1#!/bin/sh 2# 3# $FreeBSD$ 4# 5 6# PROVIDE: ipsec 7# REQUIRE: FILESYSTEMS 8# BEFORE: DAEMON mountcritremote 9# KEYWORD: nojailvnet 10 11. /etc/rc.subr 12 13name="ipsec" 14desc="Internet Protocol Security protocol" 15rcvar="ipsec_enable" 16start_precmd="ipsec_prestart" 17start_cmd="ipsec_start" 18stop_precmd="test -f $ipsec_file" 19stop_cmd="ipsec_stop" 20reload_cmd="ipsec_reload" 21extra_commands="reload" 22ipsec_program="/sbin/setkey" 23required_modules="ipsec" 24# ipsec_file is set by rc.conf 25 26ipsec_prestart() 27{ 28 if [ ! -f "$ipsec_file" ]; then 29 warn "$ipsec_file not readable; ipsec start aborted." 30 stop_boot 31 return 1 32 fi 33 return 0 34} 35 36ipsec_start() 37{ 38 echo "Installing ipsec manual keys/policies." 39 ${ipsec_program} -f $ipsec_file 40} 41 42ipsec_stop() 43{ 44 echo "Clearing ipsec manual keys/policies." 45 46 # Still not 100% sure if we would like to do this. 47 # It is very questionable to do this during shutdown session 48 # since it can hang any of the remaining IPv4/v6 sessions. 49 # 50 ${ipsec_program} -F 51 ${ipsec_program} -FP 52} 53 54ipsec_reload() 55{ 56 echo "Reloading ipsec manual keys/policies." 57 ${ipsec_program} -f "$ipsec_file" 58} 59 60load_rc_config $name 61run_rc_command "$1" 62