variables
IPSEC_confreadsection=${IPSEC_confreadsection:-setup}
export IPSEC_confreadsection
IPSECsyslog=${IPSECsyslog:-daemon.error}
export IPSECsyslog
# remove for: @cygwin_END@
(
ipsec _realsetup start
RETVAL=$?
) 2>&1 | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
return $RETVAL
}
stop() {
IPSECsyslog=${IPSECsyslog:-daemon.error}
export IPSECsyslog
(
ipsec _realsetup stop
RETVAL=$?
) 2>&1 | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
return $RETVAL
}
restart() {
verify_config
stop
start
}
condrestart() {
verify_config
ipsec _realsetup status || exit 0
restart
}
status() {
ipsec _realsetup status
RETVAL=$?
return $RETVAL
}
version() {
ipsec version
RETVAL=$?
return $RETVAL
}
# do it
case "$1" in
start|--start)
start
;;
stop|--stop)
stop
;;
restart|--restart)
restart
;;
reload|force-reload)
restart
;;
condrestart|try-restart)
condrestart
;;
status|--status)
status
;;
version)
version
;;
*)
echo "Usage: $prog {start|stop|restart|reload|force-reload|condrestart|try-restart|status|version}"
RETVAL=2
esac
exit $RETVAL
|