summaryrefslogtreecommitdiff
path: root/package/strongswan/files
diff options
context:
space:
mode:
Diffstat (limited to 'package/strongswan/files')
-rw-r--r--package/strongswan/files/ipsec.button34
-rw-r--r--package/strongswan/files/ipsec.conf34
-rw-r--r--package/strongswan/files/ipsec.config21
-rw-r--r--package/strongswan/files/ipsec.cron2
-rw-r--r--package/strongswan/files/ipsec.iface8
-rw-r--r--package/strongswan/files/ipsec.init101
6 files changed, 0 insertions, 200 deletions
diff --git a/package/strongswan/files/ipsec.button b/package/strongswan/files/ipsec.button
deleted file mode 100644
index 9bd9023..0000000
--- a/package/strongswan/files/ipsec.button
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/bin/sh
-
-# snarf the code that loads the config values
-# since we also load the functions, might as well save the shell calls
-. /etc/init.d/ipsec
-
-[ -n "$IPSEC_RESET_BUTTON" -a "$BUTTON" = "$IPSEC_RESET_BUTTON" ] || exit
-
-if [ ! -e /var/run/pluto.pid ] ; then
-
- [ "$ACTION" = "pressed" ] && start
-
-else
-
- if [ "$ACTION" = "pressed" ] ; then
-
- stop
-
- elif [ "$ACTION" = "released" ] ; then
-
- while [ -e /var/run/pluto.pid ] ; do
- sleep 1
- done
-
- while ps auxww | grep ipsec | grep -v grep ; do
- sleep 1
- done
-
- start
-
- fi
-
-fi
-
diff --git a/package/strongswan/files/ipsec.conf b/package/strongswan/files/ipsec.conf
deleted file mode 100644
index 8f59008..0000000
--- a/package/strongswan/files/ipsec.conf
+++ /dev/null
@@ -1,34 +0,0 @@
-
-version 2.0
-
-config setup
- interfaces=%defaultroute
- nat_traversal=yes # required on both ends
- uniqueids=yes # makes sense on client, not server
- hidetos=no
-
-conn %default
- authby=rsasig
- keyingtries=3
- keyexchange=ike
- left=%defaultroute
- leftrsasigkey=%cert
- rightrsasigkey=%cert
- dpdtimeout=30 # keepalive must arrive within
- dpddelay=5 # secs before keepalives start
- compress=no # breaks double nat installations
- pfs=yes
-
-conn sample
- leftca=%same
- leftcert=my.certificate.crt
- leftsourceip=192.168.10.1
- leftsubnet=192.168.10.0/24
- right=my.vpn.concentrator.net.
- rightca=%same
- rightid="C=??, ST=??, O=??, OU=??, CN=my.vpn.concentrator.net, E=root@concentrator.net"
- rightsourceip=192.168.11.1
- rightsubnet=192.168.11.0/24
- dpdaction=hold
- auto=start
-
diff --git a/package/strongswan/files/ipsec.config b/package/strongswan/files/ipsec.config
deleted file mode 100644
index b4865e4..0000000
--- a/package/strongswan/files/ipsec.config
+++ /dev/null
@@ -1,21 +0,0 @@
-
-# Configure button/light behavior here.
