xref: /freebsd/libexec/rc/rc.d/ipsec (revision 6829dae12bb055451fa467da4589c43bd03b1e64)
1#!/bin/sh
2#
3# $FreeBSD$
4#
5
6# PROVIDE: ipsec
7# REQUIRE: FILESYSTEMS
8# BEFORE:  DAEMON mountcritremote
9# KEYWORD: nojailvnet
10
11. /etc/rc.subr
12
13name="ipsec"
14desc="Internet Protocol Security protocol"
15rcvar="ipsec_enable"
16start_precmd="ipsec_prestart"
17start_cmd="ipsec_start"
18stop_precmd="test -f $ipsec_file"
19stop_cmd="ipsec_stop"
20reload_cmd="ipsec_reload"
21extra_commands="reload"
22ipsec_program="/sbin/setkey"
23# ipsec_file is set by rc.conf
24
25ipsec_prestart()
26{
27	if [ ! -f "$ipsec_file" ]; then
28		warn "$ipsec_file not readable; ipsec start aborted."
29		stop_boot
30		return 1
31	fi
32	return 0
33}
34
35ipsec_start()
36{
37	echo "Installing ipsec manual keys/policies."
38	${ipsec_program} -f $ipsec_file
39}
40
41ipsec_stop()
42{
43	echo "Clearing ipsec manual keys/policies."
44
45	# Still not 100% sure if we would like to do this.
46	# It is very questionable to do this during shutdown session
47	# since it can hang any of the remaining IPv4/v6 sessions.
48	#
49	${ipsec_program} -F
50	${ipsec_program} -FP
51}
52
53ipsec_reload()
54{
55	echo "Reloading ipsec manual keys/policies."
56	${ipsec_program} -f "$ipsec_file"
57}
58
59load_rc_config $name
60run_rc_command "$1"
61