diff options
Diffstat (limited to 'package/strongswan/files')
-rw-r--r-- | package/strongswan/files/ipsec.button | 34 | ||||
-rw-r--r-- | package/strongswan/files/ipsec.conf | 34 | ||||
-rw-r--r-- | package/strongswan/files/ipsec.config | 21 | ||||
-rw-r--r-- | package/strongswan/files/ipsec.cron | 2 | ||||
-rw-r--r-- | package/strongswan/files/ipsec.iface | 8 | ||||
-rw-r--r-- | package/strongswan/files/ipsec.init | 101 |
6 files changed, 0 insertions, 200 deletions
diff --git a/package/strongswan/files/ipsec.button b/package/strongswan/files/ipsec.button deleted file mode 100644 index 9bd9023..0000000 --- a/package/strongswan/files/ipsec.button +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/sh - -# snarf the code that loads the config values -# since we also load the functions, might as well save the shell calls -. /etc/init.d/ipsec - -[ -n "$IPSEC_RESET_BUTTON" -a "$BUTTON" = "$IPSEC_RESET_BUTTON" ] || exit - -if [ ! -e /var/run/pluto.pid ] ; then - - [ "$ACTION" = "pressed" ] && start - -else - - if [ "$ACTION" = "pressed" ] ; then - - stop - - elif [ "$ACTION" = "released" ] ; then - - while [ -e /var/run/pluto.pid ] ; do - sleep 1 - done - - while ps auxww | grep ipsec | grep -v grep ; do - sleep 1 - done - - start - - fi - -fi - diff --git a/package/strongswan/files/ipsec.conf b/package/strongswan/files/ipsec.conf deleted file mode 100644 index 8f59008..0000000 --- a/package/strongswan/files/ipsec.conf +++ /dev/null @@ -1,34 +0,0 @@ - -version 2.0 - -config setup - interfaces=%defaultroute - nat_traversal=yes # required on both ends - uniqueids=yes # makes sense on client, not server - hidetos=no - -conn %default - authby=rsasig - keyingtries=3 - keyexchange=ike - left=%defaultroute - leftrsasigkey=%cert - rightrsasigkey=%cert - dpdtimeout=30 # keepalive must arrive within - dpddelay=5 # secs before keepalives start - compress=no # breaks double nat installations - pfs=yes - -conn sample - leftca=%same - leftcert=my.certificate.crt - leftsourceip=192.168.10.1 - leftsubnet=192.168.10.0/24 - right=my.vpn.concentrator.net. - rightca=%same - rightid="C=??, ST=??, O=??, OU=??, CN=my.vpn.concentrator.net, E=root@concentrator.net" - rightsourceip=192.168.11.1 - rightsubnet=192.168.11.0/24 - dpdaction=hold - auto=start - diff --git a/package/strongswan/files/ipsec.config b/package/strongswan/files/ipsec.config deleted file mode 100644 index b4865e4..0000000 --- a/package/strongswan/files/ipsec.config +++ /dev/null @@ -1,21 +0,0 @@ - -# Configure button/light behavior here. -config device - option reset_button ses - option status_start ses_orange - option status_valid ses_white - -# iptables setup for traffic to/from this host -config filter - option rule_in input_rule - option dest_in ACCEPT - option rule_out output_rule - option dest_out ACCEPT - -# iptables setup for traffic to/from another host -config forward - option rule_in forwarding_rule - option dest_in forwarding_vpn_in - option rule_out forwarding_rule - option dest_out forwarding_vpn_out - diff --git a/package/strongswan/files/ipsec.cron b/package/strongswan/files/ipsec.cron deleted file mode 100644 index d8c7dcc..0000000 --- a/package/strongswan/files/ipsec.cron +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -/usr/sbin/ipsec wakeup diff --git a/package/strongswan/files/ipsec.iface b/package/strongswan/files/ipsec.iface deleted file mode 100644 index 0716bf7..0000000 --- a/package/strongswan/files/ipsec.iface +++ /dev/null @@ -1,8 +0,0 @@ -NAME=ipsec -CTLFILE="/var/run/pluto.ctl" - -[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] || exit - -[ -e "$CTLFILE" ] || exit - -/etc/init.d/ipsec update diff --git a/package/strongswan/files/ipsec.init b/package/strongswan/files/ipsec.init deleted file mode 100644 index 4e8b8a2..0000000 --- a/package/strongswan/files/ipsec.init +++ /dev/null @@ -1,101 +0,0 @@ -#!/bin/sh /etc/rc.common - -START=65 - -config_cb() { - local cfg="$CONFIG_SECTION" - local cfgt - config_get cfgt "$cfg" TYPE - - case "$cfgt" in - device) - config_get IPSEC_RESET_BUTTON $cfg reset_button - config_get IPSEC_STATUS_LED_START $cfg status_start - config_get IPSEC_STATUS_LED_VALID $cfg status_valid - ;; - filter) - config_get IPSEC_UPDOWN_RULE_IN $cfg rule_in - config_get IPSEC_UPDOWN_DEST_IN $cfg dest_in - config_get IPSEC_UPDOWN_RULE_OUT $cfg rule_out - config_get IPSEC_UPDOWN_DEST_OUT $cfg dest_out - ;; - forward) - config_get IPSEC_UPDOWN_FWD_RULE_IN $cfg rule_in - config_get IPSEC_UPDOWN_FWD_DEST_IN $cfg dest_in - config_get IPSEC_UPDOWN_FWD_RULE_OUT $cfg rule_out - config_get IPSEC_UPDOWN_FWD_DEST_OUT $cfg dest_out - ;; - *) - ;; - esac -} - -config_load ipsec - -export IPSEC_RESET_BUTTON -export IPSEC_STATUS_LED_START -export IPSEC_STATUS_LED_VALID - -export IPSEC_UPDOWN_RULE_IN -export IPSEC_UPDOWN_DEST_IN -export IPSEC_UPDOWN_RULE_OUT -export IPSEC_UPDOWN_DEST_OUT - -export IPSEC_UPDOWN_FWD_RULE_IN -export IPSEC_UPDOWN_FWD_DEST_IN -export IPSEC_UPDOWN_FWD_RULE_OUT -export IPSEC_UPDOWN_FWD_DEST_OUT - - -start() { - - [ -f /etc/ipsec.conf ] || exit - [ -e /var/run/starter.pid ] && exit - - /usr/sbin/ipsec _showstatus start - - # stuff the dnsmasq cache in case dns is on our own subnet - for peer in `grep left= /etc/ipsec.conf | \ - cut -f 1 -d% | cut -f 2 -d=` ; do - ping -c 1 $peer > /dev/null 2>&1 - done - - /usr/sbin/ipsec start || exit - - # work around broken routing behavior: - # a route to the local wan segment will appear - # the need was removed in the patched _updown script - - while ! route -n | grep -q ipsec ; do sleep 1 ; done - - defint=`route -n | awk '/^0.0.0.0/{print $8}'` - defnet=`route -n | grep $defint | awk '!/^0.0.0.0/{print $1}'` - dnmask=`route -n | grep $defint | awk '!/^0.0.0.0/{print $3}'` - tundev=`route -n | grep $defnet | awk '/ipsec/{print $8}'` - - route del -net $defnet netmask $dnmask dev $tundev -} - - -stop() { - - /usr/sbin/ipsec stop 2> /dev/null - - # wait until the shutdown actually happens - while [ -e /var/run/starter.pid ] ; do - if [ -d /proc/`cat /var/run/starter.pid` ] ; then - sleep 1 - else - rm /var/run/starter.pid - fi - done - - # kill any lingering processes - while ps auxww | grep -q ipsec | grep -v init.d; do - kill `ps auxww | grep -v init.d | awk '/\/ipsec\//{print $1}'` 2> /dev/null - sleep 1 - done - - ipsec _showstatus stop -} - |