-config device
- option reset_button ses
- option status_start ses_orange
- option status_valid ses_white
-
-# iptables setup for traffic to/from this host
-config filter
- option rule_in input_rule
- option dest_in ACCEPT
- option rule_out output_rule
- option dest_out ACCEPT
-
-# iptables setup for traffic to/from another host
-config forward
- option rule_in forwarding_rule
- option dest_in forwarding_vpn_in
- option rule_out forwarding_rule
- option dest_out forwarding_vpn_out
-
diff --git a/package/strongswan/files/ipsec.cron b/package/strongswan/files/ipsec.cron
deleted file mode 100644
index d8c7dcc..0000000
--- a/package/strongswan/files/ipsec.cron
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-/usr/sbin/ipsec wakeup
diff --git a/package/strongswan/files/ipsec.iface b/package/strongswan/files/ipsec.iface
deleted file mode 100644
index 0716bf7..0000000
--- a/package/strongswan/files/ipsec.iface
+++ /dev/null
@@ -1,8 +0,0 @@
-NAME=ipsec
-CTLFILE="/var/run/pluto.ctl"
-
-[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] || exit
-
-[ -e "$CTLFILE" ] || exit
-
-/etc/init.d/ipsec update
diff --git a/package/strongswan/files/ipsec.init b/package/strongswan/files/ipsec.init
deleted file mode 100644
index 4e8b8a2..0000000
--- a/package/strongswan/files/ipsec.init
+++ /dev/null
@@ -1,101 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=65
-
-config_cb() {
- local cfg="$CONFIG_SECTION"
- local cfgt
- config_get cfgt "$cfg" TYPE
-
- case "$cfgt" in
- device)
- config_get IPSEC_RESET_BUTTON $cfg reset_button
- config_get IPSEC_STATUS_LED_START $cfg status_start
- config_get IPSEC_STATUS_LED_VALID $cfg status_valid
- ;;
- filter)
- config_get IPSEC_UPDOWN_RULE_IN $cfg rule_in
- config_get IPSEC_UPDOWN_DEST_IN $cfg dest_in
- config_get IPSEC_UPDOWN_RULE_OUT $cfg rule_out
- config_get IPSEC_UPDOWN_DEST_OUT $cfg dest_out
- ;;
- forward)
- config_get IPSEC_UPDOWN_FWD_RULE_IN $cfg rule_in
- config_get IPSEC_UPDOWN_FWD_DEST_IN $cfg dest_in
- config_get IPSEC_UPDOWN_FWD_RULE_OUT $cfg rule_out
- config_get IPSEC_UPDOWN_FWD_DEST_OUT $cfg dest_out
- ;;
- *)
- ;;
- esac
-}
-
-config_load ipsec
-
-export IPSEC_RESET_BUTTON
-export IPSEC_STATUS_LED_START
-export IPSEC_STATUS_LED_VALID
-
-export IPSEC_UPDOWN_RULE_IN
-export IPSEC_UPDOWN_DEST_IN
-export IPSEC_UPDOWN_RULE_OUT
-export IPSEC_UPDOWN_DEST_OUT
-
-export IPSEC_UPDOWN_FWD_RULE_IN
-export IPSEC_UPDOWN_FWD_DEST_IN
-export IPSEC_UPDOWN_FWD_RULE_OUT
-export IPSEC_UPDOWN_FWD_DEST_OUT
-
-
-start() {
-
- [ -f /etc/ipsec.conf ] || exit
- [ -e /var/run/starter.pid ] && exit
-
- /usr/sbin/ipsec _showstatus start
-
- # stuff the dnsmasq cache in case dns is on our own subnet
- for peer in `grep left= /etc/ipsec.conf | \
- cut -f 1 -d% | cut -f 2 -d=` ; do
- ping -c 1 $peer > /dev/null 2>&1
- done
-
- /usr/sbin/ipsec start || exit
-
- # work around broken routing behavior:
- # a route to the local wan segment will appear
- # the need was removed in the patched _updown script
-
- while ! route -n | grep -q ipsec ; do sleep 1 ; done
-
- defint=`route -n | awk '/^0.0.0.0/{print $8}'`
- defnet=`route -n | grep $defint | awk '!/^0.0.0.0/{print $1}'`
- dnmask=`route -n | grep $defint | awk '!/^0.0.0.0/{print $3}'`
- tundev=`route -n | grep $defnet | awk '/ipsec/{print $8}'`
-
- route del -net $defnet netmask $dnmask dev $tundev
-}
-
-
-stop() {
-
- /usr/sbin/ipsec stop 2> /dev/null
-
- # wait until the shutdown actually happens
- while [ -e /var/run/starter.pid ] ; do
- if [ -d /proc/`cat /var/run/starter.pid` ] ; then
- sleep 1
- else
- rm /var/run/starter.pid
- fi
- done
-
- # kill any lingering processes
- while ps auxww | grep -q ipsec | grep -v init.d; do
- kill `ps auxww | grep -v init.d | awk '/\/ipsec\//{print $1}'` 2> /dev/null
- sleep 1
- done
-
- ipsec _showstatus stop
-}
-